🧪 Alpha
Things are still being wired together. Your feedback helps!
Drift is a command-line tool that gives you confidence to change your network configuration and firewall rules, knowing you’ll be alerted if your network drifts from its desired state. By comparing the actual network state to your declared state, Drift detects issues like unknown devices or unexpected subnet access, helping you maintain network integrity.
Install
curl -sSL https://raw.githubusercontent.com/hojmark/drift/refs/heads/main/install.sh | bashIf Drift is already installed, it will be updated to the latest version.
Then run
# Create a network spec using auto-discovery
drift init
# Scan and detect drift
drift scan -iImportant
If script execution is blocked, run powershell.exe -ExecutionPolicy Unrestricted before running the install command.
Install
irm https://raw.githubusercontent.com/hojmark/drift/refs/heads/main/install.ps1 | iexIf Drift is already installed, it will be updated to the latest version.
Then run
# Create a network spec using auto-discovery
drift init
# Scan and detect drift
drift scan -i# Scan the host network
docker run -it --rm --network host docker.io/hojmark/drift scan -i-
🕵️ Drift Detection
Detect mismatches between your declared and actual network state. -
📄 Declarative
Define your intended state in YAML. Generate a spec from your live network to get started quickly. -
📡 Network Discovery
Automatically detect devices and services, then use that information to define your desired state. Discover IP addresses, MAC addresses, and open ports. -
🧱 Subnet Access Detection (coming soon)
Detects whether access between subnets is possible, highlighting potential firewall rule issues. -
📦 CLI
Manage everything from the command line — interactively or in scripts — with multiple output formats. -
🌍 Distributed Scanning (coming soon)
Deploy agents across subnets for complete network visibility. -
🔁 Continuous Monitoring (coming soon)
Automate scans and receive alerts when drift is detected. -
🛜 Wi-Fi Scanning (coming soon)
Detect Wi-Fi networks and their properties — including SSID, BSSID, signal strength, and encryption type — and use that information to define your desired state.
Use --help on each command to explore functionality.
A user settings file can be created at ~/.config/drift/settings.json.
JSON Schemas are available to enable editor auto-completion and validation:
- **Network spec schema
**
Add theyaml-language-servercomment at the top of your spec file:# yaml-language-server: $schema=https://raw.githubusercontent.com/hojmark/drift/refs/heads/main/src/Spec/embedded_resources/schemas/drift-spec-v1-preview.schema.json network: ...
- **User settings schema
**
Add the$schemaproperty at the top of your settings file:{ "$schema": "https://raw.githubusercontent.com/hojmark/drift/refs/heads/main/src/Cli.Settings/embedded_resources/schemas/drift-settings-v1-preview.schema.json", ... }
There’s no official documentation site yet — if you run into trouble, feel free to open a discussion.
Drift can automatically discover devices (MAC, IPv4, hostname), open ports, and subnets. Due to the massive size of the IPv6 address space, full IPv6 scanning isn’t feasible. However, you can still manually define IPv6 addresses for your known devices.
Yes! That’s exactly what I built it for. I'd love your feedback if you think anything could be improved. Being in alpha, I'm sure there's quite a bit!
Probably! But I’d love to hear what you think.
Heads-up: make sure it's okay that you scan your company's network — it could trigger intrusion detection systems.
Awesome! Please open an issue and I’ll make sure to consider it.
Oops! Mind opening an issue, so I can take a look?