v2.5 update

README.md

@@ -22,29 +22,32 @@ Above is a invisible network sniffer for finding vulnerabilities in network equi
 
 ## Supported protocols
 
-Detects up to 17 protocols:
+Detects up to 22 protocols:
 
 ```
 MACSec
+EAPOL
+ARP (Passive ARP)
 CDP (Cisco Discovery Protocol)
 DTP (Dynamic Trunking Protocol)
-802.1Q Tags (VLAN)
 LLDP (Link Layer Discovery Protocol) 
+802.1Q Tags (VLAN)
+STP (Spanning Tree Protocol)
 OSPF (Open Shortest Path First)
 EIGRP (Enhanced Interior Gateway Routing Protocol)
-VRRPv2/v3 (Virtual Router Redundancy Protocol)
-HSRPv1 (Host Standby Redundancy Protocol)
+VRRP (Virtual Router Redundancy Protocol)
+HSRP (Host Standby Redundancy Protocol)
 GLBP (Gateway Load Balancing Protocol)
-STP (Spanning Tree Protocol)
+IGMP (Internet Group Management Protocol)
 LLMNR (Link Local Multicast Name Resolution)
 NBT-NS (NetBIOS Name Service)
 MDNS (Multicast DNS)
+DHCP (Dynamic Host Configuration Protocol)
 DHCPv6 (Dynamic Host Configuration Protocol v6)
+ICMPv6 (Internet Control Message Protocol v6)
 SSDP (Simple Service Discovery Protocol)
 MNDP (MikroTik Neighbor Discovery Protocol)
 ```
-> All protocols are analyzed simultaneously due to the threads design
-
 ## Operating Mechanism
 
 Above works in two modes:
@@ -56,29 +59,25 @@ The tool is very simple in its operation and is driven by arguments:
 
 - Interface: Specifying the network interface on which sniffing will be performed
 - Timer: Time during which traffic analysis will be performed
-- Output pcap: Above will record the listened traffic to pcap file, its name you specify yourself
-- Input pcap: The tool takes an already prepared .pcap as input and looks for protocols in it
+- Output pcap: Above will record the listened traffic to `.pcap` file, its name you specify yourself
+- Input pcap: The tool takes an already prepared `.pcap` as input and looks for protocols in it
+- Passive ARP: Detecting hosts in a segment using Passive ARP
 
 ```
-usage: above [-h] [--interface INTERFACE] [--timer TIMER] [--output-pcap OUTPUT_FILE] [--input-pcap INPUT_FILE]
+usage: above.py [-h] [--interface INTERFACE] [--timer TIMER] [--output-pcap OUTPUT_PCAP] [--input-pcap INPUT_PCAP] [--passive-arp]
 
 options:
   -h, --help            show this help message and exit
   --interface INTERFACE
-                        Specify the interface
-  --timer TIMER         Specify the timer value (seconds)
-  --output-pcap OUTPUT_FILE
-                        Specify the output pcap file to record traffic
-  --input-pcap INPUT_FILE
-                        Specify the input pcap file to analyze traffic
+                        Interface to capture packets on
+  --timer TIMER         Time in seconds to capture packets
+  --output-pcap OUTPUT_PCAP
+                        Output filename for pcap file
+  --input-pcap INPUT_PCAP
+                        Path to the input PCAP file for analysis
+  --passive-arp         Host discovery (Passive ARP)
 ```
 
-
-
-## Traffic Sniffing Demo (Hot mode)
-
-![](/demos/hotmode.gif)
-
 ---
 
 ## Information about protocols
@@ -153,21 +152,10 @@ First, it's worth switching the interface to promiscuous mode
 
 > Above requires root access for sniffing
 
-### Linux
 ```bash
 caster@kali:~$ sudo ip link set eth0 promisc on 
 ```
 
-### macOS
-For Wi-Fi:
-Remember to replace `en1` with your target interface.
-```bash
-/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en1 sniff
-```
-
-For other:
-There is no need to enable promiscuous mode manually for ethernet interfaces, it is done automatically.
-
 Above requires at least an interface and a timer at startup. Choose the timer from your calculations.
 
 ```bash
@@ -190,10 +178,29 @@ caster@kali:~$ above --input-pcap dump.pcap
 
 > WARNING! Above is not designed to work with tunnel interfaces (L3) due to the use of filters for L2 protocols. Tool on tunneled L3 interfaces may not work properly.
 
-## PCAP Analyzing Demo (Cold mode)
+# Passive ARP
+
+The tool can detect hosts without noise in the air by processing ARP frames in passive mode
 
-![](/demos/coldmode.gif)
+```bash
+caster@kali:~$ sudo above --interface eth0 --passive-arp
+
+[+] Host discovery using Passive ARP
+
+┌─────────────────────────────────────┐
+│            Detected Host            │
+├─────────────────────────────────────┤
+│ Host IP Address: 192.168.0.251      │
+│ Host MAC Address: 02:10:de:64:f2:32 │
+└─────────────────────────────────────┘
+┌─────────────────────────────────────┐
+│            Detected Host            │
+├─────────────────────────────────────┤
+│ Host IP Address: 192.168.0.213      │
+│ Host MAC Address: 00:0c:27:7f:2b:c6 │
+└─────────────────────────────────────┘
 
+```
 
 # Outro