OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.
SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with only 1 test giving the OS reliably in most cases).
New for 2.00:
- complete rewrite
- sinfp.db completely reworked
- new tests based on comparison between probe and response (TCP seq/ack comparison, IP ID value comparison)
- new matching algorithm, works like a search engine (a problem of finding intersection, by applying a deformation mask on keywords) much more efficient than in 1.xx branch
- possibility to manually pass a matching mask to change at will the matching algorithm
- passive fingerprinting much more acurate thanks to new matching algorithm
- possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
- match IPv6 signatures against IPv4 ones
- API changes, not compatible with 1.xx version anymore
- DB schema changes, not compatible with 1.xx version anymore
- many bugfixes
To read more you can check out the SinFP Homepage.
You can download SinFP directly here.