Tools for fingerprinting apps, services, and OSes

Posted by Tate Hansen Tue, 14 Mar 2006 05:08:00 GMT

I was wondering how many different network-based fingerprinting tools are out there which use unique detection techniques. I know several commercial network scanners use Nmap, so if you decide to run Nmap by yourself and commercial tool X to see how they compare, you may (or even likely) be running the same thing. Obviously it can be a lot more helpful to have a handful of tools in which each has their own way to guess what the remote OS version is, or application version, or service. I've started to compile my own list and I haven't delved into the details of how each performs fingerprinting, but here is the list so far.

Tool Date of last version version OS Service Protocol
nmap Feb, 2006 4.01 yes yes yes
xprobe2 Feb, 2005 0.2.2 yes no no
p0f Sep, 2004 2.0.6 yes no no
amap Sep, 2005 5.2 no yes yes
nessus Mar, 2006 3.02 yes yes yes
winfingerprint Mar, 2006 0.6.x yes yes yes
httprint Dec, 2005 301 no no yes
queso Aug, 1998 980922 yes no no
NTP-fingerprint Feb, 2005 0.1a yes no no
ike-scan Dec, 2005 1.8 no yes yes
thcrut May, 2003 1.2.5 yes no no
smtpmap Dec, 2001 0.6 no yes no
smtpscan May, 2003 0.5 no yes no
snacktime Jun, 2003 0.5 yes no no
synscan Apr, 2004 0.1 yes no no
telnetfp Jan, 2001 0.1.2 yes no no
ldistfp May, 2001 0.1.4 yes no no
telnet N/A N/A yes yes yes
siphon May, 2000 666 yes no no
ring   0.0.1      
scanssh Mar, 2005 2.1 no yes yes
hackbot Dec, 2003 2.21 no yes yes
hping3 Nov, 2005 3.0.0 yes no no
induce-arp.pl May, 2000 0.27 yes no no
vmap Aug, 2003 0.6 no yes yes
disco Jul, 2003 1.2 yes no no
k9     yes no no
ettercap May, 2005 NG-0.7.3   yes  
Net::SinFP Mar, 2006 1.00 yes no no
Archaeopteryx Jul, 2001 1.0 yes no no
iQ Apr, 2002 0.2 yes no no
sprint Mar, 2003 0.4.1 yes no no

Tags , , ,  | no comments