Tools for fingerprinting apps, services, and OSes

tate@ClearNetSec.com (Tate Hansen) — Mon, 13 Mar 2006 22:08:00 -0700

I was wondering how many different network-based fingerprinting tools are out there which use unique detection techniques. I know several commercial network scanners use Nmap, so if you decide to run Nmap by yourself and commercial tool X to see how they compare, you may (or even likely) be running the same thing. Obviously it can be a lot more helpful to have a handful of tools in which each has their own way to guess what the remote OS version is, or application version, or service. I've started to compile my own list and I haven't delved into the details of how each performs fingerprinting, but here is the list so far.

Tool	Date of last version	version	OS	Service	Protocol
nmap	Feb, 2006	4.01	yes	yes	yes
xprobe2	Feb, 2005	0.2.2	yes	no	no
p0f	Sep, 2004	2.0.6	yes	no	no
amap	Sep, 2005	5.2	no	yes	yes
nessus	Mar, 2006	3.02	yes	yes	yes
winfingerprint	Mar, 2006	0.6.x	yes	yes	yes
httprint	Dec, 2005	301	no	no	yes
queso	Aug, 1998	980922	yes	no	no
NTP-fingerprint	Feb, 2005	0.1a	yes	no	no
ike-scan	Dec, 2005	1.8	no	yes	yes
thcrut	May, 2003	1.2.5	yes	no	no
smtpmap	Dec, 2001	0.6	no	yes	no
smtpscan	May, 2003	0.5	no	yes	no
snacktime	Jun, 2003	0.5	yes	no	no
synscan	Apr, 2004	0.1	yes	no	no
telnetfp	Jan, 2001	0.1.2	yes	no	no
ldistfp	May, 2001	0.1.4	yes	no	no
telnet	N/A	N/A	yes	yes	yes
siphon	May, 2000	666	yes	no	no
ring		0.0.1
scanssh	Mar, 2005	2.1	no	yes	yes
hackbot	Dec, 2003	2.21	no	yes	yes
hping3	Nov, 2005	3.0.0	yes	no	no
induce-arp.pl	May, 2000	0.27	yes	no	no
vmap	Aug, 2003	0.6	no	yes	yes
disco	Jul, 2003	1.2	yes	no	no
k9			yes	no	no
ettercap	May, 2005	NG-0.7.3		yes
Net::SinFP	Mar, 2006	1.00	yes	no	no
Archaeopteryx	Jul, 2001	1.0	yes	no	no
iQ	Apr, 2002	0.2	yes	no	no
sprint	Mar, 2003	0.4.1	yes	no	no

ClearNet Security: Tools for fingerprinting apps, services, and OSes

Tools for fingerprinting apps, services, and OSes