By day I am an IDS analyst for a managed security provider. One of the challenges I face on a daily basis is the inability to obtain customer asset data, particularly with the larger customers. This information is critical not only for analysis but also device placement and tuning.
Many IDS deployments consist of a device with two interfaces. One interface contains a promiscuous link to a remote network and the other link is for management and lives in the DMZ. This makes active network scanners, like nmap, useless because the IDS team does not have anything but a one way link into the network. They can only listen to traffic, not produce anything.
Pads was developed to solve this problem. It is modeled after my favorite scanning tool nmap, specifically the .-sV. option. Unlike nmap, it will not generate any traffic while mapping the network. Unfortunately, this method is potentially less accurate than active scanning but is often necessary in an IDS environment.
As mentioned earlier, I am an IDS analyst by day. I see programming as a tool to aid me in my job. This project was developed outside of work since I do not get paid to code. It was written to fulfill a need for me. Hopefully others within the community will also get the chance to benefit from it.
10.0.0.83,22,6,ssh,OpenSSH 3.8.1 (Protocol 2.0),1092511226
10.0.0.85,22,6,ssh,OpenSSH 3.5p1 (Protocol 1.99),1092511282
10.0.0.83,80,6,www,Apache 1.3.31 (Unix),1092511493