Full Disclosure mailing list archives
One packet OS fingerprinting feature in SinFP3
From: GomoR <gomor-fd () gomor org>
Date: Sun, 25 Nov 2012 17:15:04 +0100
Hi list, The latest version of SinFP3 (v1.20) introduces two new cool features: the ability to perform a SYN scan and doing OS fingerprinting at the same time. The idea is to use SYN|ACK answers to the SYN scanning process to acurately identify the remote operating system nature. The second new feature is a server mode allowing third-party applications to access the SinFP3 fingerprinting engine. We also created a new output plugin to display results in a simpler manner than in previous versions of SinFP3. http://www.networecon.com/blog/2012/11/25/One-Packet-OS-Fingerprinting-And-API-Access-Unveiled/ Example: # sinfp3.pl -synscan-fingerprint -target openbsd.org -port top10 -best-score [+] [J:0] Loaded Input: Net::SinFP3::Input::SynScan [+] [J:0] Loaded DB: Net::SinFP3::DB::SinFP3 [+] [J:0] Loaded Mode: Net::SinFP3::Mode::Active [+] [J:0] Loaded Search: Net::SinFP3::Search::Active [+] [J:0] Loaded Output: Net::SinFP3::Output::Simple [+] [J:0] Starting of Input [Net::SinFP3::Input::SynScan] [+] [J:1] Starting of job with Next [199.185.137.3]:25 flags: 0x12 [+] [J:2] Starting of job with Next [199.185.137.3]:80 flags: 0x12 [199.185.137.3 ]:80 reverse: unknown [ 94%: OpenBSD 4.x] [199.185.137.3 ]:80 reverse: unknown [ 94%: OpenBSD 3.x] [199.185.137.3 ]:25 reverse: unknown [100%: OpenBSD 4.x] [199.185.137.3 ]:25 reverse: unknown [100%: OpenBSD 3.x] Regards, -- http://patriceauffret.com/ - @PatriceAuffret http://www.networecon.com/ - @networecon http://www.secure-side.com/ - @secure_side _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- One packet OS fingerprinting feature in SinFP3 GomoR (Nov 25)