From c608b64dfd3560472e1fac40ea47cb5366589b83 Mon Sep 17 00:00:00 2001 From: fyodor Date: Sat, 14 Oct 2006 06:02:43 +0000 Subject: [PATCH] Integrate the latest fingerprint submissions --- CHANGELOG | 8 ++ nmap-os-db | 278 +++++++++++++++++++++++++++++++++++++++++-- nmap.cc | 19 +-- osscan.cc | 2 +- scripts/fingerfix.cc | 4 +- scripts/fingerlib.cc | 2 +- tcpip.cc | 1 + 7 files changed, 288 insertions(+), 26 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index de5761930..8b2284e18 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,10 +11,18 @@ o Nmap gen2 OS detection used to always do 2 retries if it fails to new --max-os-tries option lets you specify a or higher maximum number of tries. +o Added --unprivileged option, which is the opposite of --privileged. + It tells Nmap to treat the user as lacking network raw socket and + sniffing privileges. This is useful for testing, debugging, or when + the raw network functionality of your operating system is somehow + broken. + o Fixed a confusing error message which occured when you specified a ping scan or list scan, but also specified -p (which is only used for port scans). Thanks to Thomas Buchanan for the patch. +o Applied some small cleanup patches from Kris Katterjohn + 4.20ALPHA8 o Integrated the newly submitted OS fingerprints. The DB now contains diff --git a/nmap-os-db b/nmap-os-db index 86f6cd08e..0b1a024ae 100644 --- a/nmap-os-db +++ b/nmap-os-db @@ -320,6 +320,22 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G) IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +Fingerprint FreeBSD 5.5-RELEASE +Class FreeBSD | FreeBSD | 5.x | general purpose +SEQ(SP=D6-F2%GCD=<7%ISR=105-10D%TI=I%II=I%SS=S%TS=7) +OPS(O1=M5B4NW1NNT11NNS%O2=M5B4NW1NNT11NNS%O3=M5B4NW1NNT11%O4=M5B4NW1NNT11NNS%O5=M5B4NW1NNT11NNS%O6=M5B4NNT11NNS) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) +ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M5B4NW1NNS%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=FFFF%S=O%A=S+%F=AS%O=M5B4NW1NNT11NNS%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + Fingerprint HP LaserJet 4250dtn printer Class HP | embedded || printer SEQ(SP=18-1A%GCD=FA00|1F400|2EE00|3E800|4E200|5DC00%ISR=9D-9F%TI=I%II=I%SS=S%TS=1) @@ -373,7 +389,7 @@ IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) # Linksys WRT54GSv4 running OpenWrt Linux kernel 2.4.30 Fingerprint Linksys WRT54GS v4 running OpenWrt w/Linux kernel 2.4.30 Class Linksys | embedded || broadband router -SEQ(SP=C5-C7%GCD=<7%ISR=CC-CE%TI=Z%II=I%TS=U) +SEQ(SP=BD-C7%GCD=<7%ISR=C2-CE%TI=Z%II=I%TS=U) OPS(O1=M5B4NNSNW0%O2=M5B4NNSNW0%O3=M5B4NW0%O4=M5B4NNSNW0%O5=M5B4NNSNW0%O6=M5B4NNS) WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0) ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=) @@ -426,7 +442,8 @@ IE(DFI=N%T=40%TG=40%TOSI=10%CD=S%SI=S%DLI=S) # Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 k6-2 i386 GNU/Linux # Linux 2.4.27-2-386 #1 i686 GNU/Linux # Linux 2.4.20-pre10-ac1 #1 SMP i686 Pentium II (Deschutes) GNU/Linux -Fingerprint Linux 2.4.20 - 2.4.31 or Linksys WRT54GL WAP (runs Linux) +# 2.4.32 i586 GNU/Linux +Fingerprint Linux 2.4.20 - 2.4.32 or Linksys WRT54GL WAP (runs Linux) Class Linux | Linux | 2.4.X | general purpose Class Linksys | Linux | 2.4.X | WAP SEQ(SP=BD-CF%GCD=<5%ISR=C4-D4%TI=Z%II=I%TS=7) @@ -443,10 +460,27 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Linux 2.6.18 (custom compiled) Debian 3.1 (sid) +Fingerprint Linux 2.6.18 +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=C7-C9%GCD=<7%ISR=C9-CB%TI=Z%II=I%TS=7) +OPS(O1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%O5=M400CST11NW6%O6=M400CST11) +WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) +ECN(R=Y%DF=Y%T=40%TG=40%W=8018%O=M400CNNSNW6%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW6%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linux 2.4.29 i686 GNU/Linux (I am using Slackware 10.1 with the default kernel) Fingerprint Linux 2.4.29 (X86) (Slackware 10.1) Class Linux | Linux | 2.4.X | general purpose -SEQ(SP=BE-CE%GCD=<7%ISR=CD-D1%TI=Z%II=I%TS=7) +SEQ(SP=BE-CE%GCD=<7%ISR=C9-D1%TI=Z%II=I%TS=7) OPS(O1=M400CST11NW0%O2=M400CST11NW0%O3=M400CNNT11NW0%O4=M400CST11NW0%O5=M400CST11NW0%O6=M400CST11) WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF) ECN(R=Y%DF=Y%T=40%TG=40%W=7FFF%O=M400CNNSNW0%CC=N%Q=) @@ -535,9 +569,10 @@ U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) # Fingerprint Linux 2.6.15-26-server #1 SMP Thu Aug 3 04:09:15 UTC 2006 i686 GNU/Linux <--> Ubuntu 6.06.01 LTS Server -Fingerprint Linux 2.6.15-26 (Ubuntu 6.06.01) +# Linux server 2.6.15-26-server #1 SMP Sat Sep 16 01:51:59 UTC 2006 i686 GNU/Linux ubuntu +Fingerprint Linux 2.6.15 (Ubuntu 6.06.01) Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=C1-C3%GCD=<7%ISR=CB-CD%TI=Z%II=I%TS=7) +SEQ(SP=C1-CF%GCD=<7%ISR=CB-CD%TI=Z%II=I%TS=7) OPS(O1=M5B4ST11NW2%O2=M5B4ST11NW2%O3=M5B4NNT11NW2%O4=M5B4ST11NW2%O5=M5B4ST11NW2%O6=M5B4ST11) WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW2%CC=N%Q=) @@ -620,9 +655,10 @@ U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) # 2.6.17-gentoo-r8 #1 SMP Fri Sep 29 16:09:18 EST 2006 i686 Intel(R) Pentium(R) III CPU family (IBM eServer x342) -Fingerprint Linux 2.6.17-gentoo-r8 (x86) +# Linux opensuse 2.6.18-rc4-jen32-bigsmp #1 SMP Tue Aug 8 11:58:49 CEST 2006 i686 athlon i386 GNU/Linux +Fingerprint Linux 2.6.17 - 2.6.18 (x86) Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=C6-C8%GCD=<7%ISR=C6-C8%TI=Z%II=I%TS=7) +SEQ(SP=C6-C8%GCD=<7%ISR=C6-DE%TI=Z%II=I%TS=7) OPS(O1=M400CST11NW7%O2=M400CST11NW7%O3=M400CNNT11NW7%O4=M400CST11NW7%O5=M400CST11NW7%O6=M400CST11) WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) ECN(R=Y%DF=Y%T=40%TG=40%W=8018%O=M400CNNSNW7%CC=N%Q=) @@ -706,10 +742,12 @@ IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) # Linux localhost 2.6.12-21mdk #1 Tue May 9 21:15:09 MDT 2006 i686 Pentium III (Katmai) unknown GNU/Linux # Linux 2.6.12-12mdksmp #1 SMP i686 Intel(R) Pentium(R) 4 CPU 3.20GHz unknown GNU/Linux # Linux 2.6.9-42.0.2.ELsmp #1 SMP Thu Aug 17 17:57:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux +# Slackware Linux 2.6.10 # Linux 2.6.12-21mdk i686 Pentium III (Katmai) +# 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux (Red Hat Enterprise Linux AS release 4 (Nahant Update 4)) Fingerprint Linux 2.6.9 - 2.6.12 Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=C6-CE%GCD=<7%ISR=C4-D2%TI=Z%II=I%TS=A) +SEQ(SP=AE-CE%GCD=<7%ISR=C4-DB%TI=Z%II=I%TS=A) OPS(O1=M400CST11NW2%O2=M400CST11NW2%O3=M400CNNT11NW2%O4=M400CST11NW2%O5=M400CST11NW2%O6=M400CST11) WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF) ECN(R=Y%DF=Y%T=40%TG=40%W=7FFF%O=M400CNNSNW2%CC=N%Q=) @@ -797,7 +835,7 @@ IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) # Windows Server 2003 - 3790.srv03_sp1_rtm.050324-1447, Service Pack 1 Fingerprint Microsoft Windows 2003 Server SP1 Class Microsoft | Windows | 2003 | general purpose -SEQ(SP=EF-F9%GCD=<7%ISR=106-10A%TI=I%II=I%SS=S%TS=0) +SEQ(SP=EF-101%GCD=<7%ISR=106-10C%TI=I%II=I%SS=S%TS=0) OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS) WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000) ECN(R=Y%DF=N%T=80%TG=80%W=4000%O=M5B4NW0NNS%CC=N%Q=) @@ -1017,3 +1055,225 @@ T6(R=N) T7(R=N) U1(DF=N%T=FE%TG=FE%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=FE%TG=FE%TOSI=S%CD=S%SI=S%DLI=S) + +# Dlink DSL-G604T ADSL/Router/Wireless Access Point - Current Firmware Version : V1.00B02T02.MA.20050303 +Fingerprint D-Link DSL-G604T ADSL router WAP, runs Linux 2.4.17 +Class D-Link | linux | 2.4.X | WAP +SEQ(SP=C2-C6%GCD=<7%ISR=C3-C9%TI=Z%II=I%TS=7) +OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) +T4(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=FF%TG=FF%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + +Fingerprint Microsoft Windows NT 4.0 SP5 +Class Microsoft | Windows | NT | general purpose +SEQ(SP=7A-7C%GCD=<7%ISR=7A-7C%TI=RD%II=RI%TS=U) +OPS(O1=|M5B4%O2=M5B4%O3=M5B4%O4=|M5B4%O5=|M5B4%O6=M5B4) +WIN(W1=2238%W2=20D0%W3=2080%W4=2180%W5=2180%W6=2017) +ECN(R=Y%DF=Y%T=80%TG=80%W=2238%O=M5B4%CC=N%Q=) +T1(R=Y%DF=Y%T=80%TG=80%S=O%A=O|S+%F=A|AS%RD=0%Q=) +T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=2017%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=) +T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S) + +# FreeNAS 0.671, OS Version: FreeBSD 6.1-STABLE (revison 199506), Platform: generic-pc on Intel Pentium III +Fingerprint FreeNAS 0.671 (runs FreeBSD 6.1-STABLE) +Class FreeBSD | FreeBSD | 6.X | general purpose +SEQ(SP=F5-F6%GCD=<7%ISR=105-107%TI=I%II=I%SS=S%TS=A) +OPS(O1=M5B4NW1NNT11SLL%O2=M5B4NW1NNT11SLL%O3=M5B4NW1NNT11%O4=M5B4NW1NNT11SLL%O5=M5B4NW1NNT11SLL%O6=M5B4NNT11SLL) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) +ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M5B4NW1SLL%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=FFFF%S=O%A=O|S+%F=AS%O=M5B4NW1NNT11SLL%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + +# Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2004 +Fingerprint Linksys BEFSR41 WAP +Class Linksys | embedded || broadband router +SEQ(SP=F-11%GCD=A|14|1E|28|32|3C%ISR=4F-51%TI=I%II=I%SS=S%TS=U) +OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) +WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0) +ECN(R=Y%DF=N%T=96%TG=96%W=16D0%O=M5B4%CC=N%Q=) +T1(R=Y%DF=N%T=96%TG=96%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=96%TG=96%W=80%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=N%T=96%TG=96%W=100%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T4(R=Y%DF=N%T=96%TG=96%W=400%S=A%A=S%F=AR%O=%RD=0%Q=) +T5(R=Y%DF=N%T=96%TG=96%W=7A69%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=96%TG=96%W=8000%S=A%A=S%F=AR%O=%RD=0%Q=) +T7(R=Y%DF=N%T=96%TG=96%W=FFFF%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=96%TG=96%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=96%TG=96%TOSI=Z%CD=S%SI=S%DLI=S) + +# Microsoft Windows 2000 Server with Service Pack 4 +Fingerprint Microsoft Windows 2000 SP4 +Class Microsoft | Windows | 2000 | general purpose +SEQ(SP=DC-E1%GCD=<7%ISR=100-104%TI=I|RD%II=I%SS=S%TS=0) +OPS(O1=NNT11|M5B4NW0NNT00NNS%O2=NNT11|M5B4NW0NNT00NNS%O3=NNT11|M5B4NW0NNT00%O4=NNT11|M5B4NW0NNT00NNS%O5=NNT11|M5B4NW0NNT00NNS%O6=NNT11|M5B4NNT00NNS) +WIN(W1=4470%W2=41A0%W3=4100%W4=40E8%W5=40E8%W6=402E) +ECN(R=Y%DF=Y%T=81%TG=81%W=4470%O=|M5B4NW0NNS%CC=N%Q=) +T1(R=Y%DF=Y%T=81%TG=81%S=O%A=O|S+%F=A|AS%RD=0%Q=) +T2(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=81%TG=81%W=402E%S=O%A=O|S+%F=A|AS%O=NNT11|M5B4NW0NNT00NNS%RD=0%Q=) +T4(R=Y%DF=N%T=81%TG=81%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=81%TG=81%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=81%TG=81%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=81%TG=81%TOSI=Z%CD=Z%SI=S%DLI=S) + +# Blue Coat proxy server running SGOS 4.1.3.1, release 24075 +Fingerprint Blue Coat proxy server running SGOS 4.1.3.1 +Class Blue Coat | SGOS || web proxy +SEQ(SP=A0-B1%GCD=<7%ISR=A5-B6%TI=RD%II=%TS=1) +OPS(O1=M5B4NW0NNT11%O2=M578NW0NNT11%O3=M280NW0NNT11%O4=M5B4NW0NNT11%O5=M218NW0NNT11%O6=M109NNT11) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) +ECN(R=Y%DF=N%T=40%TG=40%W=FFFF%O=M5B4NW0%CC=N%Q=) +T1(R=Y%DF=N%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=15C%RID=1042%RIPCK=Z%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + +# DD-WRT is a firmware that can run on many types of routers. The +# router I am running it on is Linksys WRT54G Linux version +# 2.4.34-pre2 (root@linux) (gcc version 3.4.6 (OpenWrt-2.0)) #175 Fri +# Sep 15 20:41:52 CEST 2006 +Fingerprint Linksys 2.4.34-pre2 running DD-WRT v23 distribution on Linksys WRT54G WAP +Class Linux | Linux | 2.4.X | WAP +SEQ(SP=B5-BF%GCD=<7%ISR=C6-D0%TI=Z%II=I%TS=7) +OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=Y%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + +# Cisco WS-C3750G-48TS-S Version 12.2(25r)SE1 +Fingerprint Cisco Catalyst 3750 switch, IOS 12.2 +Class Cisco | IOS | 12.X | switch +SEQ(SP=F0-FA%GCD=<7%ISR=107-111%TI=Z%II=RI%TS=U) +OPS(O1=|M218%O2=|M218%O3=|M218%O4=|M218%O5=|M218%O6=|M109) +WIN(W1=1020%W2=1020%W3=1020%W4=1020%W5=1020%W6=1020) +ECN(R=Y%DF=N%T=100%TG=100%W=1020%O=|M218%CC=N%Q=) +T1(R=Y%DF=N%T=100%TG=100%S=O%A=O|S+%F=A|AS%RD=0%Q=) +T2(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=N%T=100%TG=100%W=1020%S=O%A=O|S+%F=A|AS%O=|M218%RD=0%Q=) +T4(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=100%TG=100%TOS=C0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=100%TG=100%TOSI=S%CD=S%SI=S%DLI=S) + +# OKI Network Printer OKI-C5600-340179 +Fingerprint OKI C5600 color laser network printer +Class Oki | embedded || printer +SEQ(SP=F7-101%GCD=<7%ISR=107-111%TI=I%II=I%SS=S%TS=5|6) +OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11) +WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) +ECN(R=Y%DF=Y%T=3F%TG=3F%W=8000%O=M5B4NW0%CC=N%Q=) +T1(R=Y%DF=Y%T=3F%TG=3F%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=3F%TG=3F%W=8000%S=O%A=S+%F=AS%O=M5B4NW0NNT11%RD=0%Q=) +T4(R=Y%DF=N%T=3F%TG=3F%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=3F%TG=3F%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=3F%TG=3F%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=3F%TG=3F%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=3F%TG=3F%TOS=0%IPL=70%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=3F%TG=3F%TOSI=S%CD=S%SI=S%DLI=S) + +Fingerprint OpenBSD 4.0 (CURRENT) macppc +Class OpenBSD | OpenBSD | 4.X | general purpose +SEQ(SP=E5-F7%GCD=<7%ISR=101-10B%TI=RD%II=I|RI%TS=21|22) +OPS(O1=M5B4NNSNW0NNT11%O2=M5B4NNSNW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NNSNW0NNT11%O5=M5B4NNSNW0NNT11%O6=M5B4NNSNNT11) +WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000) +ECN(R=Y%DF=Y%T=40%TG=40%W=4000%O=M5B4NNSNW0%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=N) +U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + +# Windows 2000 Advanced Server with SP4 and latest Windows Update patches as of September 8, 2006 +Fingerprint Microsoft Windows 2000 AS SP4 +Class Microsoft | Windows | 2000 | general purpose +SEQ(SP=EF-F9%GCD=<7%ISR=107-111%TI=I%II=I%SS=S%TS=U) +OPS(O1=M5B4NW0NNS%O2=M5B4NW0NNS%O3=M5B4NW0%O4=M5B4NW0NNS%O5=M5B4NW0NNS%O6=M5B4NNS) +WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF) +ECN(R=Y%DF=Y%T=80%TG=80%W=7FFF%O=M5B4NW0NNS%CC=N%Q=) +T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=7FFF%S=O%A=S+%F=AS%O=M5B4NW0NNS%RD=0%Q=) +T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) + +# Linux 2.6.18-ARCH #1 SMP PREEMPT +Fingerprint Linux 2.6.18 (SMP) +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=C0-CA%GCD=<7%ISR=C7-D1%TI=Z%II=I%TS=A) +OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11) +WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB) +ECN(R=Y%DF=Y%T=40%TG=40%W=FFD7%O=MFFD7NNSNW7%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=FFCB%S=O%A=S+%F=AS%O=MFFD7ST11NW7%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + +# Linux 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006 i686 i686 i386 GNU/Linux +Fingerprint Linux 2.6.9-42.(X86, SMP) +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=C7-D1%GCD=<7%ISR=CB-D5%TI=Z%II=I%TS=A) +OPS(O1=M5B4ST11NW2%O2=M5B4ST11NW2%O3=M5B4NNT11NW2%O4=M5B4ST11NW2%O5=M5B4ST11NW2%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW2%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW2%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=Z%CD=S%SI=S%DLI=S) diff --git a/nmap.cc b/nmap.cc index c7cce1d00..3052f9199 100644 --- a/nmap.cc +++ b/nmap.cc @@ -273,6 +273,7 @@ printf("%s %s ( %s )\n" " --datadir : Specify custom Nmap data file location\n" " --send-eth/--send-ip: Send using raw ethernet frames or IP packets\n" " --privileged: Assume that the user is fully privileged\n" + " --unprivileged: Assume the user lacks raw socket privileges\n" " -V: Print version number\n" " -h: Print this help summary page.\n" "EXAMPLES:\n" @@ -525,7 +526,7 @@ int nmap_main(int argc, char *argv[]) { {"oS", required_argument, 0, 0}, {"oH", required_argument, 0, 0}, {"oX", required_argument, 0, 0}, - {"iL", required_argument, 0, 0}, + {"iL", required_argument, 0, 'i'}, {"iR", required_argument, 0, 0}, {"sI", required_argument, 0, 0}, {"source_port", required_argument, 0, 'g'}, @@ -555,6 +556,7 @@ int nmap_main(int argc, char *argv[]) { {"vv", no_argument, 0, 0}, {"ff", no_argument, 0, 0}, {"privileged", no_argument, 0, 0}, + {"unprivileged", no_argument, 0, 0}, {"mtu", required_argument, 0, 0}, {"append_output", no_argument, 0, 0}, {"append-output", no_argument, 0, 0}, @@ -764,19 +766,6 @@ int nmap_main(int argc, char *argv[]) { exit(0); } else if (strcmp(long_options[option_index].name, "badsum") == 0) { o.badsum = 1; - } - else if (strcmp(long_options[option_index].name, "iL") == 0) { - if (inputfd) { - fatal("Only one input filename allowed"); - } - if (!strcmp(optarg, "-")) { - inputfd = stdin; - } else { - inputfd = fopen(optarg, "r"); - if (!inputfd) { - fatal("Failed to open input file %s for reading", optarg); - } - } } else if (strcmp(long_options[option_index].name, "iR") == 0) { o.generate_random_ips = 1; o.max_ips_to_scan = strtoul(optarg, &endptr, 10); @@ -793,6 +782,8 @@ int nmap_main(int argc, char *argv[]) { o.fragscan += 16; } else if (strcmp(long_options[option_index].name, "privileged") == 0) { o.isr00t = 1; + } else if (strcmp(long_options[option_index].name, "unprivileged") == 0) { + o.isr00t = 0; } else if (strcmp(long_options[option_index].name, "mtu") == 0) { o.fragscan = atoi(optarg); if (o.fragscan <= 0 || o.fragscan % 8 != 0) diff --git a/osscan.cc b/osscan.cc index b9fddb667..2100e93f0 100644 --- a/osscan.cc +++ b/osscan.cc @@ -1270,7 +1270,7 @@ static int AVal_match(struct AVal *reference, struct AVal *fprint, struct AVal * return 0; } if (verbose) - printf("%s.%s: \"%s\" NOMATCH \"%s\" (%d point%s)\n", testGroupName, + printf("%s.%s: \"%s\" NOMATCH \"%s\" (%d %s)\n", testGroupName, current_ref->attribute, current_fp->value, current_ref->value, pointsThisTest, (pointsThisTest == 1)? "point" : "points"); } else subtests_succeeded += pointsThisTest; diff --git a/scripts/fingerfix.cc b/scripts/fingerfix.cc index 2af5b72a8..f61792521 100644 --- a/scripts/fingerfix.cc +++ b/scripts/fingerfix.cc @@ -280,7 +280,9 @@ static void merge_sp_or_isr(struct AVal *result, char values[][AVLEN], int num) printf("[WARN] Zero value occurs in attribute SEQ.%s. A constant ISN sequence?\n", result->attribute); } if(i == 0) { - low = high = val1; + /* Start it out with a variance of five in each direction */ + low = MAX(0, val1 - 5); + high = val1 + 5; } else { if(low == high && val1 != low) { // expand it in both directions diff --git a/scripts/fingerlib.cc b/scripts/fingerlib.cc index 197e55c98..7b0a8bf36 100644 --- a/scripts/fingerlib.cc +++ b/scripts/fingerlib.cc @@ -126,7 +126,7 @@ static int checkFP(char *FP) { } else { tmp = *(p+3); if(tmp != 'Y') { - printf("[WARN] One fingerprint is not good\n"); + printf("[WARN] One fingerprint is NOT GOOD (G=N)\n"); founderr = true; } } diff --git a/tcpip.cc b/tcpip.cc index fde44eca5..4f234c30f 100644 --- a/tcpip.cc +++ b/tcpip.cc @@ -904,6 +904,7 @@ naming system. So the conversion is done here */ fatal("Call to pcap_open_live(%s, %d, %d, %d) failed three times. Reported error: %s\nThere are several possible reasons for this, depending on your operating system:\n" "LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled.\n" "*BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV ; or use mknod).\n" + "*WINDOWS: Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2. Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n" "SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-P0 -sT localhost\" though.\n\n", pcapdev, snaplen, promisc, to_ms, err0r); } else { error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s. Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5.0, failed));