lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20121125161504.GA90803@abbath>
Date: Sun, 25 Nov 2012 17:15:04 +0100
From: GomoR <gomor-fd@...or.org>
To: full-disclosure@...ts.grok.org.uk
Subject: One packet OS fingerprinting feature in SinFP3

Hi list,

The latest version of SinFP3 (v1.20) introduces two  new  cool  features:  the
ability to perform a SYN scan and doing OS fingerprinting at  the  same  time.
The idea is to use SYN|ACK answers to the SYN scanning  process  to  acurately
identify the remote operating system nature.  The  second  new  feature  is  a
server  mode  allowing  third-party  applications   to   access   the   SinFP3
fingerprinting engine. We also created a new output plugin to display  results
in a simpler manner than in previous versions of SinFP3.

http://www.networecon.com/blog/2012/11/25/One-Packet-OS-Fingerprinting-And-API-Access-Unveiled/

Example:

# sinfp3.pl -synscan-fingerprint -target openbsd.org -port top10 -best-score
[+] [J:0] Loaded Input:  Net::SinFP3::Input::SynScan
[+] [J:0] Loaded DB:     Net::SinFP3::DB::SinFP3
[+] [J:0] Loaded Mode:   Net::SinFP3::Mode::Active
[+] [J:0] Loaded Search: Net::SinFP3::Search::Active
[+] [J:0] Loaded Output: Net::SinFP3::Output::Simple
[+] [J:0] Starting of Input [Net::SinFP3::Input::SynScan]
[+] [J:1] Starting of job with Next [199.185.137.3]:25 flags: 0x12
[+] [J:2] Starting of job with Next [199.185.137.3]:80 flags: 0x12
[199.185.137.3  ]:80     reverse: unknown  [ 94%: OpenBSD 4.x]
[199.185.137.3  ]:80     reverse: unknown  [ 94%: OpenBSD 3.x]
[199.185.137.3  ]:25     reverse: unknown  [100%: OpenBSD 4.x]
[199.185.137.3  ]:25     reverse: unknown  [100%: OpenBSD 3.x]

Regards,

-- 
http://patriceauffret.com/  - @PatriceAuffret
http://www.networecon.com/  - @networecon
http://www.secure-side.com/ - @secure_side

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ