prads: Passive Real-time Asset Detection System – Penetration Testing

prads.pl – inspired by passive.sourceforge.net, http://ift.tt/2wqwt8e and others…

Is a `Passive Real-time Asset Detection System`. It passively listen to network traffic and gathers information on hosts and services it sees on the network. This information can be used to map your network, letting you know what services and hosts are alive/used, or can be used together with your favorite IDS/IPS setup for “event to host/service” correlation.

Features

PRADS is under development, but it currently includes:

* OS fingerprinting, both SYN and SYN+ACK (IP/TCP) (Compatible with p0f fingerprints)
* TCP service fingerprinting (Signatures from/compatible with pads)
* TCP discovery of hosts (SYN and SYN+ACK)
* UDP discovery of hosts
* UDP OS fingerprinting
* ARP discovery of hosts
* MAC vendor fingerprinting (from ARP data)
* ICMP discovery of host
* ICMP OS fingerprinting
* perl DBI support (sqlite (default), MySQL, PostgreSQL, Oracle, MSSQL…)
* Daemon mode
* Some packet statistics (received,dropped,drop-rate and dropped by interface)

Installation

#### PRADS INSTALL

# apt-get install prads

### or, from source

## dependencies
libpcap0.8 (>= 0.9.8), libpcre3 (>= 8.10), libresolv

# On an Ubuntu system:
$ sudo apt-get install rst2man libpcap0.8-dev libpcre3-dev
$ git clone git://github.com/gamelinux/prads.git
$ cd prads
$ make
$ sudo make install

# On a FreeBSD system (C version)
$ pkg_add -r pcre git gmake py26-docutils
$ git clone git://github.com/gamelinux/prads.git
$ cd prads
$ gmake

*Note: Installer doesn’t work on FreeBSD, so manually copy, or symlink, the binary and config files.

### Compile-time options
remember to `make clean` first!

## Static install
$ make static

## Build with debug options
$ make debug

## Profiling prads
$ make profile

## use perftools faster malloc
$ make TCMALLOC=y

## Profile with perftools
$ make TCMALLOC=y PPROF=y debug

## the newest, fastest libpcap into prads
$ git clone git://bpf.tcpdump.org/libpcap
$ cd libpcap && ./configure –disable-dbus && make -j2 && cd ..
$ make PCAPDIR=libpcap

*Note* that prads will now always look for libpcap in that directory!

Source: http://ift.tt/2f0w3MX

The post prads: Passive Real-time Asset Detection System appeared first on Penetration Testing.

http://ift.tt/2vg45XV SOURCE FONTE … Page http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s