Awesome
network-radar
what it is
network-radar
is the native replacement for the old dSploit NetworkDiscovery
.
it's completely written in C, using threads for faster execution and libcares for asynchronous name resolving.
how it works
- send a NetBIOS request to all hosts of your subnet
- listen for ARP and NetBIOS responses
- analyze those packets to learn alive hosts
- search a name for those hosts that do not have one
- monitor found hosts by periodically sending them an ARP request
output format
corrently the output format is very simple. when an host is found the following line is printed.
HOST_ADD { mac: 00:00:00:00:00:00, ip: 0.0.0.0, name: HOSTNAME }
where:
00:00:00:00:00:00
is the Ethernet MAC address of the found host ( or 00:00:00:00:00:00 if unknown )0.0.0.0
is the IP address of the found hostHOSTNAME
is the name for this host ( or an empty string if unknown )
when an host is modified the output is the same except for the first work that changes from HOST_ADD
to HOST_EDIT
.
when an host disappear from the radar the following line get printed:
HOST_DEL { ip: 0.0.0.0 }
where:
0.0.0.0
is the IP address of the disconnected host
TODO
- perform a traceroute to find all gateway between you and internet.
- send NetBIOS requests to all hosts of the found private subnets ( outside your local one )
- monitor found foreign hosts by sending a ping or some other packet
- create a configure script to check libpcap and network headers