Skip to main content

OSfooler-ng prevents remote OS active/passive fingerprinting by tools like nmap or p0f. This fork based on change of Python nfqueue (NetfilterQueue) version from 0.5 to 0.8.1 for the sake of run the OSfooler-ng on different distros, not just deb-based.

Project description


OSfooler-NG

License: GPL v3 Version: 1.0b Maintenance

Synopsis

Check original repo for info and stuff. You may also be interested of the OSfooler-ng author's speech at DEF CON 27 (running at Aug 8-11 2019)

This fork based on change of Python's nfqueue (NetfilterQueue) version from 0.5 to 0.8.1 for the sake of run the OSfooler-ng on different distros, not just deb-based.

You may help hugely by trying this on different distros. By now it's been tested fine on Arch and CentOS7.

Install

To get this version, just use git:

$ git clone https://github.com/moonbaseDelta/OSfooler-ng.git

You need to install python NetfilterQueue (v0.8.1 or more) linux package. Download from PyPi:

$ wget https://files.pythonhosted.org/packages/39/c4/8f73f70442aa4094b3c37876c96cddad2c3e74c058f6cd9cb017d37ffac0/NetfilterQueue-0.8.1.tar.gz
$ tar -xzf NetfilterQueue-0.8.1.tar.gz
$ cd NetfilterQueue-0.8.1
$ sudo python setup.py install

or try:

$ pip install NetfilterQueue

Install OSfooler-ng in the standard way:

$ sudo python setup.py install

Known issues

No such device IO error (error code 19):

  • By default program uses 'eth0' interface that may not be even exist on your machine
  • Find your main TCP/IP interface (you can find it by 'ip a' command)
  • Run OSfooler-ng commands with:
$ <osfooler command> -i 'YOURINTERFACE'

Usage

Active Fingerprinting: nmap

To get the full list of OS to emulate, just use the flag '-n':

$ osfooler-ng -n
 [+] Please, select nmap OS to emulate
    + "2N Helios IP VoIP doorbell"
    + "2Wire BT2700HG-V ADSL modem"
    + "2Wire 1701HG wireless ADSL modem"
    [...]
    + "ZyXEL Prestige 660HW-61 ADSL router (ZyNOS 3.40)"
    + "ZyXEL Prestige 660HW-D1 wireless ADSL router"
    + "ZyXEL ZyWALL 2 Plus firewall"

To emulate an specific OS, just use the flag '-o' with the OS you want to emulate:

$ osfooler-ng -m "Sony Ericsson W705 or W715 Walkman mobile phone"
 [+] Mutating to nmap:
      Fingerprint Sony Ericsson W705 or W715 Walkman mobile phone
      Class Sony Ericsson | embedded || phone
      CPE cpe:/h:sonyericsson:w705
      CPE cpe:/h:sonyericsson:w715
      SEQ(CI=RD%II=I)
      OPS(R=N)
      WIN(R=N)
      ECN(R=N)
      T1(R=N)
      T2(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
      T3(R=N)
      T4(R=Y%DF=N%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
      T5(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
      T6(R=Y%DF=N%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
      T7(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
      U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
      IE(DFI=N%T=3B-45%TG=40%CD=S)
 [+] Activating queues
      [->] Process-1: nmap packet processor

Passive Fingerprinting: p0f v2

To get the full list of OS to emulate, just use the flag '-l':

$ osfooler-ng -p 
Please, select p0f OS Genre and Details
        OS Genre="AIX" Details="4.3"
        OS Genre="AIX" Details="4.3.2 and earlier"
        OS Genre="AIX" Details="4.3.3-5.2 (1)"
        [...]
        OS Genre="-*NMAP" Details="OS detection probe w/flags (3)"
        OS Genre="-*NMAP" Details="OS detection probe w/flags (4)"
        OS Genre="-*NAST" Details="syn scan"

To emulate any p0f OS, just use the flag '-o' with the OS Genre. This will choose the main OS and custom version will be randomly loaded when a SYN packet is detected. For example:

$ osfooler-ng -o "PalmOS"
 [+] Mutating to p0f:
      WWW:S9|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:Tungsten T3/C
      WWW:S5|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:3/4
      WWW:S4|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:3.5
      WWW:2948|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:3.5.3 (Handera)
      WWW:S29|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:5.0
      WWW:16384|TTL:255|D:0|SS:44|OOO:M1398|QQ:.|OS:PalmOS|DETAILS:5.2 (Clie)
      WWW:S14|TTL:255|D:0|SS:44|OOO:M1350|QQ:.|OS:PalmOS|DETAILS:5.2.1 (Treo)
      WWW:16384|TTL:255|D:0|SS:44|OOO:M1400|QQ:.|OS:PalmOS|DETAILS:5.2 (Sony)
 [+] Activating queues
      [->] Process-1: p0f packet processor

You can also emulate the full p0f OS, using '-' with the OS Genre and '-d' with custom details:

$ osfooler-ng -o "Windows" -d "XP bare-bone"
 [+] Mutating to p0f:
     WWW:65520|TTL:128|D:1|SS:48|OOO:M*,N,N,S|QQ:.|OS:Windows|DETAILS:XP bare-bone
[+] Activating queues
     [->] Process-1: p0f packet processor

Active and Passive Fingerprinting: nmap & p0f

OSfooler-ng is also capable os emulating both OS to defeat nmap and p0f. Just combine the parameters above:

$ osfooler-ng -m "Microsoft Windows 2000 SP4" -o "Windows" -d "2000 SP4"
 [+] Mutating to nmap:
      Fingerprint Microsoft Windows 2000 SP4
      Class Microsoft | Windows | 2000 | general purpose
      CPE cpe:/o:microsoft:windows_2000::sp4
      SEQ(SP=7C-86%GCD=1-6%ISR=95-9F%TI=I%II=I%SS=O|S%TS=0)
      OPS(O1=NNT11|M5B4NW0NNT00NNS%O2=NNT11|M5B4NW0NNT00NNS%O3=NNT11|M5B4NW0NNT00%O4=NNT11|M5B4NW0NNT00NNS%O5=NNT11|M5B4NW0NNT00NNS%O6=NNT11|M5B4NNT00NNS)
      WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
      ECN(R=Y%DF=N%T=7B-85%TG=80%W=0%O=%CC=N%Q=U)
      T1(R=Y%DF=Y%T=7B-85%TG=80%S=O%A=O|S+%F=A|AS%RD=0%Q=|U)
      T2(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=U)
      T3(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=U)
      T4(R=Y%DF=N%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=U)
      T5(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=U)
      T6(R=Y%DF=N%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=U)
      T7(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=U)
      U1(DF=N%T=7B-85%TG=80%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
      IE(DFI=S%T=7B-85%TG=80%CD=Z)
 [+] Mutating to p0f:
      WWW:40320|TTL:128|D:1|SS:48|OOO:M*,N,N,S|QQ:.|OS:Windows|DETAILS:2000 SP4
 [+] Activating queues
      [->] Process-1: nmap packet processor
      [->] Process-2: p0f packet processor

Searching for Operating Systems

You can search inside nmap/p0f database for a specific OS, instead of getting the whole list. Just use the flag '-s' and enter the keyword you want to search for (case insensitive). You'll get any match found, and if it belongs to nmap or p0f databases:

$ osfooler-ng -s playstation
 [+] Searching databases for: 'playstation'
      [nmap] "Sony Playstation 4 or FreeBSD 10.2-RELEASE"
      [nmap] "Sony PlayStation 2 game console test kit 2.2.1"
      [nmap] "Sony PlayStation 3 game console"
      [nmap] "Sony PlayStation 3 game console test kit"
      [nmap] "Sony PlayStation 2 game console"
      [p0f] OS: "Sony" DETAILS: "Playstation 2 (SOCOM?)"

Update nmap database

Use the flag '-u' to check if there's a new version of nmap's database avaiable and to download it

$ osfooler-ng -u
 [+] Checking nmap database... latest!

Custom flags

There are other interesting flags:

  • '-v': Show info about every modified packet
  • '-i <interface>': Choose network interface (eth0 by default)
  • '-V': Show OSfooler-ng banner and current version installed

Authors

License

This project is licensed under the The GNU General Public License v3.0 - see the LICENSE.md file for details

Acknowledgments

Project details


Release history Release notifications

This version

1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for OSfooler-ng-openwrt, version 1.1
Filename, size File type Python version Upload date Hashes
Filename, size OSfooler_ng_openwrt-1.1-py2-none-any.whl (595.7 kB) File type Wheel Python version py2 Upload date Hashes View hashes
Filename, size OSfooler-ng-openwrt-1.1.tar.gz (587.2 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page