Skip to content

dreamkinn/babble

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
assets
assets
 
 
babbleutils
babbleutils
 
 
images
images
 
 
README.md
README.md
 
 
babble.py
babble.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Babble - Passive discovery

TL;DR : Passive discovery from broadcast network noise.

screenshot

Babble is a Python script that parses packets of protocols that are common in entreprise LANs. It then logs the hostnames/domains found in a pretty table and in greppable format. The advantages of Babble are the following :

  • Stealth : no network interaction
  • Easily runs in background
  • Supports Linux network interfaces and .pcap files
  • Greppable output easily exploitable with awk

Babble can be useful in early phases of offensive security audits, when the auditors have no foothold but still want to discover domains/hosts/services stealthily.

Installation

Packages :

  • tshark

Python 3 packages :

  • pyshark
  • rich
python -m pip install -r requirements.txt

Usage

babble.py -i eth0
babble.py -f dump.pcapng

# Enable DNS
babble.py -i eth0 -d

# Greppable
babble.py -i eth0 -g

Supported Protocols

  • MDNS
  • BROWSER (over NETBIOS : parsed too)
  • DHCPv6
  • LLDP
  • CDP
  • DNS (default : Disabled)
  • NETBIOS

Don't hesitate to ask support for other relevant protocols

TODO

  • Save data to file, so several captures can be merged

  • CIDR analysis

  • Progress bar for pcap ingestion

  • Last seen column (last time a packet was seen for a given query)

  • Sources : https://www.netresec.com/?page=PcapFiles

About

Python passive host discovery script

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages