Netifera
Description
What is Netifera?
Netifera is a network scanner capable of passive scanning (scan of a pcap file, live network sniffing) as well as active scanning (entity port scan). It enables to identify hosts on the network.
Architecture in a nutshell
Here is the way objects are organized within Netifera:
- A workspace is the global container.
- This latest is divided into spaces to enable the isolation of netblocks.
- Each space contains entities (hosts, hardware, ...) detected by the sniffer
Installation
Installation of Netifera
$ cd /data/src/ $ wget http://netifera.com/download/netifera-1.0-linux.gtk.x86.zip $ unzip netifera-1.0-linux.gtk.x86.zip $ mkdir -p /pentest/scanners/ $ mv netifera /pentest/scanners/
Installation of the backdoor
For Netifera to be able to sniff, you need to install the backdoor. To install it, run:
$ cd /pentest/scanners/netifera/ $ sudo ./backdoor_install.sh
To be able to sniff, you usually need root privileges. This backdoor has been developed to enable sniffing without starting Netifera as root.
Usage
Start netifera
$ cd /pentest/scanners/netifera/ $ ./netifera
Interface
Menu
- File
- New Space: Create a new space (add a tab in the existing workspace)
- Open Space: Load list of existing spaces
- Open WorkSpace: Popup a window with the list of existing workspaces
- New Workspace: Popup a window with a form enabling to name the workspace to create
- Exit: Quit the application
- Window
- Preferences: Open preferences window (terminal buffer lines, serial timeout, network timeout)
- Open View
- Tasks: Load the Tasks view
- Other: Popup a window with list of views
- Open Perspective: Popup a window with the list of existing perspectives (default: Sniffing, Tools)
- Other: Popup a window with the list of existing perspectives
- Show Perspective: Same as open perspectives
- Reset Perspective: Resets perspectives to default
- Close Perspective: Close currently active perspective
- Close All Perspectives: Close all opened perspectives
- Show View Menu
- Help
- About: Show splash screen with installed version
Toolbars
Tools toolbar (top left)
This toolbar is shown when the Tools perspective is loaded.
The top left toolbar enables to:
- Add a new space
- Open an existing workspace
- Create a new workspace
- Manually add new entities to a space, using the input field. The input bar understands inputs in the following formats:
- IP address: e.g. 192.168.100.1
- Netblock in CIDR notation: 192.168.100.0/24
- HTTP URLs: http://www.aldeid.com/
- Email address: [email protected]
- Domain: .aldeid.com
Sniffing toolbar (top left)
This toolbar is shown when the Sniffing perspective is loaded.
Icons on this toolbar enable to:
- Create a new space
- Open an existing workspace
- Create a new workspace
- Stop a live capture
- Start a live capture
- Configure sniffing service
- Open a packet capture file (*.pcap file)
Options available in the sniffer configuration:
- Network interfaces: Select the interfaces to use for the capture
- Sniffing modules:
- DNS Sniffer
- Passive OS fingerprinting
- HTTP Sniffer
- ARP Information Gathering
- Passive Service Detector
Perspective toolbar (top right)
This toolbar enables to switch between perspectives. Two default perspectives are loaded:
- Tools
- Sniffing
Other tools (bottom left)
The icons in this toolbars are:
- Fast view: enable to change current view
- Console: display log/debugging window
- Probe list: display list of probes
- Space list: display list of spaces
Memory (bottom right)
Netifera is developed in Java and is launched with a limited amount of memory. This indicator shows live memory usage. To reset the memory stack, click on the trash icon.
Space
This shows the spaces that have been created (tabs). On each space, the list of entities is displayed.
By moving the mouse over an entity, a menu is displayed:
- Reverse DNS Lookup
- Discover TCP Services
- Discover UDP Services
- Create netblock */16
- Create netblock */24
This menu also contains icons to:
- Scan common TCP/UDP ports
- Add a tag
- Remove the entity from the space
Tasks
By clicking on options from the entity menu, it executes tasks.
For each task, there is a progress bar as well as a task output in this view.