p0f v3 clone written in Python
Reason this release was yanked:
Broken reading of p0f.fp
Project description
scapy-p0f
A native implementetion of p0f v3 in Python.
scapy-p0f allows you to accurately guess the source OS or user application of a given Scapy packet with passive fingerprinting.
Usage
scapy-p0f has 3 main functions: p0f, prnp0f and fingerprint_mtu
Note: p0f v3 supports SYN/SYN+ACK and HTTP packets. If the given packet isn't valid for p0f, an exception is raised.
Fingerprint Match Format
TCP Match | HTTP Match | MTU Match | |
---|---|---|---|
Overview | (label, distance, fuzzy) |
(label, dishonest) |
label |
Types | (tuple, int, bool) |
(tuple, bool) |
str |
p0f Function
The main p0f
function is used to fingerprint the OS/user application.
The function receives a Scapy
packet, and returns a TCP/HTTP match (or None if no match was found):
>>> import scapy_p0f
>>> scapy_p0f.p0f(pkt)
(("s", "unix", "Linux", "2.6.x"), 8, False)
prnp0f Function
The prnp0f
function simply calls p0f
and returns a user-friendly output, emulating the original p0f output:
>>> import scapy_p0f
>>> scapy_p0f.prnp0f(pkt)
.-[ 63.116.243.97:http -> 192.168.1.3:58816 (SYN+ACK) ]-
|
| Server = 63.116.243.97:http
| OS = Linux 2.6.x
| Distance = 8
| Raw sig = 4:56+8:0:1460:5792,5:mss,sok,ts,nop,ws:df:0
`____
fingerprint_mtu Function
The fingerprint_mtu
function fingerprints the MTU based on the maximum segment size specified in TCP options.
The function receives a Scapy
TCP packet, and returns a MTU match (or None if no match was found):
>>> import scapy_p0f
>>> scapy_p0f.fingerprint_mtu(pkt)
"Ethernet or modem"
Authors
- Itay Margolin - Nisitay
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for scapy_p0f-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 05afc97f1e0bf95f31c93bd6b0d99254bff79531ff474e87c3b8a863f35df874 |
|
MD5 | 0b4a1efecf962a5d8ab943d63382974f |
|
BLAKE2b-256 | 5172fc113d6c5da2cedebc1b30e2462e4a64416e9f1c555357445537c085b859 |