Dofler is an automated wall of shame designed for general entertainment at conferences. It has been slowly developed over the last several years to include things such as account carving (via ettercap), image carving (via driftnet), network stats (via some badly hacked up tshark command), and vulnerability sniffing (via Tenable’s very awesome Nessus Network Monitor). All of this data is then aggregated down and presented through an HTML interface.
Dofler got started a few years ago at BSides Chicago (I think it was 2012). It started as a simple ncurses front-end to ettercap in a transparent window with the driftnet window sitting behind it. To say that it was a hit was an understatement. People were trolling the system so heavily, I decided to try to make something a little more scalable.
I originally was going to start by leveraging some of the existing code that people had written for this exact purpose. However after looking around, I noticed that most of the code that was in existance was unmaintained PHP code, and overly complicated hacked together systems. I wanted something that could be easy to deploy, scalable, and entertaining to look at.
The continuing effort of that result is what you see today as Dofler. It’s a Python framework that can be easily extended, supports the ability to have multiple sensors that report back to a single console, and can support a veriety of the database backends. Dofler is very much in active development as well and has undergone several rewrites to help make the code portable and easy to use.
I always welcome any thoughts, suggestions, ideas, code, etc. Please feel free to contact me through any of the mechanisms mentioned on my blog SteveMcGrath.io.