p0f v3 written in Python

These details have not been verified by PyPI

Project links

Homepage

Project description

pyp0f

Native implementation of p0f v3 in typed Python 3.

pyp0f is able to accurately guess the source OS or user application of a given packet with passive fingerprinting.

Motivation

pyp0f is platform independent, while p0f can be cumbersome to run on some platforms (such as Windows).
pyp0f is mainly used as a library, as opposed to p0f which runs on a seperate process and you query the results using an API.
p0f depends on full packet flow details, while pyp0f attempts to use as little information as possible. For example, you can easily fingerprint one packet from a session without knowing the session history.

Installation

pip install pyp0f

Features

MTU fingerprinting
TCP fingerprinting
HTTP fingerprinting

TODO

Flow tracking
TCP uptime detection
p0f tool loop
Impersonation tool
NAT detection

Usage

pyp0f accepts SYN, SYN+ACK and HTTP packets. If the packet is invalid for fingerprint, pyp0f.exceptions.PacketError is raised.

Database

Before fingerprinting, make sure to load the p0f signatures database.

By default, the included (v3.09b) database will be loaded. However, you can specify a custom database path to

parse.

from pyp0f.database import DATABASE



DATABASE.load()

# or DATABASE.load("path/to/database/file/p0f.fp")



print(len(DATABASE))  # 322

Fingerprinting

pyp0f has 3 main functions:

from pyp0f.fingerprint import fingerprint_mtu, fingerprint_tcp, fingerprint_http

Each fingerprint function returns a custom result object which includes some informative fields that are typed appropriately, such as:

The parsed packet
The calculated packet signature
The matched record, if any

Examples

from scapy.layers.inet import IP



from pyp0f.fingerprint import fingerprint_mtu, fingerprint_tcp, fingerprint_http



packet = IP(b'...')

mtu_result = fingerprint_mtu(packet)

tcp_result = fingerprint_tcp(packet)

http_result = fingerprint_http(packet)



print(mtu_result.match.label.name)  # Ethernet or modem

print(tcp_result.match.record.label.dump())  # s:win:Windows:7 or 8

print(http_result.match.label.dump())  # s:!:nginx:1.x

Authors

Itay Margolin - Nisitay

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

0.3.0

Sep 28, 2023

0.2.1

Sep 25, 2023

This version

0.1.2

Oct 22, 2022

0.1.1 yanked

Oct 22, 2022

Reason this release was yanked:

Database file (p0f.fp) not included

0.1.0 yanked

Oct 22, 2022

Reason this release was yanked:

Database file (p0f.fp) not included

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyp0f-0.1.2.tar.gz (28.3 kB view details)

Uploaded Oct 22, 2022 Source

Built Distribution

pyp0f-0.1.2-py3-none-any.whl (37.5 kB view details)

Uploaded Oct 22, 2022 Python 3

File details

Details for the file pyp0f-0.1.2.tar.gz.

File metadata

Download URL: pyp0f-0.1.2.tar.gz
Upload date: Oct 22, 2022
Size: 28.3 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.7.8

File hashes

Hashes for pyp0f-0.1.2.tar.gz
Algorithm	Hash digest
SHA256	`f21f934676f986a7764a7587d332fb2265b2b2ee675af71f20825aa175b8ddb0`
MD5	`30b628498c8c0d609b4aef101d6c9678`
BLAKE2b-256	`777d363b568c3f0119885a6c6819d46c4651c7b7223f0249670a0ba8355c55f5`

See more details on using hashes here.

File details

Details for the file pyp0f-0.1.2-py3-none-any.whl.

File metadata

Download URL: pyp0f-0.1.2-py3-none-any.whl
Upload date: Oct 22, 2022
Size: 37.5 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.1 CPython/3.7.8

File hashes

Hashes for pyp0f-0.1.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`1fad92ff1eaa93b218c34ed41e764a4dea6f8a58d943a2b1eaaaaf3216eba7b8`
MD5	`69d170f954e418236bd29793c03c3783`
BLAKE2b-256	`a89a03364805125d8cc9a45dc6eb33c8c0b52fcb8f34e31f9240a4cde3465ee5`