Talisker Active OS Fingerprinting Tools

About Us | Services | Recruitment | Advertise | Contact

Computer Network Defence Ltd

Active OS Fingerprinting Tools
These products are designed to guestimate remote operating systems and sometimes even the patch level that the operating system is running on. Active fingerprinting tools rely on stimulus-response, where the source will send certain packets (stimulus) to the target, the target's response can be analyzed to identify the operating system, Different Operating Systems respond to the source packets in different ways, hence their ability to fingerprint different remote hosts reliably . See Also Passive fingerprinting tools. These perform a similar function but without stimulating the remote host, instead they rely on passing traffic.

Last Updated by Paul Hortop 13 Dec 2006

Links to Products
Scroll Down

SinFP
	GomoR	http://www.gomor.org/cgi-bin/index.pl?mode=view;page=sinfp
SinFP is able to fingerprint over IPv4, and over IPv6. It can do active fingerprinting, and passive fingerprinting. Online and offline modes are supported. One thing to note, passive OS fingerprinting is made to match against active fingerprinting signatures, so no need to bother with passive signatures. SinFP signatures are stored in a SQLite database, a portable format if anyone wants to integrate it in another project.
non commercial	Last Updated: 13 Dec 2006

nmap
most OS supported	fyodor	http://insecure.org/
Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more. Most UNIX and Windows platforms are supported in both GUI and command-line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.
Freeware	Last Updated 13 Dec 2006

Xprobe 2
*nix	Fyodor Yarochkin and Ofir Arkin	http://www.sys-security.com/index.php?page=xprobe
Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting. Xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
Freeware	Last Updated 13 Dec 2006

Amap
*nix	THC	http://www.thc.org/releases.php?s=4&q=&o=
Amap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses.
Freeware	Last Updated: 13 Dec 2006

Vmap not strictly an OS fingerprinter
*nix	THC	http://www.thc.org/releases.php?s=12&q=&o=
Vmap stands for version mapper. It allows you to find out the version of a daemon by fingerprinting the features and replys of bogus commands. It's a great addition to the other *map tools.
Freeware	Last Updated; 13 Dec 2006

Snacktime
*nix	Tod Beardsley	http://www.planb-security.net/wp/snacktime.html
As far as I can tell, measuring RTOs seems to be a pretty accurate and stealthy method for profiling networked devices, and Snacktime seems to be a pretty reasonable implementation. Furthermore, masking ones "normal" RTO can be difficult for some operating systems, and given this technique's relative newness, is much more uncommon than more traditional methods of defeating profiling
Freeware	Last Updated:13 Dec 2006

Computer Network Defence Ltd
Information Security Consultancy and Recruiting
enquiries@securitywizardry.com

Copyright © 2004 Computer Network Defence Ltd. All Rights Reserved.

PO Box 2680, Corsham, Wiltshire, SN13 0ZR, UK
Phone 0870 3219014
International +44 (0) 1225 811806