Risk Scoring¶
NOVA computes a 0β100 security score and a list of human-readable findings for every WiFi network and LAN host.
Score interpretation¶
| Range | Label | Colour |
|---|---|---|
| 0β30 | Critical | π΄ Red |
| 31β55 | High | π Orange |
| 56β70 | Medium | π‘ Yellow |
| 71β85 | Low | π’ Green |
| 86β100 | Secure | π Bright Green |
Finding severity levels¶
Each finding has one of five levels:
| Level | Meaning |
|---|---|
| Info | Purely informational β no immediate action required |
| Low | Minor concern β worth noting |
| Medium | Notable issue β should be reviewed |
| High | Serious vulnerability β prioritise remediation |
| Critical | Severe / immediate risk β act now |
WiFi network scoring¶
Starts at 100. Deductions applied per finding:
| Finding | Deduction | Level |
|---|---|---|
| No encryption (open network) | β60 | Critical |
| WEP encryption | β55 | Critical |
| WPA (TKIP) β deprecated | β30 | High |
| WPA2 with no WPA3 | β5 | Low |
| WPA3 present | 0 | β |
LAN host scoring¶
Starts at 100. Deductions depend on open ports and findings:
| Finding | Deduction | Level |
|---|---|---|
| Critical-level port open (Telnet, SMB, Redisβ¦) | β25 each (capped) | Critical |
| High-level port open (RDP, UPnP, NFSβ¦) | β15 each (capped) | High |
| Medium-level port open (MySQL, SMTPβ¦) | β8 each | Medium |
| Low-level port open (HTTP, DNSβ¦) | β3 each | Low |
| Unknown MAC vendor | β5 | Low |
| Router/gateway detected with dangerous ports | β10 | High |
Deep scan host analysis¶
When a Deep Scan completes, AnalyseHostDeep runs an extended analysis on top of the standard port-based scoring:
| Finding | Level | Condition |
|---|---|---|
| Mobile hotspot / router | Info | Default gateway + Linux OS + β€ 4 open TCP ports |
| Web admin panel exposed | Medium | HTTP/HTTPS open on non-standard port (8080, 8443, etc.) |
| SSL certificate expiry / hostname mismatch | Medium | Detected via ssl-cert NSE script output |
| SNMP publicly readable | High | Port 161/UDP open (community string public) |
| UPnP exposed | High | Port 1900/UDP open |
| TR-069 (CWMP) management port exposed | High | Port 7547 open (ISP remote management protocol) |
| Outdated SSH version | Medium | SSH-1.x detected in banner |
| Router firmware keyword identified | Info | Service banner matches OpenWrt, DD-WRT, RouterOS, etc. |
Data flow¶
wifi.Network / scanner.Host
β
βΌ
risk.AnalyseNetwork()
risk.AnalyseHost()
β
βΌ
[]Finding + Score (0β100)
β
βΌ
ui.viewWiFi / ui.viewHostDetail
scanner.DeepScanResult (Host with full ports, OS, scripts)
β
βΌ
risk.AnalyseHostDeep()
β
βΌ
[]Finding (extended) + Score (0β100)
β
βΌ
ui.viewDeepScan
The risk package has no side effects β it is a pure function that takes scan data and returns findings. It never modifies the network, opens connections, or writes files.