Passive Asset Detection System (PADS)
PADS (Passive Asset Detection System) networkü dinleyip hangi host’ların ve servislerin çalıştığını imza tabanlı olarak pasif modda tespit eder.Bu uygulama pasif modda sniffer olarak çalışmasından dolayı network’de görünmez ve aktif olarak ağa bir paket göndermez. IDS ve Firewall tarafından tespit edilmesi imkansızdır (promiscuos moda geçmediği sürece)
root@ubuntucuk:~# pads -h
pads – Passive Asset Detection System
v1.2 – 06/17/05
Matt Shelton
Usage:
-c : Read configuration from .
-d : Dump banner packets to a libpcap formatted file.
-D : Run PADS in the background (daemon mode).
-g : Drop privileges to this group.
-h : Help
-i : Listen on . The lowest number interface
will be used if an interface isn’t specified.
-n : Reads in a comma seperated list of networks
to be monitored.
ex. -n “192.168.0.0/24,10.0.0.0/16″
-p : PID file used with daemon mode.
-r : Read packets from a libpcap formatted file.
-u : Drop privileges to this user.
-v : Verbose
-V : Version
-w : Dump data into file other than assets.csv.
Additional arguments will be processed as a libpcap filter. For example,
the following command will not only use interface hme1 but will also only
search for assets on port 22:
pads -i hme1 port 22
Bir kaç örnek uygulama;
WEB Servislerinin tespiti
root@ubuntucuk:~# pads -i eth0 port 80
pads – Passive Asset Detection System
v1.2 – 06/17/05
Matt Shelton
[-] Filter: port 80
[-] Listening on interface eth0
[*] Asset Found: Port – 80 / Host – 78.186.248.166 / Service – www / Application -
Read more
