Passive Asset Detection System (PADS)
PADS (Passive Asset Detection System) networkü dinleyip hangi host’ların ve servislerin çalıştığını imza tabanlı olarak pasif modda tespit eder.Bu uygulama pasif modda sniffer olarak çalışmasından dolayı network’de görünmez ve aktif olarak ağa bir paket göndermez. IDS ve Firewall tarafından tespit edilmesi imkansızdır (promiscuos moda geçmediği sürece)
root@ubuntucuk:~# pads -h
pads – Passive Asset Detection System
v1.2 – 06/17/05
Matt Shelton
Usage:
-c : Read configuration from .
-d : Dump banner packets to a libpcap formatted file.
-D : Run PADS in the background (daemon mode).
-g : Drop privileges to this group.
-h : Help
-i : Listen on . The lowest number interface
will be used if an interface isn’t specified.
-n : Reads in a comma seperated list of networks
to be monitored.
ex. -n “192.168.0.0/24,10.0.0.0/16”
-p : PID file used with daemon mode.
-r : Read packets from a libpcap formatted file.
-u : Drop privileges to this user.
-v : Verbose
-V : Version
-w : Dump data into file other than assets.csv.
Additional arguments will be processed as a libpcap filter. For example,
the following command will not only use interface hme1 but will also only
search for assets on port 22:
pads -i hme1 port 22
Bir kaç örnek uygulama;
WEB Servislerinin tespiti
root@ubuntucuk:~# pads -i eth0 port 80
pads – Passive Asset Detection System
v1.2 – 06/17/05
Matt Shelton
[-] Filter: port 80
[-] Listening on interface eth0
[*] Asset Found: Port – 80 / Host – 78.186.248.166 / Service – www / Application –
lighttpd/1.4.25
[*] Asset Found: Port – 80 / Host – 88.255.190.84 / Service – www / Application – lighttpd/1.4.21
[*] Asset Found: Port – 80 / Host – 209.85.227.138 / Service – www / Application – Golfe
^C
[-] 4985 Packets Received
[-] 0 Packets Dropped by Software
[-] 0 Packets Dropped by Interface
SSH Servislerinin tespiti (port 22 veya port 1111 )
root@ubuntucuk:~# pads -i eth0 port 22 or port 1111
pads – Passive Asset Detection System
v1.2 – 06/17/05
Matt Shelton
[-] Processing Existing assets.csv
[-] Filter: port 22 or port 1111
[-] Listening on interface eth0
[*] Asset Found: Port – 1111 / Host – 88.250.111.22 / Service – ssh / Application – Protocol 2.0)
[*] Asset Found: Port – 22 / Host – 192.168.5.77 / Service – ssh / Application – Protocol 2.0)
^C
[-] 177 Packets Received
[-] 0 Packets Dropped by Software
[-] 0 Packets Dropped by Interface
[-] Closing PCAP Connection
Detaylı rapor almak için pads-report text rapor modülünü kullanabilirsiniz.
root@ubuntucuk:~# pads-report
pads-report – PADS Text Reporting Module
1.2 – 06/17/05
Matt Shelton
1 ——————————————————
IP: 188.124.8.106
DNS: cehturkiye.com
Port Service Application
80 www 6.0
2 ——————————————————
IP: 88.250.11.22
DNS: dsl88-11-5058.ttnet.net.tr
Port Service Application
1111 ssh Protocol 2.0)
3 ——————————————————
IP: 68.186.248.11
DNS: dsl68.186-54.ttnet.net.tr
Port Service Application
80 www lighttpd/1.4.25
Network analizi için aktif sistemlere yardımcı bir araç, oldukça kullanışlı.