Network scanning architecture orchestrates multi-tool reconnaissance across device discovery, port enumeration, and wireless security checks. User operators submit intents through a Web UI that routes to an Intent Engine, which dispatches commands to Nmap and Scapy tools via a Command Dispatcher and Scan Scheduler. Nmap performs Device Discovery and Port Scanning while Scapy executes ARP Table Inspection, MITM Detection, and WiFi Security Check processes, with outputs aggregated into Discovered Devices, Open Ports, Security Alerts, and a Network Map. This layered architecture separates user interaction, orchestration logic, and scanning execution, enabling scalable network monitoring with centralized alert management and audit logging. Fork this diagram on Diagrams.so to customize tool chains, add additional scanners, or integrate with your SIEM platform. The modular design supports both scheduled scans and real-time threat detection workflows.