Most teams don't know how many file transfers are running on their network. Not because they're negligent, but because there's no easy way to find them.

Cron jobs on a forgotten server. Scheduled tasks on a Windows machine that the last admin set up. A script in someone's home directory that SCPs a file to a vendor every night. These exist in every organisation that's been running for more than a year.

We built mft-discover to find them.

What It Does

mft-discover is a standalone Rust CLI that scans Linux and Windows machines for file transfer activity. It connects via SSH or WinRM and looks for:

  • Crontabs — any scp, sftp, rsync, curl, or wget commands
  • Windows Scheduled Tasks — file transfer operations in Task Scheduler
  • Shell scripts.sh, .bash, .ps1 files with transfer commands
  • Tool configs — FileZilla, WinSCP, and PuTTY saved profiles

It produces a self-contained HTML report that shows everything it found. Machine-readable JSON output is available for pipeline integration.

$ mft-discover --targets 192.168.1.0/24 --output .

MFTPlus Discovery Tool v0.4.0

Scanning 16 targets...

[1/16] 192.168.1.14 (Linux) via SSH
  ✓ Cron: 2 transfers found
[2/16] 192.168.1.22 (Linux) via SSH
  ✓ WinSCP: profile with saved credentials
[3/16] 192.168.1.31 (Windows) via WinRM
  ✓ PowerShell: hardcoded_credentials
[4/16] 192.168.1.45 (Linux) via SSH
  — No file transfer activity
[5/16] 192.168.1.50 (Windows) via WinRM
  ✓ ScheduledTask: 7 jobs, 4 using FTP

Summary: 5 transfers across 16 hosts
  ⚠ 3 unencrypted
  ⚠ 1 hardcoded_credentials

Report: ./mft-discover-report-2026-05-27.html

Why We Built It

We kept hearing the same story from potential customers: "I think we have file transfers running somewhere, but I don't know where they all are."

That uncertainty is a compliance risk. If you don't know where your data is moving, you can't audit it. If you can't audit it, you can't certify compliance.

mft-discover turns that unknown into a concrete report. You run the scan, you get a list of every file transfer on your network, organised by host and protocol. You know exactly what needs to be migrated, secured, or retired.

What It Doesn't Do

Version 1 is passive-only. It reads configs and scans scripts. It doesn't probe for open ports or test credentials.

It also doesn't remediate. mft-discover finds and reports. MFTPlus handles the remediation: onboarding discovered transfers into a managed, encrypted, audited pipeline.

Getting Started

mft-discover is free. Linux and Windows binaries are available from the MFTPlus releases page.

# Download the binary
curl -LO https://releases.mftplus.co.za/mft-discover/mft-discover-latest-linux

# Make it executable
chmod +x mft-discover-latest-linux

# Run a scan
./mft-discover-latest-linux --targets 192.168.1.0/24 --output .

# Or scan a single host with a specific SSH key
./mft-discover-latest-linux --targets 10.0.1.14 --ssh-key ~/.ssh/id_rsa --output .

FAQ

Is it really free?
Yes. No registration, no API key, no trial timer.

Does it phone home?
No. The scan runs entirely on your network. The report is generated locally. The only outbound integration is optional: uploading findings to an MFTPlus dashboard if you have one.

What about Windows?
WinRM transport is supported for Windows targets. The binary runs on both Linux and Windows.

Can I run it in CI/CD?
Yes. JSON output mode is designed for pipeline integration. Exit codes indicate whether findings were detected.

How does it compare to a penetration test?
It's not a pen test. It's asset discovery for file transfers. A pen test might find these incidentally. mft-discover looks specifically for them.