The Web Local
 

 

 

SinFP

 

SinFP is an OS fingerprinting tool able to return best guesses when only a single port is found to be open.  SinFP sends only standard TCP packets, and limits its tests to just 2 or 3 (only 1 test is usually needed to give a better than average chance of predicting the OS reliably).  SinFP has a major benefit in that it can be run actively against alive host or passively against a saved pcap file.

 

SinFP is available from here and includes all required modules

 

Installation:

tar -zxvf SinFP-2.00.tar.gz
cd SinFP-2.00
make
make install
Execution:
./sinfp.pl -i -p

Parameters:
   -d         Network device to use
   -I         Source IP address to use
   -3     Run all probes (default)
   -2     Run only probes P1 and P2 (stealthier)
   -1     Run only probe P2 (even stealthier)
   -v     Verbose
   -s         Signature file to use
   -O     Print only operating system
   -V     Print only operating system and its version family
   -H     Use HEURISTIC2 masks to match signatures (advanced users)
   -A 	  	  Use a custom list of matching masks (advanced users)
Online mode specific parameters:
   -k     Keep generated pcap file
   -a     Do not generate an anonymized pcap file trace
Offline mode specific parameters:
   -f     Name of pcap file to analyze
IPv6 specific parameters:
   -6     Use IPv6 fingerprinting, instead of IPv4
   -M         Source MAC address to use
   -m     Target MAC address to use
   -4     If no IPv6 signature matches, try against IPv4 ones
Active mode specific parameters:
   -r         No. of tries to perform for a probe (default: 3)
   -t     Timeout before considering a packet to be lost (default: 3)
Passive mode specific parameters:
   -P     Passive fingerprinting
   -F         Pcap filter
Expected Results:
root@FC4#./sinfp.pl -ai 192.168.0.1 -p 445
T1: B11113 F0x12 W64240 O0204ffff M1460
T2: B11113 F0x12 W64240 O0204ffff010303000101080a000000000000000001010402 M1460
T3: B11021 F0x04 W0 O0 M0
IPv4: HEURISTIC0/P1P2P3: Windows: Microsoft: Windows: 2000 (SP0, SP4)
root@FC4#./sinfp.pl -a6i 192.168.0.30 -m 00:01:4a:17:db:69 -p 22
T1: B10013 F0x12 W50020 O0204ffff M1440
T2: B10013 F0x12 W49980 O0101080affffffff444541440204ffff0103030001010402 M1440
T3: B10020 F0x04 W0 O0 M0
IPv6: HEURISTIC0/P1P2P3: Unix: Sun: SunOS: 5.9
IPv6: HEURISTIC0/P1P2P3: Unix: Sun: SunOS: 5.10

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews:

 

 

 

  
 

© VulnerabilityAssessment.co.uk 23 February 2008