PADS

From NSMWiki
Jump to: navigation, search

Background

Usage

user@machine:~$ ./pads -h
pads - Passive Asset Detection System
v1.2 - 06/17/05
Matt Shelton <matt@mattshelton.com>

Usage:
-c <file>      : Read configuration from <file>.
-d <file>      : Dump banner packets to a libpcap formatted file.
-D             : Run PADS in the background (daemon mode).
-g <group>     : Drop privileges to this group.
-h             : Help
-i <interface> : Listen on <interface>.  The lowest number interface
                will be used if an interface isn't specified.
-n <network>   : Reads in a comma seperated list of networks
                to be monitored.
                  ex.  -n "192.168.0.0/24,10.0.0.0/16"
-p <file>      : PID file used with daemon mode.
-r <file>      : Read packets from a libpcap formatted file.
-u <user>      : Drop privileges to this user.
-v             : Verbose
-V             : Version
-w <file>      : Dump data into file other than assets.csv.

Additional arguments will be processed as a libpcap filter.  For example,
the following command will not only use interface hme1 but will also only
search for assets on port 22:

    pads -i hme1 port 22

PADS related links

Additional PADS signatures

 # CommuniGate Pro POP3 Server
 pop3,v/CommuniGate Pro POP3/$1//,OK CommuniGate Pro POP3 Server (.*) ready
 # Generic CVSup server
 cvsup,v/CVSup server///,CVSup server ready
 # MySQL
 sql,v/MySQL/$1//,([3-6]\.[0-1]\.\d\d-\w.+)
 # Citrix ICA. Included signature wasn't hitting, this seems to fix it.
 ica,v/Citrix ICA Protocol///,\x7f\x7ICA\x00
 # MS FTP with no version
 ftp,v/Microsoft FTP Server Unknown Version///,220 Microsoft FTP Service