[tomudding]

Scanning the LAN through your browser is nothing new. JS-Recon from AnD Labs [0] is a tool from 2010 that could do it. I have seen eBay [1], Facebook [2], and Halifax [3] do it too, albeit for other reasons than scanning for outdated devices (fraud/loss prevention). LexisNexis' ThreatMetrix [4] is commonly used to do this.

Please note that this is a copy of a comment I made 2 years ago and I have not tested the links to see if they are still correct.

[0]: https://web.archive.org/web/20101128053633/http://www.andlab...

[1]: https://forum.ultravnc.net/viewtopic.php?f=7&t=33509

[2]: https://www.reddit.com/r/AskNetsec/comments/4j0nas/why_is_fa...

[3]: https://www.theregister.com/2018/08/07/halifax_bank_ports_sc...

[4]: https://risk.lexisnexis.com/products/threatmetrix

[howdydoo]

[3] is pretty insane. They have to scan my network to check for malware... does that mean I can scan their network to check for malware?