|
SinFP |
|
|
GomoR |
http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp |
|
SinFP is able to fingerprint over
IPv4, and over IPv6. It can do active fingerprinting, and passive
fingerprinting. Online and offline modes are supported. One thing to
note, passive OS fingerprinting is made to match against active
fingerprinting signatures, so no need to bother with passive signatures.
SinFP signatures are stored in a
SQLite database, a portable format if anyone wants to integrate it in
another project. |
|
non commercial |
Information Updated: 26 Oct 2005 |
|
P0f |
|
*nix |
Michal Zalewski |
http://lcamtuf.coredump.cx/p0f.shtml |
|
P0f v2 is a versatile passive OS
fingerprinting tool. P0f can identify the system on machines that connect
to your box, machines you connect to, and even machines that merely go
thru or near your box. All this even if the device is behind a fascist
packet firewall. P0f will also detect what the remote system is hooked up
to (be it Ethernet, DSL, OC3, or avian carriers), how far it is
located, what's its uptime, and will often detect NAT, firewall
presence, and even the name of the other guy's ISP - all this without
sending a single packet.
|
|
non commercial |
Information Updated: 01 Oct 2003 |
|
Ettercap |
|
most |
Alberto Ornaghi, Marco Valleri |
http://ettercap.sourceforge.net/ |
|
Passive scanning of the LAN:
you can retrieve info about: hosts in the lan, open ports, services
version, type of the host (gateway, router or simple host) and estimated
distance in hops.
|
|
Freeware |
Information Updated: 01 Oct 2003 |
|
RNA |
|
|
Sourcefire, Inc |
http://www.sourcefire.com/products/rna.html |
|
Sourcefire Real-time Network Awareness™ (RNA) enables
organizations to more confidently protect their networks through a
unique patent pending combination of passive network discovery,
behavioral profiling, and integrated vulnerability analysis to deliver
the benefits of real-time network profiling and change management
without the drawbacks of traditional approaches to identifying network
assets and vulnerabilities. |
|
Commercial |
Information Updated: 17 Dec 2004 |
|
 |
|
pfprintd |
|
*nix |
Hendrik Scholz |
http://www.wormulon.net/projects/pfprintd |
|
pfprintd is a passive OS fingerprinting
system. A daemon process pfprintf utilizes libpcap to sniff packets
off the wire. By looking at the headers the program can (in some cases)
determine which operating system is running on the remote machine. A
client frontend pfprint takes user requests to identify a certain
box. Using a local socket to communicate with the daemon and search the
database. |
|
freeware
|
Information Updated; 01 Oct 2003
|
|
Tenable Passive Vulnerability Scanner |
|
|
Tenable Network Security Inc |
http://www.tenablesecurity.com/products/pvs.shtml |
|
The Tenable Passive Vulnerability Scanner (PVS) can find out what is happening on your network without actively scanning it.
Each PVS monitors your network for vulnerable systems, watches for potential application compromises, client and server trust
relationships, and open or browsed network protocols in use.
A single PVS can be placed in front of a network of 25,000 systems and continuously monitor the traffic for a variety of
security related information including:
* Keeping track of all client and server application vulnerabilities
* Detecting when an application is compromised or subverted
* Detecting when new hosts are added to the network
* Detecting when an internal system begins to port scan other systems
* Highlighting all interactive and encrypted network sessions
* Tracking exactly which systems communicate with other internal systems
* Detecting which ports are served and which ports are browsed for each individual system
* Passively determining the type of operating system of each active host
|
|
Commercial |
Information Updated: 02 Nov 2006 |
|
Disco |
|
Linux, BSD |
Preston Wood |
http://www.altmode.com/disco/ |
|
Disco is a passive IP
discovery and fingerprinting utility designed to sit on segments
distributed throughout a network to discover unique IP's on the network.
In addition to IP discovery disco has the ability to passively fingerprint
TCP SYN packets and TCP SYNACK packets. |
|
Freeware
|
Information Updated:30 Oct 2003
|
|
Last page update:
November 02, 2006 |
|
