p0f v3 clone written in Python
Reason this release was yanked:
Broken reading of p0f.fp
Project description
scapy-p0f
A native implementetion of p0f v3 in Python.
scapy-p0f allows you to accurately guess the source OS or user application of a given Scapy packet with passive fingerprinting.
Usage
scapy-p0f has 3 main functions: p0f, prnp0f and fingerprint_mtu
Note: p0f v3 supports SYN/SYN+ACK and HTTP packets. If the given packet isn't valid for p0f, an exception is raised.
Fingerprint Match Format
TCP Match | HTTP Match | MTU Match | |
---|---|---|---|
Overview | (label, distance, fuzzy) |
(label, dishonest) |
label |
Types | (tuple, int, bool) |
(tuple, bool) |
str |
p0f Function
The main p0f
function is used to fingerprint the OS/user application.
The function receives a Scapy
packet, and returns a TCP/HTTP match (or None if no match was found):
>>> import scapy_p0f
>>> scapy_p0f.p0f(pkt)
(("s", "unix", "Linux", "2.6.x"), 8, False)
prnp0f Function
The prnp0f
function simply calls p0f
and returns a user-friendly output, emulating the original p0f output:
>>> import scapy_p0f
>>> scapy_p0f.prnp0f(pkt)
.-[ 63.116.243.97:http -> 192.168.1.3:58816 (SYN+ACK) ]-
|
| Server = 63.116.243.97:http
| OS = Linux 2.6.x
| Distance = 8
| Raw sig = 4:56+8:0:1460:5792,5:mss,sok,ts,nop,ws:df:0
`____
fingerprint_mtu Function
The fingerprint_mtu
function fingerprints the MTU based on the maximum segment size specified in TCP options.
The function receives a Scapy
TCP packet, and returns a MTU match (or None if no match was found):
>>> import scapy_p0f
>>> scapy_p0f.fingerprint_mtu(pkt)
"Ethernet or modem"
Authors
- Itay Margolin - Nisitay
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for scapy_p0f-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 77f29671eb858229ed6d873f6186bf84ec2ae6957c81b28e2cd676052474bf58 |
|
MD5 | 38b61e805817bf27c6bb74441f1d2dbf |
|
BLAKE2b-256 | 60ef2b405c64b78c7f1fd64068a8abef7650fb383d9b33dc67884318815e64e4 |