NAME

sinfp3.pl - more than a passive and active OS fingerprinting tool

SYNOPSIS

o Information about signature database updates and more:
o https://www.secure-side.com/lists/mailman/listinfo/sinfp

sinfp3.pl [options] -target ip|ip6|hostname -port port|portList

Examples:

# Single port active fingerprinting
sinfp3.pl -target example.com -port 80 -input-ipport -verbose 1

# Single port IPv6 active fingerprinting
sinfp3.pl -target example.com -port 80 -input-ipport -verbose 1 -6

# SynScan active fingerprinting of a single target
sinfp3.pl -target example.com -port top100 -verbose 1

# SynScan IPv6 active fingerprinting of a single target
sinfp3.pl -target example.com -port top100 -verbose 1 -6

# SynScan active fingerprinting of a target subnet
sinfp3.pl -target 192.0.43.0/24 -port top100 -verbose 1

# Passive fingerprinting
sinfp3.pl -mode-passive -search-active -input-sniff -verbose 1

# Passive IPv6 fingerprinting
sinfp3.pl -mode-passive -search-active -input-sniff -verbose 1 -6

# Active fingerprinting of LAN
sinfp3.pl -input-arpdiscovery -verbose 1

# Active fingerprinting of IPv6 LAN
sinfp3.pl -input-arpdiscovery -verbose 1 -6

# Simply SynScan the target
sinfp3.pl -target example.com -port full -mode-null -search-null -db-null -verbose 1

OPTIONS

Global:
-version

Print sinfp3.pl version.

-help

This help message.

-target ip|ip6|hostname

Target. This is used to auto-detect some global parameters like device or ip.

-port port|portList|top10|top100|top1000|all

Target port. Default for top10 ports for plugins able to handle multiple ports. This format is documented in `perldoc Net::SinFP3::Global' expandPorts method.

-port-src port

Source port to use. Not supported by all plugins.

-6

Use IPv6 fingerprinting where available. Default to off.

-jobs number

Maximum number of jobs in parallel. Default: 10.

-dns-resolve

Do DNS resolution for target. Default to yes.

-dns-reverse

Do a reverse DNS lookup for targets. Default to no.

-device name

Network device to use. Default to auto-detect.

-thread

Use threaded worker model (discouraged). Fork is used by default (and in Perl, it is better than ithreads).

-retry times

Re-launch probes specified number of time. Default: 3.

-timeout seconds

Time in seconds before timing out. Default: 3.

-pps number

Number of packet per seconds. Default: 200.

-ip-src ip

The source IPv4 address to use. Default to auto-detect.

-ip6-src ip6

The source IPv6 address to use. Default to auto-detect.

-mac-src mac

The source MAC address to use. Default to auto-detect.

-subnet-src subnet

The source IPv4 subnet address to use. Default to auto-detect.

-subnet6-src subnet

The source IPv6 subnet address to use. Default to auto-detect.

-ip-gateway ip

The gateway IPv4 address to use. Default to auto-detect.

-ip6-gateway ip6

The gateway IPv6 address to use. Default to auto-detect.

-mac-gateway mac

The gateway MAC address to use. Default to auto-detect.

-verbose level

Use the following verbose level number. Between 0 and 3, from the less verbose to the most verbose. Default to 1.

-threshold score

Use the specified threshold for plugins supporting it. Default to no threshold (0).

-best-score

Only gather results for the best matches. Default to not.

Manually select all plugins and their options:
-input plugin

Use specified plugin for input. Default input plugin is Net::SinFP3::Input::SynScan.

-input-arg plugin-arg

Parameter to the specified input plugin. Must use multiple times to give multiple parameters.

-db plugin

Use specified plugin for db. Default DB plugin is Net::SinFP3::DB::SinFP3. Example: "sinfp3.pl -db SinFP3 -db-arg file=sinfp3.db".

-db-arg plugin-arg

Parameter to the specified db plugin. Must use multiple times to give multiple parameters.

-mode plugin

Use specified plugin for mode. Default mode plugin is Net::SinFP3::Mode::Active.

-mode-arg plugin-arg

Parameter to the specified mode plugin. Must use multiple times to give multiple parameters.

-search plugin

Use specified plugin for search. Default search plugin is Net::SinFP3::Search::Active.

-search-arg plugin-arg

Parameter to the specified search plugin. Must use multiple times to give multiple parameters.

-output plugin

Use specified plugin for output. Default output plugin is Net::SinFP3::Output::Console.

-output-arg plugin-arg

Parameter to the specified output plugin. Must use multiple times to give multiple parameters.

Plugin loading options:
input-null

Turn off input plugin.

input-arpdiscover

Use ARP scanning on the local subnet to discover targets. Works also with -6 argument.

input-pcap

Take a pcap file (or files) as input.

input-synscan

Perform a TCP SYN scan to find open ports. Default plugin.

input-ipport

Use only target IP or hostname and one port.

input-sniff

Listen on the network to capture frames.

input-signature

Will ask the end-user to past an active signature as a string.

input-signaturep

Will ask the end-user to past a passive signature as a string.

mode-null

Turn off mode plugin.

mode-active

Run using active plugin. This does active OS fingerprinting via SinFP3 engine.

mode-passive

Run using passive plugin. This does passive OS fingerprinting via SinFP3 engine.

db-null

Turn off DB plugin.

db-sinfp3

Use Net::SinFP3::DB::SinFP3 database plugin. Default plugin.

search-null

Turn off search plugin.

search-active

Perform a search through a database in active mode. Default plugin.

search-passive

Perform a search through a database in passive mode.

log-null

Turn off log plugin.

log-console

Log messages to the console. Default plugin.

output-null

Turn off output plugin.

output-console

Render output to the console. Default plugin.

output-dumper

Prints a dump to the console.

output-osonly

Only outputs operating system, and not full details of the fingerprint.

output-osversionfamily

Only outputs operating system and its version family, and not full details of the fingerprint.

output-pcap

Saves a trace to a pcap file. You can reply it afterwards using Net::SinFP3::Input::Pcap.

output-csv

Saves fingerprinting results a csv file. You can use -csv-file to choose the output file.

output-ubigraph

Takes a CSV file and display results using Ubigraph. You must use a CSV file as generated by Net::SinFP3::Output::CSV. You can use -csv-file to choose the input file.

Plugin specific options:
-db-update

Will update the database for the selected Net::SinFP3::DB plugin.

-db-file file

Database file to use. Default is plugin dependant.

-sniff-promiscuous

Use promiscuous mode while sniffing. Default to true.

-pcap-anonymize

Replaces IP source and destination addresses (and update IP/TCP checksums) to anonymize a pcap output. Default to not.

-pcap-append

Append to an already existing pcap file. Default to not.

-pcap-filter pcap

Use specified pcap filter. Use it where available.

-csv-file file

Use input taken from specified CSV file.

-pcap-file file|fileList

Use input taken from specified pcap file or fileList. FileList uses Perl glob function.

-active-3

Run all probes in active mode (default).

-active-2

Run only probes P1 and P2 in active mode (stealthier).

-active-1

Run only probe P2 in active mode (even stealthier).