sinfp3.pl - more than a passive and active OS fingerprinting tool
o Information about signature database updates and more: o https://www.secure-side.com/lists/mailman/listinfo/sinfp
sinfp3.pl [options] -target ip|ip6|hostname -port port|portList
Examples:
# Single port active fingerprinting sinfp3.pl -target example.com -port 80 -input-ipport # Single port IPv6 active fingerprinting sinfp3.pl -target example.com -port 80 -input-ipport -6 # SynScan active fingerprinting of a single target sinfp3.pl -target example.com -port top100 # SynScan IPv6 active fingerprinting of a single target sinfp3.pl -target example.com -port top100 -6 # SynScan active fingerprinting of a target subnet sinfp3.pl -target 192.0.43.0/24 -port top100 # Passive fingerprinting sinfp3.pl -mode-passive -search-active -input-sniff # Passive IPv6 fingerprinting sinfp3.pl -mode-passive -search-active -input-sniff -6 # Active fingerprinting of LAN sinfp3.pl -input-arpdiscovery # Active fingerprinting of IPv6 LAN sinfp3.pl -input-arpdiscovery -6 # Simply SynScan the target sinfp3.pl -target example.com -port full -mode-null -search-null -db-null
Print sinfp3.pl version.
This help message.
Target. This is used to auto-detect some global parameters like device or ip.
Target port. Default for top10 ports for plugins able to handle multiple ports. This format is documented in `perldoc Net::SinFP3::Global' expandPorts method.
Source port to use. Not supported by all plugins.
Use passive fingerprinting. Default to use active one.
Use IPv6 fingerprinting where available. Default to off.
Maximum number of jobs in parallel. Default: 10.
Do a reverse DNS lookup for targets. Default to no.
Network device to use. Default to auto-detect.
Use threaded worker model (discouraged). Fork is used by default (and in Perl, it is better than ithreads).
Re-launch probes specified number of time. Default: 3.
Time in seconds before timing out. Default: 3.
Number of packet per seconds. Default: 200.
The source IPv4 address to use. Default to auto-detect.
The source IPv6 address to use. Default to auto-detect.
The source MAC address to use. Default to auto-detect.
The source IPv4 subnet address to use. Default to auto-detect.
The source IPv6 subnet address to use. Default to auto-detect.
The gateway IPv4 address to use. Default to auto-detect.
The gateway IPv6 address to use. Default to auto-detect.
The gateway MAC address to use. Default to auto-detect.
Use the following verbose level number. Between 0 and 3, from the less verbose to the most verbose. Default to 1.
Set verbose level to 0. Default to not.
Use the specified threshold for plugins supporting it. Default to no threshold (0).
Only gather results for the best matches. Default to not.
Use specified plugin for input. Default input plugin is Net::SinFP3::Input::SynScan.
Parameter to the specified input plugin. Must use multiple times to give multiple parameters.
Use specified plugin for db. Default DB plugin is Net::SinFP3::DB::SinFP3. Example: "sinfp3.pl -db SinFP3 -db-arg file=sinfp3.db".
Parameter to the specified db plugin. Must use multiple times to give multiple parameters.
Use specified plugin for mode. Default mode plugin is Net::SinFP3::Mode::Active.
Parameter to the specified mode plugin. Must use multiple times to give multiple parameters.
Use specified plugin for search. Default search plugin is Net::SinFP3::Search::Active.
Parameter to the specified search plugin. Must use multiple times to give multiple parameters.
Use specified plugin for output. Default output plugin is Net::SinFP3::Output::Console.
Parameter to the specified output plugin. Must use multiple times to give multiple parameters.
Turn off input plugin.
Use ARP scanning on the local subnet to discover targets. Works also with -6 argument.
Take a pcap file (or files) as input.
Perform a TCP SYN scan to find open ports. Default plugin.
Use only target IP or hostname and one port.
Listen on the network to capture frames.
Will ask the end-user to past an active signature as a string.
Will ask the end-user to past a passive signature as a string.
Performs a standard TCP connect() and sends a "GET /HTTP/1.0". Then, it analyzes the SYN|ACK response to perform active fingerprinting.
Starts a SinFP3 server on localhost:32000, so clients speaking the SinFP3 API will be able to access the fingerprinrint engine.
Turn off mode plugin.
Run using active plugin. This does active OS fingerprinting via SinFP3 engine.
Run using passive plugin. This does passive OS fingerprinting via SinFP3 engine.
Turn off DB plugin.
Use Net::SinFP3::DB::SinFP3 database plugin. Default plugin.
Turn off search plugin.
Perform a search through a database in active mode. Default plugin.
Perform a search through a database in passive mode.
Turn off log plugin.
Log messages to the console. Default plugin.
Turn off output plugin.
Render output to the console with many details.
Render output to the connected client using SinFP3 communication protocol.
Render output to the console, in a simple way. Default plugin.
Prints a dump to the console.
Only outputs operating system, and not full details of the fingerprint.
Only outputs operating system and its version family, and not full details of the fingerprint.
Saves a trace to a pcap file. You can reply it afterwards using Net::SinFP3::Input::Pcap.
Saves fingerprinting results a csv file. You can use -csv-file to choose the output file.
Takes a CSV file and display results using Ubigraph. You must use a CSV file as generated by Net::SinFP3::Output::CSV. You can use -csv-file to choose the input file.
Will update the database for the selected Net::SinFP3::DB plugin.
Database file to use. Default is plugin dependant.
Use promiscuous mode while sniffing. Default to true.
Replaces IP source and destination addresses (and update IP/TCP checksums) to anonymize a pcap output. Default to not.
Append to an already existing pcap file. Default to not.
Use specified pcap filter. Use it where available.
Use input taken from specified CSV file.
Use input taken from specified pcap file or fileList. FileList uses Perl glob function.
Run all probes in active mode (default).
Run only probes P1 and P2 in active mode (stealthier).
Run only probe P2 in active mode (even stealthier).
Do not perform classic 3 packets fingerprinting, just use the SYN|ACK reply from the SYN request for fingerprinting.
To install Net::SinFP3, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::SinFP3
CPAN shell
perl -MCPAN -e shell install Net::SinFP3
For more information on module installation, please visit the detailed CPAN module installation guide.