PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Integrate the latest fingerprint submissions

Browse Source
This commit is contained in:
fyodor
2006-10-14 06:02:43 +00:00
parent e4ee4d5e4c
commit c608b64dfd
7 changed files with 288 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -11,10 +11,18 @@ o Nmap gen2 OS detection used to always do 2 retries if it fails to
new --max-os-tries option lets you specify a or higher maximum
number of tries.
o Added --unprivileged option, which is the opposite of --privileged.
It tells Nmap to treat the user as lacking network raw socket and
sniffing privileges. This is useful for testing, debugging, or when
the raw network functionality of your operating system is somehow
broken.
o Fixed a confusing error message which occured when you specified a
ping scan or list scan, but also specified -p (which is only used for
port scans). Thanks to Thomas Buchanan for the patch.
o Applied some small cleanup patches from Kris Katterjohn
4.20ALPHA8
o Integrated the newly submitted OS fingerprints. The DB now contains

278
nmap-os-db
View File

@@ -320,6 +320,22 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G)
IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
Fingerprint FreeBSD 5.5-RELEASE
Class FreeBSD | FreeBSD | 5.x | general purpose
SEQ(SP=D6-F2%GCD=<7%ISR=105-10D%TI=I%II=I%SS=S%TS=7)
OPS(O1=M5B4NW1NNT11NNS%O2=M5B4NW1NNT11NNS%O3=M5B4NW1NNT11%O4=M5B4NW1NNT11NNS%O5=M5B4NW1NNT11NNS%O6=M5B4NNT11NNS)
WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M5B4NW1NNS%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=FFFF%S=O%A=S+%F=AS%O=M5B4NW1NNT11NNS%RD=0%Q=)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G)
IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
Fingerprint HP LaserJet 4250dtn printer
Class HP | embedded || printer
SEQ(SP=18-1A%GCD=FA00|1F400|2EE00|3E800|4E200|5DC00%ISR=9D-9F%TI=I%II=I%SS=S%TS=1)
@@ -373,7 +389,7 @@ IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Linksys WRT54GSv4 running OpenWrt Linux kernel 2.4.30
Fingerprint Linksys WRT54GS v4 running OpenWrt w/Linux kernel 2.4.30
Class Linksys | embedded || broadband router
SEQ(SP=C5-C7%GCD=<7%ISR=CC-CE%TI=Z%II=I%TS=U)
SEQ(SP=BD-C7%GCD=<7%ISR=C2-CE%TI=Z%II=I%TS=U)
OPS(O1=M5B4NNSNW0%O2=M5B4NNSNW0%O3=M5B4NW0%O4=M5B4NNSNW0%O5=M5B4NNSNW0%O6=M5B4NNS)
WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0)
ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=)
@@ -426,7 +442,8 @@ IE(DFI=N%T=40%TG=40%TOSI=10%CD=S%SI=S%DLI=S)
# Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 k6-2 i386 GNU/Linux
# Linux 2.4.27-2-386 #1 i686 GNU/Linux
# Linux 2.4.20-pre10-ac1 #1 SMP i686 Pentium II (Deschutes) GNU/Linux
Fingerprint Linux 2.4.20 - 2.4.31 or Linksys WRT54GL WAP (runs Linux)
# 2.4.32 i586 GNU/Linux
Fingerprint Linux 2.4.20 - 2.4.32 or Linksys WRT54GL WAP (runs Linux)
Class Linux | Linux | 2.4.X | general purpose
Class Linksys | Linux | 2.4.X | WAP
SEQ(SP=BD-CF%GCD=<5%ISR=C4-D4%TI=Z%II=I%TS=7)
@@ -443,10 +460,27 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Linux 2.6.18 (custom compiled) Debian 3.1 (sid)
Fingerprint Linux 2.6.18
Class Linux | Linux | 2.6.X | general purpose
SEQ(SP=C7-C9%GCD=<7%ISR=C9-CB%TI=Z%II=I%TS=7)
OPS(O1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%O5=M400CST11NW6%O6=M400CST11)
WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)
ECN(R=Y%DF=Y%T=40%TG=40%W=8018%O=M400CNNSNW6%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW6%RD=0%Q=)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Linux 2.4.29 i686 GNU/Linux (I am using Slackware 10.1 with the default kernel)
Fingerprint Linux 2.4.29 (X86) (Slackware 10.1)
Class Linux | Linux | 2.4.X | general purpose
SEQ(SP=BE-CE%GCD=<7%ISR=CD-D1%TI=Z%II=I%TS=7)
SEQ(SP=BE-CE%GCD=<7%ISR=C9-D1%TI=Z%II=I%TS=7)
OPS(O1=M400CST11NW0%O2=M400CST11NW0%O3=M400CNNT11NW0%O4=M400CST11NW0%O5=M400CST11NW0%O6=M400CST11)
WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF)
ECN(R=Y%DF=Y%T=40%TG=40%W=7FFF%O=M400CNNSNW0%CC=N%Q=)
@@ -535,9 +569,10 @@ U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Fingerprint Linux 2.6.15-26-server #1 SMP Thu Aug 3 04:09:15 UTC 2006 i686 GNU/Linux <--> Ubuntu 6.06.01 LTS Server
Fingerprint Linux 2.6.15-26 (Ubuntu 6.06.01)
# Linux server 2.6.15-26-server #1 SMP Sat Sep 16 01:51:59 UTC 2006 i686 GNU/Linux ubuntu
Fingerprint Linux 2.6.15 (Ubuntu 6.06.01)
Class Linux | Linux | 2.6.X | general purpose
SEQ(SP=C1-C3%GCD=<7%ISR=CB-CD%TI=Z%II=I%TS=7)
SEQ(SP=C1-CF%GCD=<7%ISR=CB-CD%TI=Z%II=I%TS=7)
OPS(O1=M5B4ST11NW2%O2=M5B4ST11NW2%O3=M5B4NNT11NW2%O4=M5B4ST11NW2%O5=M5B4ST11NW2%O6=M5B4ST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW2%CC=N%Q=)
@@ -620,9 +655,10 @@ U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# 2.6.17-gentoo-r8 #1 SMP Fri Sep 29 16:09:18 EST 2006 i686 Intel(R) Pentium(R) III CPU family (IBM eServer x342)
Fingerprint Linux 2.6.17-gentoo-r8 (x86)
# Linux opensuse 2.6.18-rc4-jen32-bigsmp #1 SMP Tue Aug 8 11:58:49 CEST 2006 i686 athlon i386 GNU/Linux
Fingerprint Linux 2.6.17 - 2.6.18 (x86)
Class Linux | Linux | 2.6.X | general purpose
SEQ(SP=C6-C8%GCD=<7%ISR=C6-C8%TI=Z%II=I%TS=7)
SEQ(SP=C6-C8%GCD=<7%ISR=C6-DE%TI=Z%II=I%TS=7)
OPS(O1=M400CST11NW7%O2=M400CST11NW7%O3=M400CNNT11NW7%O4=M400CST11NW7%O5=M400CST11NW7%O6=M400CST11)
WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)
ECN(R=Y%DF=Y%T=40%TG=40%W=8018%O=M400CNNSNW7%CC=N%Q=)
@@ -706,10 +742,12 @@ IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Linux localhost 2.6.12-21mdk #1 Tue May 9 21:15:09 MDT 2006 i686 Pentium III (Katmai) unknown GNU/Linux
# Linux 2.6.12-12mdksmp #1 SMP i686 Intel(R) Pentium(R) 4 CPU 3.20GHz unknown GNU/Linux
# Linux 2.6.9-42.0.2.ELsmp #1 SMP Thu Aug 17 17:57:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux
# Slackware Linux 2.6.10
# Linux 2.6.12-21mdk i686 Pentium III (Katmai)
# 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux (Red Hat Enterprise Linux AS release 4 (Nahant Update 4))
Fingerprint Linux 2.6.9 - 2.6.12
Class Linux | Linux | 2.6.X | general purpose
SEQ(SP=C6-CE%GCD=<7%ISR=C4-D2%TI=Z%II=I%TS=A)
SEQ(SP=AE-CE%GCD=<7%ISR=C4-DB%TI=Z%II=I%TS=A)
OPS(O1=M400CST11NW2%O2=M400CST11NW2%O3=M400CNNT11NW2%O4=M400CST11NW2%O5=M400CST11NW2%O6=M400CST11)
WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF)
ECN(R=Y%DF=Y%T=40%TG=40%W=7FFF%O=M400CNNSNW2%CC=N%Q=)
@@ -797,7 +835,7 @@ IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
# Windows Server 2003 - 3790.srv03_sp1_rtm.050324-1447, Service Pack 1
Fingerprint Microsoft Windows 2003 Server SP1
Class Microsoft | Windows | 2003 | general purpose
SEQ(SP=EF-F9%GCD=<7%ISR=106-10A%TI=I%II=I%SS=S%TS=0)
SEQ(SP=EF-101%GCD=<7%ISR=106-10C%TI=I%II=I%SS=S%TS=0)
OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)
WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)
ECN(R=Y%DF=N%T=80%TG=80%W=4000%O=M5B4NW0NNS%CC=N%Q=)
@@ -1017,3 +1055,225 @@ T6(R=N)
T7(R=N)
U1(DF=N%T=FE%TG=FE%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=FE%TG=FE%TOSI=S%CD=S%SI=S%DLI=S)
# Dlink DSL-G604T ADSL/Router/Wireless Access Point - Current Firmware Version : V1.00B02T02.MA.20050303
Fingerprint D-Link DSL-G604T ADSL router WAP, runs Linux 2.4.17
Class D-Link | linux | 2.4.X | WAP
SEQ(SP=C2-C6%GCD=<7%ISR=C3-C9%TI=Z%II=I%TS=7)
OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=)
T4(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=FF%TG=FF%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
Fingerprint Microsoft Windows NT 4.0 SP5
Class Microsoft | Windows | NT | general purpose
SEQ(SP=7A-7C%GCD=<7%ISR=7A-7C%TI=RD%II=RI%TS=U)
OPS(O1=|M5B4%O2=M5B4%O3=M5B4%O4=|M5B4%O5=|M5B4%O6=M5B4)
WIN(W1=2238%W2=20D0%W3=2080%W4=2180%W5=2180%W6=2017)
ECN(R=Y%DF=Y%T=80%TG=80%W=2238%O=M5B4%CC=N%Q=)
T1(R=Y%DF=Y%T=80%TG=80%S=O%A=O|S+%F=A|AS%RD=0%Q=)
T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=Y%T=80%TG=80%W=2017%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=)
T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S)
# FreeNAS 0.671, OS Version: FreeBSD 6.1-STABLE (revison 199506), Platform: generic-pc on Intel Pentium III
Fingerprint FreeNAS 0.671 (runs FreeBSD 6.1-STABLE)
Class FreeBSD | FreeBSD | 6.X | general purpose
SEQ(SP=F5-F6%GCD=<7%ISR=105-107%TI=I%II=I%SS=S%TS=A)
OPS(O1=M5B4NW1NNT11SLL%O2=M5B4NW1NNT11SLL%O3=M5B4NW1NNT11%O4=M5B4NW1NNT11SLL%O5=M5B4NW1NNT11SLL%O6=M5B4NNT11SLL)
WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M5B4NW1SLL%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=FFFF%S=O%A=O|S+%F=AS%O=M5B4NW1NNT11SLL%RD=0%Q=)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G)
IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2004
Fingerprint Linksys BEFSR41 WAP
Class Linksys | embedded || broadband router
SEQ(SP=F-11%GCD=A|14|1E|28|32|3C%ISR=4F-51%TI=I%II=I%SS=S%TS=U)
OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4)
WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0)
ECN(R=Y%DF=N%T=96%TG=96%W=16D0%O=M5B4%CC=N%Q=)
T1(R=Y%DF=N%T=96%TG=96%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=Y%DF=N%T=96%TG=96%W=80%S=Z%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=N%T=96%TG=96%W=100%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T4(R=Y%DF=N%T=96%TG=96%W=400%S=A%A=S%F=AR%O=%RD=0%Q=)
T5(R=Y%DF=N%T=96%TG=96%W=7A69%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=96%TG=96%W=8000%S=A%A=S%F=AR%O=%RD=0%Q=)
T7(R=Y%DF=N%T=96%TG=96%W=FFFF%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=96%TG=96%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=96%TG=96%TOSI=Z%CD=S%SI=S%DLI=S)
# Microsoft Windows 2000 Server with Service Pack 4
Fingerprint Microsoft Windows 2000 SP4
Class Microsoft | Windows | 2000 | general purpose
SEQ(SP=DC-E1%GCD=<7%ISR=100-104%TI=I|RD%II=I%SS=S%TS=0)
OPS(O1=NNT11|M5B4NW0NNT00NNS%O2=NNT11|M5B4NW0NNT00NNS%O3=NNT11|M5B4NW0NNT00%O4=NNT11|M5B4NW0NNT00NNS%O5=NNT11|M5B4NW0NNT00NNS%O6=NNT11|M5B4NNT00NNS)
WIN(W1=4470%W2=41A0%W3=4100%W4=40E8%W5=40E8%W6=402E)
ECN(R=Y%DF=Y%T=81%TG=81%W=4470%O=|M5B4NW0NNS%CC=N%Q=)
T1(R=Y%DF=Y%T=81%TG=81%S=O%A=O|S+%F=A|AS%RD=0%Q=)
T2(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=Y%T=81%TG=81%W=402E%S=O%A=O|S+%F=A|AS%O=NNT11|M5B4NW0NNT00NNS%RD=0%Q=)
T4(R=Y%DF=N%T=81%TG=81%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=81%TG=81%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=81%TG=81%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=S%T=81%TG=81%TOSI=Z%CD=Z%SI=S%DLI=S)
# Blue Coat proxy server running SGOS 4.1.3.1, release 24075
Fingerprint Blue Coat proxy server running SGOS 4.1.3.1
Class Blue Coat | SGOS || web proxy
SEQ(SP=A0-B1%GCD=<7%ISR=A5-B6%TI=RD%II=%TS=1)
OPS(O1=M5B4NW0NNT11%O2=M578NW0NNT11%O3=M280NW0NNT11%O4=M5B4NW0NNT11%O5=M218NW0NNT11%O6=M109NNT11)
WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)
ECN(R=Y%DF=N%T=40%TG=40%W=FFFF%O=M5B4NW0%CC=N%Q=)
T1(R=Y%DF=N%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=15C%RID=1042%RIPCK=Z%RUCK=0%RUL=G%RUD=G)
IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
# DD-WRT is a firmware that can run on many types of routers. The
# router I am running it on is Linksys WRT54G Linux version
# 2.4.34-pre2 (root@linux) (gcc version 3.4.6 (OpenWrt-2.0)) #175 Fri
# Sep 15 20:41:52 CEST 2006
Fingerprint Linksys 2.4.34-pre2 running DD-WRT v23 distribution on Linksys WRT54G WAP
Class Linux | Linux | 2.4.X | WAP
SEQ(SP=B5-BF%GCD=<7%ISR=C6-D0%TI=Z%II=I%TS=7)
OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=Y%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Cisco WS-C3750G-48TS-S Version 12.2(25r)SE1
Fingerprint Cisco Catalyst 3750 switch, IOS 12.2
Class Cisco | IOS | 12.X | switch
SEQ(SP=F0-FA%GCD=<7%ISR=107-111%TI=Z%II=RI%TS=U)
OPS(O1=|M218%O2=|M218%O3=|M218%O4=|M218%O5=|M218%O6=|M109)
WIN(W1=1020%W2=1020%W3=1020%W4=1020%W5=1020%W6=1020)
ECN(R=Y%DF=N%T=100%TG=100%W=1020%O=|M218%CC=N%Q=)
T1(R=Y%DF=N%T=100%TG=100%S=O%A=O|S+%F=A|AS%RD=0%Q=)
T2(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=N%T=100%TG=100%W=1020%S=O%A=O|S+%F=A|AS%O=|M218%RD=0%Q=)
T4(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=100%TG=100%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=100%TG=100%TOS=C0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=S%T=100%TG=100%TOSI=S%CD=S%SI=S%DLI=S)
# OKI Network Printer OKI-C5600-340179
Fingerprint OKI C5600 color laser network printer
Class Oki | embedded || printer
SEQ(SP=F7-101%GCD=<7%ISR=107-111%TI=I%II=I%SS=S%TS=5|6)
OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11)
WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)
ECN(R=Y%DF=Y%T=3F%TG=3F%W=8000%O=M5B4NW0%CC=N%Q=)
T1(R=Y%DF=Y%T=3F%TG=3F%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=3F%TG=3F%W=8000%S=O%A=S+%F=AS%O=M5B4NW0NNT11%RD=0%Q=)
T4(R=Y%DF=N%T=3F%TG=3F%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=3F%TG=3F%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=3F%TG=3F%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=3F%TG=3F%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=3F%TG=3F%TOS=0%IPL=70%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G)
IE(DFI=S%T=3F%TG=3F%TOSI=S%CD=S%SI=S%DLI=S)
Fingerprint OpenBSD 4.0 (CURRENT) macppc
Class OpenBSD | OpenBSD | 4.X | general purpose
SEQ(SP=E5-F7%GCD=<7%ISR=101-10B%TI=RD%II=I|RI%TS=21|22)
OPS(O1=M5B4NNSNW0NNT11%O2=M5B4NNSNW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NNSNW0NNT11%O5=M5B4NNSNW0NNT11%O6=M5B4NNSNNT11)
WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)
ECN(R=Y%DF=Y%T=40%TG=40%W=4000%O=M5B4NNSNW0%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=N)
U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S)
# Windows 2000 Advanced Server with SP4 and latest Windows Update patches as of September 8, 2006
Fingerprint Microsoft Windows 2000 AS SP4
Class Microsoft | Windows | 2000 | general purpose
SEQ(SP=EF-F9%GCD=<7%ISR=107-111%TI=I%II=I%SS=S%TS=U)
OPS(O1=M5B4NW0NNS%O2=M5B4NW0NNS%O3=M5B4NW0%O4=M5B4NW0NNS%O5=M5B4NW0NNS%O6=M5B4NNS)
WIN(W1=7FFF%W2=7FFF%W3=7FFF%W4=7FFF%W5=7FFF%W6=7FFF)
ECN(R=Y%DF=Y%T=80%TG=80%W=7FFF%O=M5B4NW0NNS%CC=N%Q=)
T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=Y%T=80%TG=80%W=7FFF%S=O%A=S+%F=AS%O=M5B4NW0NNS%RD=0%Q=)
T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
# Linux 2.6.18-ARCH #1 SMP PREEMPT
Fingerprint Linux 2.6.18 (SMP)
Class Linux | Linux | 2.6.X | general purpose
SEQ(SP=C0-CA%GCD=<7%ISR=C7-D1%TI=Z%II=I%TS=A)
OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)
WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB)
ECN(R=Y%DF=Y%T=40%TG=40%W=FFD7%O=MFFD7NNSNW7%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=FFCB%S=O%A=S+%F=AS%O=MFFD7ST11NW7%RD=0%Q=)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
# Linux 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006 i686 i686 i386 GNU/Linux
Fingerprint Linux 2.6.9-42.(X86, SMP)
Class Linux | Linux | 2.6.X | general purpose
SEQ(SP=C7-D1%GCD=<7%ISR=CB-D5%TI=Z%II=I%TS=A)
OPS(O1=M5B4ST11NW2%O2=M5B4ST11NW2%O3=M5B4NNT11NW2%O4=M5B4ST11NW2%O5=M5B4ST11NW2%O6=M5B4ST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW2%CC=N%Q=)
T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW2%RD=0%Q=)
T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=40%TG=40%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(DFI=N%T=40%TG=40%TOSI=Z%CD=S%SI=S%DLI=S)

19
nmap.cc
View File

@@ -273,6 +273,7 @@ printf("%s %s ( %s )\n"
" --datadir <dirname>: Specify custom Nmap data file location\n"
" --send-eth/--send-ip: Send using raw ethernet frames or IP packets\n"
" --privileged: Assume that the user is fully privileged\n"
" --unprivileged: Assume the user lacks raw socket privileges\n"
" -V: Print version number\n"
" -h: Print this help summary page.\n"
"EXAMPLES:\n"
@@ -525,7 +526,7 @@ int nmap_main(int argc, char *argv[]) {
{"oS", required_argument, 0, 0},
{"oH", required_argument, 0, 0},
{"oX", required_argument, 0, 0},
{"iL", required_argument, 0, 0},
{"iL", required_argument, 0, 'i'},
{"iR", required_argument, 0, 0},
{"sI", required_argument, 0, 0},
{"source_port", required_argument, 0, 'g'},
@@ -555,6 +556,7 @@ int nmap_main(int argc, char *argv[]) {
{"vv", no_argument, 0, 0},
{"ff", no_argument, 0, 0},
{"privileged", no_argument, 0, 0},
{"unprivileged", no_argument, 0, 0},
{"mtu", required_argument, 0, 0},
{"append_output", no_argument, 0, 0},
{"append-output", no_argument, 0, 0},
@@ -764,19 +766,6 @@ int nmap_main(int argc, char *argv[]) {
exit(0);
} else if (strcmp(long_options[option_index].name, "badsum") == 0) {
o.badsum = 1;
}
else if (strcmp(long_options[option_index].name, "iL") == 0) {
if (inputfd) {
fatal("Only one input filename allowed");
}
if (!strcmp(optarg, "-")) {
inputfd = stdin;
} else {
inputfd = fopen(optarg, "r");
if (!inputfd) {
fatal("Failed to open input file %s for reading", optarg);
}
}
} else if (strcmp(long_options[option_index].name, "iR") == 0) {
o.generate_random_ips = 1;
o.max_ips_to_scan = strtoul(optarg, &endptr, 10);
@@ -793,6 +782,8 @@ int nmap_main(int argc, char *argv[]) {
o.fragscan += 16;
} else if (strcmp(long_options[option_index].name, "privileged") == 0) {
o.isr00t = 1;
} else if (strcmp(long_options[option_index].name, "unprivileged") == 0) {
o.isr00t = 0;
} else if (strcmp(long_options[option_index].name, "mtu") == 0) {
o.fragscan = atoi(optarg);
if (o.fragscan <= 0 || o.fragscan % 8 != 0)

2
osscan.cc
View File

@@ -1270,7 +1270,7 @@ static int AVal_match(struct AVal *reference, struct AVal *fprint, struct AVal *
return 0;
}
if (verbose)
printf("%s.%s: \"%s\" NOMATCH \"%s\" (%d point%s)\n", testGroupName,
printf("%s.%s: \"%s\" NOMATCH \"%s\" (%d %s)\n", testGroupName,
current_ref->attribute, current_fp->value,
current_ref->value, pointsThisTest, (pointsThisTest == 1)? "point" : "points");
} else subtests_succeeded += pointsThisTest;

4
scripts/fingerfix.cc
View File

@@ -280,7 +280,9 @@ static void merge_sp_or_isr(struct AVal *result, char values[][AVLEN], int num)
printf("[WARN] Zero value occurs in attribute SEQ.%s. A constant ISN sequence?\n", result->attribute);
}
if(i == 0) {
low = high = val1;
/* Start it out with a variance of five in each direction */
low = MAX(0, val1 - 5);
high = val1 + 5;
} else {
if(low == high && val1 != low) {
// expand it in both directions

2
scripts/fingerlib.cc
View File

@@ -126,7 +126,7 @@ static int checkFP(char *FP) {
} else {
tmp = *(p+3);
if(tmp != 'Y') {
printf("[WARN] One fingerprint is not good\n");
printf("[WARN] One fingerprint is NOT GOOD (G=N)\n");
founderr = true;
}
}

1
tcpip.cc
View File

@@ -904,6 +904,7 @@ naming system. So the conversion is done here */
fatal("Call to pcap_open_live(%s, %d, %d, %d) failed three times. Reported error: %s\nThere are several possible reasons for this, depending on your operating system:\n"
"LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled.\n"
"*BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).\n"
"*WINDOWS: Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2. Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n"
"SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-P0 -sT localhost\" though.\n\n", pcapdev, snaplen, promisc, to_ms, err0r);
} else {
error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s. Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5.0, failed));