Xprobe2 Download – Active OS Fingerprinting Tool

Outsmart Malicious Hackers


xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. xprobe2 relies on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.

Xprobe2 Download - Active OS Fingerprinting Tool


As xprobe2 uses raw sockets to send probes, you must have root privileges in order for xprobe2 to be able to use them. Some of its logic has been absorbed into Nmap and it’s basically an active OS fingerprinting tool meaning it sends actual data to the machine it’s fingerprinting rather than a passive tool like p0f which just listens.

Xprobe2 Active OS Fingerprinting Tool Features

  • Port scanning is now available through the usage of the -T (TCP) and -U (UDP) command line option
  • Added the -B command line option (‘blind port guess’) used for searching an open TCP port among the following ports: 80,21, 25, 22, 139
  • Include XSD schema with distribution and make our XML comply with that XSD
  • loopback (lo) is supported

If you want to understand more in depth you can check out the paper: xprobe2 – A ‘Fuzzy’ Approach to Remote Active Operating System Fingerprinting


How to use Xprobe2 For OS Fingerprinting

Xprobe2 Download

Download Xprobe2 here:

xprobe2-0.3.tar.gz

Or read more here.

Posted in: Networking Hacking

, , , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


10 Responses to Xprobe2 Download – Active OS Fingerprinting Tool

  1. matt May 16, 2008 at 9:25 pm #

    Sounds like a very useful tool. Would be nice to see all of these features combined with nmap. …maybe a new project for myself. Thanks for the article!

  2. Jinesh May 19, 2008 at 1:39 pm #

    Words are not enough to describe this tool.

  3. Chris May 20, 2008 at 9:32 am #

    I must politely disagree with Matt here. Personally I don’t use nmap at all, but I very much agree with the unix philosophy of one tool for one type of purpose. nmap is already doing too much, it should in my opinion do less.

    Let xprobe2 stay the way it is, and try and slim nmap down a bit. What they should do with nmap is improve their UDP-scanning. Integrate a payload system, like the one found in unicornscan. Also they should stop doing automatic flow-control. It just messes up badly on larger networks. You need to be able to calculate efficiency and time.

    My two cents.

  4. Darknet May 20, 2008 at 9:59 am #

    Chris: You kind of went against what you were saying there, for UDP scanning Unicornscan is better…for larger networks either Unicornscan, Scanrand or Advanced LAN Scanner. Or a paired down version of nmap with the right options. Different tools for different jobs.

  5. Chris May 20, 2008 at 10:59 am #

    I did? I personally find that nmap just cannot do the job on large networks, i.e /18-. It takes too much time, and there is no way to control how it interacts with its environment.

    If we’re talking about portscanning, I include UDP/TCP for that. unicornscan does just that, it does portscanning, nothing more. For that reason I prefer unicornscan over nmap. It’s not however to say I think nmap is bad, for certain things it performs very well. It all comes down to the job, purpose and the tester. The tester should be comfortable with all the tools he decide to use, they are never a replacement for good understanding of x.y.z.

    If I contradicted myself, that was not my intention. (And I still fail to see how I did!)

    – Chris

  6. Darknet May 20, 2008 at 4:00 pm #

    Chris: Well it depends how you look at it, it’s very subjective. For me nmap started out as a decent TCP connect scanner and evolved from there, the main featureset is on the TCP side – it’s definitely not a competent UDP like Unicornscan is. Yes Unicorn does TCP as well and it does it better for large networks but I still find nmap better for TCP investigation and trickery (idle scans, decoys, banner grabbing etc). For me saying it should be better at UDP scanning is the opposite of one tool for one purpose.

  7. Erik May 21, 2008 at 5:09 pm #

    The only things about active OS fingerprinting is that it can be done from any network as long as the fingerprinted host is reachable. Apart from that I really prefer doing passive OS fingerprinting.

    Is there by the way any point in doing OS fingerprinting based on UDP packets? My feeling is that they don’t hold enough information in order to fingerprint a host properly. A much better fingerprinting method is to look at DHCP packets since they reveal a lot about the host. The good thing with DHCP is also that it is broadcast, so it’s perfect for doing passively. In fact the new version of NetworkMiner [ http://networkminer.wiki.sourceforge.net/NetworkMiner ] supports passive OS fingerprinting using both TCP and DHCP fingerprinting.

    I haven’t tried unicornscan though, it also seems to have some passive OS fingerprinting functionality.

  8. Darknet May 21, 2008 at 5:41 pm #

    Erik: I agree, due to the nature of UDP packets they have very little overhead and therefore very little useful info. DHCP packets and anything broadcast by Windows machines is useful. NetworkMiner is a neat tool we have covered it here before, still the best for passive OS fingerprinting is p0f – I haven’t yet covered that here but will shortly. The active OS fingerprinting in nmap is pretty decent too, I haven’t tried any of those features in Unicornscan yet.

  9. Xnih November 28, 2008 at 2:47 am #

    Darknet: I’ll jump on the bandwagon with Erik, but that is just because his programs uses the DHCP fingerprinting from my own program Satori [ http://myweb.cableone.net/xnih ]. p0f does a decent job of passive os fingerprinting in the area of syn and syn/ack packets, but does nothing with DHCP, ICMP, CDP, IPX/SAP, etc, nor has it been updated in years.

  10. Sifmole January 9, 2009 at 5:14 pm #

    One of my problems with xprobe2 is that the only fingerprinting database I can find is from 11 July 2005. Do any of you know where you can find updated databases?