2.3 KiB
2.3 KiB
libosfp
Libosfp is a C libaray for OS fingerprinting.
install
# osfp_example depends on libpcap
yum install -y libpcap-devel
# build and install to ./target
./autogen.sh; ./configure --prefix="$(pwd)/target"; make clean; make install
run example
# load the fingerprint file ./fp.json and capture on eth0, filter tcp port 8888
./target/bin/osfp_example -f ./fp.json -i eth0 "tcp port 8888"
# outputs like this
# --------------------------- SYN
# Example ipv4 header detect: --------------------------
# Connection info: 114.64.231.114:57570 -> 172.21.0.10:8888
# Most likely os class: Windows
# Details:
# {
# "likely": {
# "name": "Windows",
# "score": 20
# },
# "detail": [{
# "name": "Windows",
# "score": 20
# }, {
# "name": "Linux",
# "score": 10
# }, {
# "name": "Mac OS",
# "score": 1
# }, {
# "name": "iOS",
# "score": 0
# }, {
# "name": "Android",
# "score": 7
# }]
# }
sample
#include "stdio.h"
#include "osfp.h"
char iph[] = {
0x45, 0x00, 0x00, 0x34, 0x51, 0xc4, 0x40, 0x00,
0x80, 0x06, 0xe7, 0x27, 0xc0, 0xa8, 0x73, 0x08,
0x6a, 0xb9, 0x23, 0x6e
};
char tcph[] = {
0xc1, 0xbd, 0x00, 0x50, 0x3d, 0x58, 0x51, 0x60,
0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00,
0x3d, 0x3a, 0x00, 0x00, 0x02, 0x04, 0x04, 0xec,
0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02
};
int main(int argc, char **argv)
{
const char *json_file_path = "./fp.json";
struct iphdr *l3_hdr = (struct iphdr *)iph;
struct tcphdr *l4_hdr = (struct tcphdr *)tcph;
size_t l4_hdr_len = sizeof(tcph);
struct osfp_db *db = osfp_db_new(json_file_path);
if (db) {
struct osfp_result *result = osfp_ipv4_identify(db, l3_hdr, l4_hdr, l4_hdr_len);
if (result) {
printf("likely os: %s\n", osfp_result_os_name_get(result));
printf("details: \n%s\n", osfp_result_score_detail_export(result));
osfp_db_free(db);
}
}
}