Skip to main content

OSfooler-ng prevents remote OS active/passive fingerprinting by tools like nmap or p0f. This fork based on change of Python nfqueue (NetfilterQueue) version from 0.5 to 0.8.1 for the sake of run the OSfooler-ng on different distros, not just deb-based.

Project description


OSfooler-NG

License: GPL v3 Version: 1.0b Maintenance

Synopsis

Check original repo for info and stuff. You may also be interested of the OSfooler-ng author's speech at DEF CON 27 (running at Aug 8-11 2019)

This fork based on change of Python's nfqueue (NetfilterQueue) version from 0.5 to 0.8.1 for the sake of run the OSfooler-ng on different distros, not just deb-based.

You may help hugely by trying this on different distros. By now it's been tested fine on Arch and CentOS7.

Install

To get this version, just use git:

$ git clone https://github.com/moonbaseDelta/OSfooler-ng.git

You need to install python NetfilterQueue (v0.8.1 or more) linux package. Download from PyPi:

$ wget https://files.pythonhosted.org/packages/39/c4/8f73f70442aa4094b3c37876c96cddad2c3e74c058f6cd9cb017d37ffac0/NetfilterQueue-0.8.1.tar.gz
$ tar -xzf NetfilterQueue-0.8.1.tar.gz
$ cd NetfilterQueue-0.8.1
$ sudo python setup.py install

or try:

$ pip install NetfilterQueue

Install OSfooler-ng in the standard way:

$ sudo python setup.py install

Known issues

No such device IO error (error code 19):

  • By default program uses 'eth0' interface that may not be even exist on your machine
  • Find your main TCP/IP interface (you can find it by 'ip a' command)
  • Run OSfooler-ng commands with:
$ <osfooler command> -i 'YOURINTERFACE'

Usage

Active Fingerprinting: nmap

To get the full list of OS to emulate, just use the flag '-n':

$ osfooler-ng -n
 [+] Please, select nmap OS to emulate
    + "2N Helios IP VoIP doorbell"
    + "2Wire BT2700HG-V ADSL modem"
    + "2Wire 1701HG wireless ADSL modem"
    [...]
    + "ZyXEL Prestige 660HW-61 ADSL router (ZyNOS 3.40)"
    + "ZyXEL Prestige 660HW-D1 wireless ADSL router"
    + "ZyXEL ZyWALL 2 Plus firewall"

To emulate an specific OS, just use the flag '-o' with the OS you want to emulate:

$ osfooler-ng -m "Sony Ericsson W705 or W715 Walkman mobile phone"
 [+] Mutating to nmap:
      Fingerprint Sony Ericsson W705 or W715 Walkman mobile phone
      Class Sony Ericsson | embedded || phone
      CPE cpe:/h:sonyericsson:w705
      CPE cpe:/h:sonyericsson:w715
      SEQ(CI=RD%II=I)
      OPS(R=N)
      WIN(R=N)
      ECN(R=N)
      T1(R=N)
      T2(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
      T3(R=N)
      T4(R=Y%DF=N%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
      T5(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
      T6(R=Y%DF=N%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
      T7(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
      U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
      IE(DFI=N%T=3B-45%TG=40%CD=S)
 [+] Activating queues
      [->] Process-1: nmap packet processor

Passive Fingerprinting: p0f v2

To get the full list of OS to emulate, just use the flag '-l':

$ osfooler-ng -p 
Please, select p0f OS Genre and Details
        OS Genre="AIX" Details="4.3"
        OS Genre="AIX" Details="4.3.2 and earlier"
        OS Genre="AIX" Details="4.3.3-5.2 (1)"
        [...]
        OS Genre="-*NMAP" Details="OS detection probe w/flags (3)"
        OS Genre="-*NMAP" Details="OS detection probe w/flags (4)"
        OS Genre="-*NAST" Details="syn scan"

To emulate any p0f OS, just use the flag '-o' with the OS Genre. This will choose the main OS and custom version will be randomly loaded when a SYN packet is detected. For example:

$ osfooler-ng -o "PalmOS"
 [+] Mutating to p0f:
      WWW:S9|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:Tungsten T3/C
      WWW:S5|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:3/4
      WWW:S4|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:3.5
      WWW:2948|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:3.5.3 (Handera)
      WWW:S29|TTL:255|D:0|SS:44|OOO:M536|QQ:.|OS:PalmOS|DETAILS:5.0
      WWW:16384|TTL:255|D:0|SS:44|OOO:M1398|QQ:.|OS:PalmOS|DETAILS:5.2 (Clie)
      WWW:S14|TTL:255|D:0|SS:44|OOO:M1350|QQ:.|OS:PalmOS|DETAILS:5.2.1 (Treo)
      WWW:16384|TTL:255|D:0|SS:44|OOO:M1400|QQ:.|OS:PalmOS|DETAILS:5.2 (Sony)
 [+] Activating queues
      [->] Process-1: p0f packet processor

You can also emulate the full p0f OS, using '-' with the OS Genre and '-d' with custom details:

$ osfooler-ng -o "Windows" -d "XP bare-bone"
 [+] Mutating to p0f:
     WWW:65520|TTL:128|D:1|SS:48|OOO:M*,N,N,S|QQ:.|OS:Windows|DETAILS:XP bare-bone
[+] Activating queues
     [->] Process-1: p0f packet processor

Active and Passive Fingerprinting: nmap & p0f

OSfooler-ng is also capable os emulating both OS to defeat nmap and p0f. Just combine the parameters above:

$ osfooler-ng -m "Microsoft Windows 2000 SP4" -o "Windows" -d "2000 SP4"
 [+] Mutating to nmap:
      Fingerprint Microsoft Windows 2000 SP4
      Class Microsoft | Windows | 2000 | general purpose
      CPE cpe:/o:microsoft:windows_2000::sp4
      SEQ(SP=7C-86%GCD=1-6%ISR=95-9F%TI=I%II=I%SS=O|S%TS=0)
      OPS(O1=NNT11|M5B4NW0NNT00NNS%O2=NNT11|M5B4NW0NNT00NNS%O3=NNT11|M5B4NW0NNT00%O4=NNT11|M5B4NW0NNT00NNS%O5=NNT11|M5B4NW0NNT00NNS%O6=NNT11|M5B4NNT00NNS)
      WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
      ECN(R=Y%DF=N%T=7B-85%TG=80%W=0%O=%CC=N%Q=U)
      T1(R=Y%DF=Y%T=7B-85%TG=80%S=O%A=O|S+%F=A|AS%RD=0%Q=|U)
      T2(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=U)
      T3(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=U)
      T4(R=Y%DF=N%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=U)
      T5(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=U)
      T6(R=Y%DF=N%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=U)
      T7(R=Y%DF=N%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=U)
      U1(DF=N%T=7B-85%TG=80%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
      IE(DFI=S%T=7B-85%TG=80%CD=Z)
 [+] Mutating to p0f:
      WWW:40320|TTL:128|D:1|SS:48|OOO:M*,N,N,S|QQ:.|OS:Windows|DETAILS:2000 SP4
 [+] Activating queues
      [->] Process-1: nmap packet processor
      [->] Process-2: p0f packet processor

Searching for Operating Systems

You can search inside nmap/p0f database for a specific OS, instead of getting the whole list. Just use the flag '-s' and enter the keyword you want to search for (case insensitive). You'll get any match found, and if it belongs to nmap or p0f databases:

$ osfooler-ng -s playstation
 [+] Searching databases for: 'playstation'
      [nmap] "Sony Playstation 4 or FreeBSD 10.2-RELEASE"
      [nmap] "Sony PlayStation 2 game console test kit 2.2.1"
      [nmap] "Sony PlayStation 3 game console"
      [nmap] "Sony PlayStation 3 game console test kit"
      [nmap] "Sony PlayStation 2 game console"
      [p0f] OS: "Sony" DETAILS: "Playstation 2 (SOCOM?)"

Update nmap database

Use the flag '-u' to check if there's a new version of nmap's database avaiable and to download it

$ osfooler-ng -u
 [+] Checking nmap database... latest!

Custom flags

There are other interesting flags:

  • '-v': Show info about every modified packet
  • '-i ': Choose network interface (eth0 by default)
  • '-V': Show OSfooler-ng banner and current version installed

Authors

License

This project is licensed under the The GNU General Public License v3.0 - see the LICENSE.md file for details

Acknowledgments

Project details


Release history Release notifications | RSS feed

This version

1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

OSfooler-ng-openwrt-1.1.tar.gz (587.2 kB view details)

Uploaded Source

Built Distribution

OSfooler_ng_openwrt-1.1-py2-none-any.whl (595.7 kB view details)

Uploaded Python 2

File details

Details for the file OSfooler-ng-openwrt-1.1.tar.gz.

File metadata

  • Download URL: OSfooler-ng-openwrt-1.1.tar.gz
  • Upload date:
  • Size: 587.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/44.0.0 requests-toolbelt/0.9.1 tqdm/4.42.0 CPython/2.7.17

File hashes

Hashes for OSfooler-ng-openwrt-1.1.tar.gz
Algorithm Hash digest
SHA256 66c803a4a8640776b22d33e7281e9fea3eb087430ee9b09be66b4104b54e16dd
MD5 063fc0bc75c9af02a10e64033230e5cc
BLAKE2b-256 ecd3b64300166b67764ea67e217d7f3176979c134c7da77376c364c9331b27dc

See more details on using hashes here.

File details

Details for the file OSfooler_ng_openwrt-1.1-py2-none-any.whl.

File metadata

  • Download URL: OSfooler_ng_openwrt-1.1-py2-none-any.whl
  • Upload date:
  • Size: 595.7 kB
  • Tags: Python 2
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/44.0.0 requests-toolbelt/0.9.1 tqdm/4.42.0 CPython/2.7.17

File hashes

Hashes for OSfooler_ng_openwrt-1.1-py2-none-any.whl
Algorithm Hash digest
SHA256 959bafcee5daad1b1c1b99c8547e3fa30bf6f874e5449e2a63fbed87cbb15e9f
MD5 58cdd6fd7054da035561118101d3f2cc
BLAKE2b-256 f398cd76b8478e822c1f004320f97dda1820025584803801585d9d7f7e083713

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page