Net-SinFP3

Changes for version 1.00 - 2012-09-21

improvement: added a score (easier to understant than matching masks)
improvement: added patternTcpWScale and patternTcpOLength
improvement: -4 parameter no more required => new algo matches all signatures, and keeps the best matches
improvement: => new algo matches all signatures (v4 and v6), and keeps the best
improvement: new passive fingerprinting engine
feature: multiple output modules are available
feature: update database argument
feature: now using Net::Frame modules
feature: generated pcap file now contains hostname i/o IP
feature: generate IPv6 anonymous pcap as with IPv4
feature: auto-lookup IPv6 target MAC address
update: P1 now uses TCP MSS option to avoid filtering device to drop packets without this option
update: SQL database schema (OsVersionChildren table)
update: sinfp.pl and sinfp.db becomes sinfp3.pl and sinfp3.db
... and lots of bug fixes

Documentation

sinfp3.pl

more than a passive and active OS fingerprinting tool

Modules

Net::SinFP3

more than OS fingerprinting unification

Net::SinFP3::DB

base class for DB plugin objects

Net::SinFP3::DB::Null

turn off DB plugin

Net::SinFP3::DB::SinFP3

main access to signature database

Net::SinFP3::Ext::IP

methods used for handling IP headers

Net::SinFP3::Ext::IP::IPv4

methods used when in IPv4 mode

Net::SinFP3::Ext::IP::IPv6

methods used when in IPv6 mode

Net::SinFP3::Ext::S

SinFP3 signature object

Net::SinFP3::Ext::SP

SinFP3 passive signature object

Net::SinFP3::Ext::TCP

methods used for handling TCP headers

Net::SinFP3::Global

global configuration and useful methods for all objects

Net::SinFP3::Input

base class for Input plugin objects

Net::SinFP3::Input::ArpDiscover

object describing a SinFP target

Net::SinFP3::Input::Connect

methods used when in TCP connect active mode

Net::SinFP3::Input::IpPort

object describing a SinFP target

Net::SinFP3::Input::Null

turn off Input plugin

Net::SinFP3::Input::Pcap

get input objects from a pcap file

Net::SinFP3::Input::Signature

takes an active signature

Net::SinFP3::Input::SignatureP

takes a passive signature

Net::SinFP3::Input::Sniff

sniff the network and returns Next::Frame objects

Net::SinFP3::Input::SynScan

TCP SYN scanning input method

Net::SinFP3::Log

base class for Log objects

Net::SinFP3::Log::Console

logging directly on the console

Net::SinFP3::Log::Null

no loggingconsole

Net::SinFP3::Mode

base class for Mode plugin objects

Net::SinFP3::Mode::Active

methods used when in active mode

Net::SinFP3::Mode::Null

turn off Mode plugin

Net::SinFP3::Mode::Passive

methods used when in passive mode

Net::SinFP3::Next

base class for Next objects

Net::SinFP3::Next::Active

object describing a SinFP3 active signature

Net::SinFP3::Next::Frame

object describing a frame

Net::SinFP3::Next::IpPort

object describing the next target with IP and port

Net::SinFP3::Next::MultiFrame

object containing an multiple frames

Net::SinFP3::Next::Null

turn off Next object

Net::SinFP3::Next::Passive

object describing a SinFP3 passive signature

Net::SinFP3::Output

base class for Output plugin objects

Net::SinFP3::Output::CSV

plugin to display results using Ubigraph

Net::SinFP3::Output::Console

display results on console output

Net::SinFP3::Output::Dumper

display results using Data::Dumper

Net::SinFP3::Output::Null

turn off Output plugin

Net::SinFP3::Output::OsOnly

display only OS results on console output

Net::SinFP3::Output::OsVersionFamily

display results on console output

Net::SinFP3::Output::Pcap

writes frames to a pcap file

Net::SinFP3::Output::Ubigraph

plugin to display results using Ubigraph

Net::SinFP3::Plugin

how to create a SinFP3 plugin

Net::SinFP3::Result

base class for Result objects

Net::SinFP3::Result::Active

contains all information about matched fingerprint

Net::SinFP3::Result::Passive

contains all information about matched passive fingerprint

Net::SinFP3::Result::PortError

result object when target port is in error

Net::SinFP3::Result::Unknown

result object when target fingerprint is unknown

Net::SinFP3::Search

base class for Search plugin objects

Net::SinFP3::Search::Active

matching active signatures search engine

Net::SinFP3::Search::Null

turn off Search plugin

Net::SinFP3::Search::Passive

matching passive signatures search engine

Net::SinFP3::Worker

base class for worker models

Net::SinFP3::Worker::Fork

fork-based worker model

Net::SinFP3::Worker::Thread

thread-based worker model

Examples

examples/sinfp3-mode-active.pl

Other files

To install Net::SinFP3, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::SinFP3

CPAN shell

perl -MCPAN -e shell
install Net::SinFP3

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 1.00 - 2012-09-21

Documentation

Modules

Examples

Other files

Module Install Instructions