Automic VaultAutomic Vault

brew

Install arp-scan with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

ARP scanning and fingerprinting tool. Version 1.10.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install arp-scan

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install arp-scan

MacPorts ports tree · net/arp-scan/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add arp-scan

Alpine Linux edge package indexes · arp-scan · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install arp-scan

Debian stable package indexes · arp-scan · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install arp-scan

Fedora Rawhide package metadata · arp-scan · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#arp-scan

nixpkgs package indexes · pkgs/by-name/ar/arp-scan/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S arp-scan

Arch Linux sync databases · arp-scan · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install arp-scan

openSUSE Tumbleweed package metadata · arp-scan · source: download.opensuse.org

overview

Package summary

ARP scanning and fingerprinting tool

Commands and aliases

  • arp-fingerprint
  • arp-scan
  • get-iab
  • get-oui

history

Project history and usage

arp-scan is a C network scanning tool that discovers and fingerprints IPv4 hosts on a local network using ARP. Upstream documents support for Linux, BSD, macOS, and Solaris, and ships the companion commands `arp-fingerprint`, `get-oui`, and `mac-vendor` data handling.

Project history

Roy Hills' upstream changelog records version 1.4 on 2006-06-26 as the first stable public version, after internal versions 1.0 through 1.2 and a 1.3 beta. Early work quickly moved from Linux packet sockets toward portable link-layer support, adding BPF support for BSD and Darwin, Solaris DLPI work, IEEE OUI/IAB update scripts, and packet-generation tests.

The project moved from an internal SVN repository to GitHub in 2013 during the 1.9.2 cycle. That move also changed the development identifiers from increasing SVN revision IDs to Git object hashes and shifted public collaboration toward issues and pull requests.

Later releases kept the old-school Unix toolchain shape, using autoconf/automake, libpcap, manual pages, and text data files, while modernizing around security and portability. The 1.10.0 release added Linux POSIX.1e capability support, flexible output formatting, JSON/XML-format examples, and a consolidated IEEE registry file.

Adoption history

The README explicitly says many distributions provide binary packages and that BSD users may install from ports. The supplied facts show broad package-manager coverage across apk, Homebrew, Debian, Fedora/dnf, MacPorts, Nix, pacman, Ubuntu, and zypper, which matches its role as the canonical packaged ARP LAN scanner.

arp-scan became a package-manager staple because it solves a common administrator problem without requiring IP-layer cooperation: discovering hosts on the local Ethernet segment and mapping MAC prefixes to vendors. It is small enough for scripts, but detailed enough for security inventories, lab networks, appliance discovery, and duplicate-address investigations.

How it is used

The core invocation sends ARP requests on a local link and prints responding IP/MAC/vendor rows. The README points users to `arp-scan --help` and the manual pages for `arp-scan(1)`, `arp-fingerprint(1)`, `get-oui(1)`, and `mac-vendor(5)`.

Packaging details matter because the executable needs raw-packet privileges. Upstream's packager notes ask Linux builders to enable libcap support when possible; `make install` can install `arp-scan` with `CAP_NET_RAW` or fall back to setuid root.

The tool's vendor lookup depends on local IEEE registry-derived files. Upstream has repeatedly updated its OUI/IAB handling as IEEE changed registry formats and URLs, and 1.10.0 moved `mac-vendor.txt` into the system configuration directory so local changes can survive upgrades.

Why package nerds care

arp-scan is the baseline package against which newer ARP scanners are compared. It is also a neat example of why network tools need package metadata beyond a homepage: raw socket privileges, capability installation, bundled data files, manual pages, and helper scripts all affect the package experience.

The name collision with arp-scan-rs is important: both may install an `arp-scan` command, but their upstreams, licenses, implementation languages, option sets, and release histories are distinct.

Timeline

  • 2006: Version 1.4 released as the first stable version.
  • 2007: Version 1.6 released after portability and frame-handling improvements.
  • 2011: Version 1.8 added macOS support and changed license from GPLv2 to GPLv3.
  • 2013: Development moved from internal SVN to GitHub.
  • 2022: Version 1.10.0 added Linux libcap capability support and flexible output formatting.
  • 2025: Changelog shows continuing maintenance and IEEE registry updates.

Related projects

  • arp-scan-rs is a Rust rewrite inspired by arp-scan.
  • libpcap provides packet capture support.
  • libcap enables Linux CAP_NET_RAW packaging.
  • IEEE registry data backs MAC vendor lookups.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 10 platform targets.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
arp-fingerprintcliglobal executable
arp-scancliglobal executable
get-iabcliglobal executable
get-ouicliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.10.0
manager updated
local dataok
upstreamcurrent
latest detected1.10.0

https://github.com/royhills/arp-scan

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:arp-scan
Version1.10.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/arp-scan
Homepagehttps://github.com/royhills/arp-scan
Repositoryhttps://github.com/royhills/arp-scan
Upstream docshttps://github.com/royhills/arp-scan#readme
LicenseGPL-3.0-or-later AND BSD-3-Clause AND ISC
Source archivehttps://github.com/royhills/arp-scan/archive/refs/tags/1.10.0.tar.gz
Build dependenciesautoconf, automake
Uses from macOSlibpcap
Bottleavailable (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namearp-scan
Version Scheme0
Revision0
Head VersionHEAD
Conflicts With
  • arp-scan-rs
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

arp-scan 1.10.0-2+b1

arp scanning and fingerprinting tool

https://github.com/royhills/arp-scan

sudo apt install arp-scan
  • Section: admin
  • Architecture: amd64
  • Source Package: arp-scan
  • 3 dependencies
  • 3 optional deps
  • normalized package name match
  • Matched by: Arp Scan
Debian stable package indexes · deb.debian.org · Debian stable package indexes: arp-scan from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

arp-scan

nix profile install nixpkgs#arp-scan
  • normalized package name match
  • Matched by: Arp Scan
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ar/arp-scan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

arp-scan 1.10.0-2build2

arp scanning and fingerprinting tool

https://github.com/royhills/arp-scan

sudo apt install arp-scan
  • Section: universe/admin
  • Architecture: amd64
  • 3 dependencies
  • 3 optional deps
  • normalized package name match
  • Matched by: Arp Scan
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: arp-scan from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

arp-scan 1.10.0-r2

Address Resolution Protocol (ARP) packet scanner

https://github.com/royhills/arp-scan

sudo apk add arp-scan
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: arp-scan
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Arp Scan
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: arp-scan from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk95%

arp-scan-doc 1.10.0-r2

Address Resolution Protocol (ARP) packet scanner (documentation)

https://github.com/royhills/arp-scan

sudo apk add arp-scan-doc
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: arp-scan
  • normalized package name match
  • Matched by: Arp Scan
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: arp-scan-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
dnf95%

arp-scan 1.10.0-10.fc44

Scanning and fingerprinting tool

https://github.com/royhills/arp-scan

sudo dnf install arp-scan
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: arp-scan
  • 6 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Arp Scan
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: arp-scan from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

arp-scan 1.10.0-5

A tool that uses ARP to discover and fingerprint IP hosts on the local network

https://github.com/royhills/arp-scan

sudo pacman -S arp-scan
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • 2 dependencies
  • 2 optional deps
  • normalized package name match
  • Matched by: Arp Scan
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: arp-scan from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

arp-scan 1.10.0-1.13

ARP scanning and fingerprinting tool

https://github.com/royhills/arp-scan

sudo zypper install arp-scan
  • License: GPL-3.0-only AND LGPL-2.1-only AND ISC
  • Category: Productivity/Networking/Security
  • Architecture: x86_64
  • Source Package: arp-scan
  • 5 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Arp Scan
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: arp-scan from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

arp-scan

sudo port install arp-scan
  • normalized package name match
  • Matched by: Arp Scan
MacPorts ports tree · api.github.com · MacPorts ports tree: net/arp-scan/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment