p0f v3 written in Python
Reason this release was yanked:
Database file (p0f.fp) not included
Project description
pyp0f
Native implementation of p0f v3 in typed Python 3.
pyp0f is able to accurately guess the source OS or user application of a given packet with passive fingerprinting.
Motivation
-
pyp0fis platform independent, while p0f can be cumbersome to run on some platforms (such as Windows). -
pyp0fis mainly used as a library, as opposed to p0f which runs on a seperate process and you query the results using an API. -
p0f depends on full packet flow details, while
pyp0fattempts to use as little information as possible. For example, you can easily fingerprint one packet from a session without knowing the session history.
Installation
pip install pyp0f
Features
-
MTU fingerprinting
-
TCP fingerprinting
-
HTTP fingerprinting
TODO
-
Flow tracking
-
TCP uptime detection
-
p0f tool loop
-
Impersonation tool
-
NAT detection
Usage
pyp0f accepts SYN, SYN+ACK and HTTP packets. If the packet is invalid for fingerprint, pyp0f.exceptions.PacketError is raised.
Database
Before fingerprinting, make sure to load the p0f signatures database.
By default, the included (v3.09b) database will be loaded. However, you can specify a custom database path to
parse.
from pyp0f.database import DATABASE
DATABASE.load()
# or DATABASE.load("path/to/database/file/p0f.fp")
print(len(DATABASE)) # 322
Fingerprinting
pyp0f has 3 main functions:
from pyp0f.fingerprint import fingerprint_mtu, fingerprint_tcp, fingerprint_http
Each fingerprint function returns a custom result object which includes some informative fields that are typed appropriately, such as:
-
The parsed packet
-
The calculated packet signature
-
The matched record, if any
Examples
from scapy.layers.inet import IP
from pyp0f.fingerprint import fingerprint_mtu, fingerprint_tcp, fingerprint_http
packet = IP(b'...')
mtu_result = fingerprint_mtu(packet)
tcp_result = fingerprint_tcp(packet)
http_result = fingerprint_http(packet)
print(mtu_result.match.label.name) # Ethernet or modem
print(tcp_result.match.record.label.dump()) # s:win:Windows:7 or 8
print(http_result.match.label.dump()) # s:!:nginx:1.x
Authors
- Itay Margolin - Nisitay
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pyp0f-0.1.0.tar.gz.
File metadata
- Download URL: pyp0f-0.1.0.tar.gz
- Upload date:
- Size: 21.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.7.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | eb3c60420174539added0a08a9692fc0ffd001e003a39d8d8bf21f4d3e980223 |
|
| MD5 | 213eef8cb0349659828d222416e8a190 |
|
| BLAKE2b-256 | de337d5b8058bdb488e10cd6a99d5ce8b5e8572fdc2acd300dbea051f764ba20 |
File details
Details for the file pyp0f-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pyp0f-0.1.0-py3-none-any.whl
- Upload date:
- Size: 30.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.7.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9e36a89c4a9fc4a1c68dd8dbfd2f390a26400e91e3c23b0ce29b9bdd0a66cc35 |
|
| MD5 | 69177bc3f1b76f0a78c7264a19d71721 |
|
| BLAKE2b-256 | 6587aa6ddd76c5126c8cd064e4d49e9215ff25cd05f7234ff46f0db8301f71ac |
