Passifist is a tool for passive network discovery. It could be used for a number of different things, but was mainly written to discover hosts without actively probing a network. The tool analyzes broadcast traffic and has a plugin architecture through which it dissects and reports services found.

Information like SQL servers or Terminal servers in the network can be determined simply by analyzing SMB broadcasts packets. The TFTP plugin can identify broadcasting Cisco routers and the IPX plugin dissects IPX-SAP traffic.


Passifist has been tested on various Linux distributions, on FreeBSD, OpenBSD and on Sun Solaris. It may or may not run on any other libpcap-aware platform.
The inital version has support for the following protocols/plugins:

CDP – Cisco Discovery Protocol
CIM – Compaq Insight Manager
HSRP – Hot Standby Routing Protocol
IPX – The IPX protocol
NETOP – Netop Remote Control
SMB – SMB and Netbios
TFTP – Trivial File Transfer Protocol
MSOFFXMAC – Microsoft Office X for Macintosh
The results can be stored using the following storage providers:
TXT – Text file
ADVTXT – A separate logfile is created for each protocol
MYSQL – MySQL RDBMS
MSSQL – MS Sql Server RDBMS
GENSQL – Generic SQL script provider


This is yet another tool written in my sparetime where focus has been on functionality rather than on security.


That said please let me know of any security related conditions or other bugs you find in the code. patrik@cqure.net


Changes



1.0.0 -> 1.0.1 fixes problem building pcap filter
1.0.1 -> 1.0.4 numerous bugfixes
1.0.4 -> 1.0.6 numerous bugfixes and improvements
1.0.6 -> 1.0.8 updated mssql code. Added Office X dissesector


Download passifist_src_1.0.8.tgz