- Official Site: http://passive.sourceforge.net
- 'pads' is a passive asset detection tool. It will monitor a network interface and report all systems and services it discovers.
- Updated version maintained at http://github.com/gamelinux/pads
- It includes cleaned-up code, and fixed lots of bugs.
user@machine:~$ ./pads -h pads - Passive Asset Detection System v1.2 - 06/17/05 Matt Shelton <firstname.lastname@example.org> Usage: -c <file> : Read configuration from <file>. -d <file> : Dump banner packets to a libpcap formatted file. -D : Run PADS in the background (daemon mode). -g <group> : Drop privileges to this group. -h : Help -i <interface> : Listen on <interface>. The lowest number interface will be used if an interface isn't specified. -n <network> : Reads in a comma seperated list of networks to be monitored. ex. -n "192.168.0.0/24,10.0.0.0/16" -p <file> : PID file used with daemon mode. -r <file> : Read packets from a libpcap formatted file. -u <user> : Drop privileges to this user. -v : Verbose -V : Version -w <file> : Dump data into file other than assets.csv. Additional arguments will be processed as a libpcap filter. For example, the following command will not only use interface hme1 but will also only search for assets on port 22: pads -i hme1 port 22
Additional PADS signatures
# CommuniGate Pro POP3 Server pop3,v/CommuniGate Pro POP3/$1//,OK CommuniGate Pro POP3 Server (.*) ready
# Generic CVSup server cvsup,v/CVSup server///,CVSup server ready
# MySQL sql,v/MySQL/$1//,([3-6]\.[0-1]\.\d\d-\w.+)
# Citrix ICA. Included signature wasn't hitting, this seems to fix it. ica,v/Citrix ICA Protocol///,\x7f\x7ICA\x00
# MS FTP with no version ftp,v/Microsoft FTP Server Unknown Version///,220 Microsoft FTP Service