🧪 Alpha
Things are still being wired together. Your feedback helps!
Drift is a command-line tool that gives you confidence to change your network configuration and firewall rules, knowing you’ll be alerted if your network drifts from its desired state. By comparing the actual network state to your declared state, Drift can detect issues like unknown devices or unexpected subnet access, helping you maintain network integrity.
You can install Drift by either:
-
Downloading the latest release from the Releases page, or
-
Running the installation script:
curl -sSL https://raw.githubusercontent.com/hojmark/drift/refs/heads/main/install.sh | bashℹ️ What does this script do?
It fetches the latest version and puts thedriftbinary into/usr/local/bin. If Drift is already installed, it will be updated to the latest version. For more info see Installation Options - Script, or view the source code.
# Create a network spec using auto-discovery
drift init
# Scan and detect drift
drift scan-
🕵️ Drift Detection
Detect mismatches between your declared and actual network state. -
📄 Declarative
Define your intended state in YAML. Generate a spec from your live network to get started quickly. -
📡 Network Discovery
Automatically detect devices and services, then use that information to define your desired state. Discover IP addresses, MAC addresses, and open ports. -
🧱 Subnet Access Detection (coming soon)
Detects whether access between subnets is possible, highlighting potential firewall rule issues. -
📦 CLI
Manage everything from the command line — interactively or in scripts — with multiple output formats. -
🌍 Distributed Scanning (coming soon)
Deploy agents across subnets for complete network visibility. -
🔁 Continuous Monitoring (coming soon)
Automate scans and receive alerts when drift is detected. -
🛜 Wi-Fi Scanning (coming soon)
Detect Wi-Fi networks and their properties — including SSID, BSSID, signal strength, and encryption type — and use that information to define your desired state.
Drift can automatically discover devices (MAC, IPv4, hostname), open ports, and subnets. Due to the massive size of the IPv6 address space, full IPv6 scanning isn’t feasible. However, you can still manually define IPv6 addresses for your known devices.
Use --help on each command to explore functionality.
There’s a JSON Schema available for the network spec file. To enable auto-completion and validation in your editor, add the following line at the top of your spec file:
# yaml-language-server: $schema=https://raw.githubusercontent.com/hojmark/drift/refs/heads/main/src/Spec/embedded_resources/schemas/drift-spec-v1-preview.schema.json
network:
...There’s no official documentation site yet.
If you run into trouble, feel free to open a discussion.
Yes! That’s exactly what I built it for. I'd love your feedback if you think anything could be improved. Being in alpha, I'm sure there's quite a bit!
Probably! But I’d love to hear what you think.
Heads-up: make sure it's okay that you scan your company's network — it could trigger intrusion detection systems.
Awesome! Please open an issue and I’ll make sure to consider it.
Oops! Mind opening an issue, so I can take a look?
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}