p0f v3 with impersonation spoofing, written in Python
Project description
pyp0f
Native implementation of p0f v3 in typed Python 3.
Documentation: https://github.com/Nisitay/pyp0f/blob/master/docs/README.md
Source Code: https://github.com/Nisitay/pyp0f
pyp0f is able to accurately guess the source OS or user application of a given packet with passive fingerprinting, as well as impersonate packets so that p0f will think it has been sent by a specific OS.
Motivation
pyp0fis platform independent (using Scapy), whilep0fcan be cumbersome to run on some platforms (such as Windows).- The implementation and concepts behind
p0fare very sophisticated, but the tool is written in C which makes it harder to understand and extend. Performance is expected to be slower in Python, butpyp0fstill performs well enough (see Performance benchmarks) p0fheavily depends on full packet flow details, whilepyp0fattempts to use as little information as possible. For example, you may be able to fingerprint a SYN+ACK packet from a session without having the matching SYN packet.pyp0faims to be highly configurable and used as a library, without limiting its effectiveness to one packet format/library, as opposed top0fwhich runs on a seperate process and you query the results using an API.
Installation
$ pip install pyp0f
Features
- Full p0f fingerprinting (MTU, TCP, HTTP)
- p0f spoofing - impersonation (MTU, TCP)
- TCP timestamps uptime detection
In Progress
- Flow tracking
- NAT detection
Getting Started
from scapy.layers.inet import IP, TCP
from pyp0f.database import DATABASE
from pyp0f.fingerprint import fingerprint_mtu, fingerprint_tcp, fingerprint_http
from pyp0f.fingerprint.results import MTUResult, TCPResult, HTTPResult
DATABASE.load() # Load the fingerprints database
# MTU Fingerprinting
google_packet = IP() / TCP(options=[("MSS", 1430)])
mtu_result: MTUResult = fingerprint_mtu(google_packet)
# TCP Fingerprinting
linux_packet = IP(tos=0x10, flags=0x02, ttl=58) / TCP(
seq=1,
window=29200,
options=[("MSS", 1460), ("SAckOK", b""), ("Timestamp", (177816630, 0)), ("NOP", None), ("WScale", 7)],
)
tcp_result: TCPResult = fingerprint_tcp(linux_packet)
# HTTP Fingerprinting
apache_payload = b"HTTP/1.1 200 OK\r\nDate: Fri, 10 Jun 2011 13:27:01 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 09 Jun 2011 17:25:43 GMT\r\nExpires: Mon, 13 Jun 2011 17:25:43 GMT\r\nETag: 963D6BC0ED128283945AF1FB57899C9F3ABF50B3\r\nCache-Control: max-age=272921,public,no-transform,must-revalidate\r\nContent-Length: 491\r\nConnection: close\r\nContent-Type: application/ocsp-response\r\n\r\n"
http_result: HTTPResult = fingerprint_http(apache_payload)
Sources
Authors
- Itay Margolin - Nisitay
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyp0f-0.3.0.tar.gz
(36.1 kB
view details)
Built Distribution
pyp0f-0.3.0-py3-none-any.whl
(53.1 kB
view details)
File details
Details for the file pyp0f-0.3.0.tar.gz.
File metadata
- Download URL: pyp0f-0.3.0.tar.gz
- Upload date:
- Size: 36.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.7.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 74fe99c98c1937dbf242d8397b64197d9d9f10d527a4151431f29010c5338f63 |
|
| MD5 | 146752426102c50ba902d7e01b807790 |
|
| BLAKE2b-256 | 35ccf72f1309015a062bbd5c84db015d9a8b07199517426bfb03b5092edddf17 |
File details
Details for the file pyp0f-0.3.0-py3-none-any.whl.
File metadata
- Download URL: pyp0f-0.3.0-py3-none-any.whl
- Upload date:
- Size: 53.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.7.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9789a8933dea89830d9ca8bfc756221c9254673906b4928c0f078744d190194a |
|
| MD5 | cf4fd2137da35cf240c828b571987208 |
|
| BLAKE2b-256 | b80d189c905a08053df6223905128901fcc9f7462845cbd87b6cf32b9b460a90 |
