zhuzhenjun-libosfp/README.md

# libosfp

Libosfp is a C libaray for OS fingerprinting.

## install
```
# osfp_example depends on libpcap
yum install -y libpcap-devel
# build and install to ./target
./autogen.sh; ./configure --prefix="$(pwd)/target"; make clean; make install
```

## run example
```
# load the fingerprint file ./fp.json and capture on eth0, filter tcp port 8888
./target/bin/osfp_example -f ./fp.json -i eth0 "tcp port 8888"
# outputs like this
# ---------------------------  SYN
# Example ipv4 header detect: --------------------------
# Connection info: 114.64.231.114:57570 -> 172.21.0.10:8888
# Most likely os class: Windows
# Details:
# {
#         "likely":       {
#                 "name": "Windows",
#                 "score":        20
#         },
#         "detail":       [{
#                         "name": "Windows",
#                         "score":        20
#                 }, {
#                         "name": "Linux",
#                         "score":        10
#                 }, {
#                         "name": "Mac OS",
#                         "score":        1
#                 }, {
#                         "name": "iOS",
#                         "score":        0
#                 }, {
#                         "name": "Android",
#                         "score":        7
#                 }]
# }
```

## sample
```
#include "stdio.h" 
#include "osfp.h" 
 
char iph[] = { 
  0x45, 0x00, 0x00, 0x34, 0x51, 0xc4, 0x40, 0x00, 
  0x80, 0x06, 0xe7, 0x27, 0xc0, 0xa8, 0x73, 0x08, 
  0x6a, 0xb9, 0x23, 0x6e 
}; 
 
char tcph[] = { 
  0xc1, 0xbd, 0x00, 0x50, 0x3d, 0x58, 0x51, 0x60, 
  0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00, 
  0x3d, 0x3a, 0x00, 0x00, 0x02, 0x04, 0x04, 0xec, 
  0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02 
};  
 
int main(int argc, char **argv) 
{ 
    const char *json_file_path = "./fp.json";
 
    struct iphdr *l3_hdr = (struct iphdr *)iph; 
    struct tcphdr *l4_hdr = (struct tcphdr *)tcph; 
    size_t l4_hdr_len = sizeof(tcph); 
 
    struct osfp_db *db = osfp_db_new(json_file_path); 
    if (db) {
        struct osfp_result *result = osfp_ipv4_identify(db, l3_hdr, l4_hdr, l4_hdr_len); 
        if (result) { 
            printf("likely os: %s\n", osfp_result_os_name_get(result)); 
            printf("details: \n%s\n", osfp_result_score_detail_export(result)); 
            osfp_db_free(db); 
        } 
    }
}
```
Initial commit 2023-09-13 09:24:11 +00:00			`# libosfp`

init autotools 2023-09-15 10:40:22 +08:00			`Libosfp is a C libaray for OS fingerprinting.`
Initial commit 2023-09-13 09:24:11 +00:00
v0.0.4 2023-09-27 15:43:32 +08:00			`## install`
			```
			`# osfp_example depends on libpcap`
			`yum install -y libpcap-devel`
			`# build and install to ./target`
			`./autogen.sh; ./configure --prefix="$(pwd)/target"; make clean; make install`
			```

			`## run example`
			```
			`# load the fingerprint file ./fp.json and capture on eth0, filter tcp port 8888`
			`./target/bin/osfp_example -f ./fp.json -i eth0 "tcp port 8888"`
			`# outputs like this`
			`# --------------------------- SYN`
			`# Example ipv4 header detect: --------------------------`
			`# Connection info: 114.64.231.114:57570 -> 172.21.0.10:8888`
			`# Most likely os class: Windows`
			`# Details:`
			`# {`
			`# "likely": {`
			`# "name": "Windows",`
			`# "score": 20`
			`# },`
			`# "detail": [{`
			`# "name": "Windows",`
			`# "score": 20`
			`# }, {`
			`# "name": "Linux",`
			`# "score": 10`
			`# }, {`
			`# "name": "Mac OS",`
			`# "score": 1`
			`# }, {`
			`# "name": "iOS",`
			`# "score": 0`
			`# }, {`
			`# "name": "Android",`
			`# "score": 7`
			`# }]`
			`# }`
			```

			`## sample`
			```
			`#include "stdio.h"`
			`#include "osfp.h"`

			`char iph[] = {`
			`0x45, 0x00, 0x00, 0x34, 0x51, 0xc4, 0x40, 0x00,`
			`0x80, 0x06, 0xe7, 0x27, 0xc0, 0xa8, 0x73, 0x08,`
			`0x6a, 0xb9, 0x23, 0x6e`
			`};`

			`char tcph[] = {`
			`0xc1, 0xbd, 0x00, 0x50, 0x3d, 0x58, 0x51, 0x60,`
			`0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00,`
			`0x3d, 0x3a, 0x00, 0x00, 0x02, 0x04, 0x04, 0xec,`
			`0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02`
			`};`

			`int main(int argc, char **argv)`
			`{`
			`const char *json_file_path = "./fp.json";`

			`struct iphdr l3_hdr = (struct iphdr )iph;`
			`struct tcphdr l4_hdr = (struct tcphdr )tcph;`
			`size_t l4_hdr_len = sizeof(tcph);`

			`struct osfp_db *db = osfp_db_new(json_file_path);`
			`if (db) {`
			`struct osfp_result *result = osfp_ipv4_identify(db, l3_hdr, l4_hdr, l4_hdr_len);`
			`if (result) {`
			`printf("likely os: %s\n", osfp_result_os_name_get(result));`
			`printf("details: \n%s\n", osfp_result_score_detail_export(result));`
			`osfp_db_free(db);`
			`}`
			`}`
			`}`
			```