@@ -5,13 +5,18 @@ Network security sniffer for finding vulnerabilities in the network. Designed fo
55![ ] ( /banner/banner.png )
66
77```
8- Above: Invisible network protocol sniffer
9- Designed for pentesters and security engineers
10-
11- Author: Mahama Bazarov, <mahamabazarov@mailbox.org>
12- Pseudonym: Caster
13- Version: 2.8
14- Codename: Rubens Barrichello
8+ ___ __
9+ / | / /_ ____ _ _____
10+ / /| | / __ \/ __ \ | / / _ \
11+ / ___ |/ /_/ / /_/ / |/ / __/
12+ /_/ |_/_.___/\____/|___/\___/
13+
14+ Above: Network Security Sniffer
15+ Developer: Mahama Bazarov (Caster)
16+ Contact: mahamabazarov@mailbox.org
17+ Version: 2.8.1
18+ Codename: Rubens Barrichello
19+ Documentation & Usage: https://github.com/caster0x00/Above
1520```
1621
1722# Disclaimer
@@ -164,49 +169,29 @@ Example:
164169
165170``` bash
166171caster@kali:~ $ sudo above --interface eth0 --timer 120
167-
168- ___ _
169- / _ \| |
170- / /_\ \ | __ _____ _____
171- | _ | ' _ \ / _ \ \ / / _ \
172- | | | | |_) | (_) \ V / __/
173- \_| |_/_.__/ \___/ \_/ \___|
174-
175- Invisible network protocol sniffer. Designed for security engineers
176-
177- Author: Mahama Bazarov, <mahamabazarov@mailbox.org>
178- Alias: Caster
179- Version: 2.8
172+ ___ __
173+ / | / /_ ____ _ _____
174+ / /| | / __ \/ __ \ | / / _ \
175+ / ___ | / /_/ / /_/ / | / / __/
176+ /_/ | _/_.___/\_ ___/| ___/\_ __/
177+
178+ Above: Network Security Sniffer
179+ Developer: Mahama Bazarov (Caster)
180+ Contact: mahamabazarov@mailbox.org
181+ Version: 2.8.1
180182 Codename: Rubens Barrichello
183+ Documentation & Usage: https://github.com/caster0x00/Above
181184
182- [!] Above does NOT perform MITM or credential capture. Passive analysis only
183- [!] Unauthorized use in third-party networks may violate local laws
184- [!] The developer assumes NO liability for improper or illegal use
185-
186- [*] OUI Database Loaded. Entries: 36858
187- -----------------------------------------------------------------------------------------
188- [+] Start sniffing...
185+ [* ] Start Sniffing
189186
190- [*] After the protocol is detected - all necessary information about it will be displayed
191- ==============================
192187[+] Detected STP Frame
193188[* ] Attack Impact: Partial MITM
194189[* ] Tools: Yersinia, Scapy
195- [*] STP Root Switch MAC: 78:9a:18:4d:55:63
190+ [* ] STP Root Switch MAC: 00:11:22:33:44:55
196191[* ] STP Root ID: 32768
197192[* ] STP Root Path Cost: 0
198- [*] Mitigation: Enable BPDU Guard
193+ [* ] Mitigation: Enable BPDU Guard or Portfast
199194[* ] Vendor: Routerboard.com
200- ==============================
201- [+] Detected MDNS Packet
202- [*] Attack Impact: MDNS Spoofing, Credentials Interception
203- [*] Tools: Responder
204- [*] MDNS Spoofing works specifically against Windows machines
205- [*] You cannot get NetNTLMv2-SSP from Apple devices
206- [*] MDNS Speaker IP: 10.10.100.252
207- [*] MDNS Speaker MAC: 02:10:de:64:f2:34
208- [*] Mitigation: Monitor mDNS traffic, this protocol can' t just be turned off
209- [* ] Vendor: Unknown Vendor
210195```
211196
212197If you need to record the sniffed traffic, use the ` --output ` argument
@@ -221,33 +206,38 @@ caster@kali:~$ sudo above --interface eth0 --timer 120 --output above.pcap
221206If you already have some recorded traffic, you can use the ` --input ` argument to look for potential security issues
222207
223208``` bash
224- caster@kali:~ $ above --input ospf-md5 .cap
209+ caster@kali:~ $ above --input hsrp .cap
225210```
226211
227212Example:
228213
229214``` bash
230- caster@kali:~ $ sudo above --input dopamine.cap
231-
232- [* ] OUI Database Loaded. Entries: 36858
233- [+] Analyzing pcap file...
234-
235- ==============================
236- [+] Detected DHCP Discovery
237- [* ] DHCP Discovery can lead to unauthorized network configuration
238- [* ] DHCP Client IP: 0.0.0.0 (Broadcast)
239- [* ] DHCP Speaker MAC: 00:11:5a:c6:1f:ea
240- [* ] Mitigation: Use DHCP Snooping
241- [* ] Vendor: Ivoclar Vivadent AG
242- ==============================
243- [+] Detected HSRPv2 Packet
244- [* ] Attack Impact: MITM
245- [* ] Tools: Loki
246- [! ] HSRPv2 has not yet been implemented in Scapy
247- [! ] Check priority and state manually using Wireshark
248- [! ] If the Active Router priority is less than 255 and you were able to break MD5 authentication, you can do a MITM
249- [* ] HSRPv2 Speaker MAC: 00:00:0c:9f:f0:01
250- [* ] HSRPv2 Speaker IP: 10.0.0.10
215+ caster@kali:~ $ sudo above --input hsrp.cap
216+ ___ __
217+ / | / /_ ____ _ _____
218+ / /| | / __ \/ __ \ | / / _ \
219+ / ___ | / /_/ / /_/ / | / / __/
220+ /_/ | _/_.___/\_ ___/| ___/\_ __/
221+
222+ Above: Network Security Sniffer
223+ Developer: Mahama Bazarov (Caster)
224+ Contact: mahamabazarov@mailbox.org
225+ Version: 2.8.1
226+ Codename: Rubens Barrichello
227+ Documentation & Usage: https://github.com/caster0x00/Above
228+
229+ [+] Analyzing pcap file...
230+
231+
232+ [+] Detected HSRP Packet
233+ [* ] HSRP Active Router Priority: 90
234+ [+] Attack Impact: MITM
235+ [* ] Tools: Loki, Scapy, Yersinia
236+ [* ] HSRP Group Number: 10
237+ [+] HSRP Virtual IP Address: 10.28.168.254
238+ [* ] HSRP Sender IP: 10.28.168.253
239+ [* ] HSRP Sender MAC: 00:00:0c:07:ac:0a
240+ [! ] Authentication: Plaintext Phrase: cisco
251241[* ] Mitigation: Priority 255, Authentication, Extended ACL
252242[* ] Vendor: Cisco Systems
253243```
@@ -356,8 +346,7 @@ Copyright (c) 2025 Mahama Bazarov. This project is licensed under the Apache 2.0
356346
357347# Outro
358348
359- When I create this instrument, I am inspired by the track KOAN Sound - View From Above (VIP )
360- This track was everything to me when I was working on this tool.
349+ If you have any suggestions or find any bugs, feel free to create issues in the repository or contact me: [ mahamabazarov@mailbox.org ] ( mailto:mahamabazarov@mailbox.org )
350+
361351
362- ---
363352
0 commit comments