NAME - more than a passive and active OS fingerprinting tool
o Information about signature database updates and more:
o [options] -target ip|ip6|hostname -port port|portList
# Single port active fingerprinting -target -port 80 -input-ipport
# Single port IPv6 active fingerprinting -target -port 80 -input-ipport -6
# SynScan active fingerprinting of a single target -target -port top100
# SynScan IPv6 active fingerprinting of a single target -target -port top100 -6
# SynScan active fingerprinting of a target subnet -target -port top100
# Passive fingerprinting -mode-passive -search-active -input-sniff
# Passive IPv6 fingerprinting -mode-passive -search-active -input-sniff -6
# Active fingerprinting of LAN -input-arpdiscover
# Active fingerprinting of IPv6 LAN -input-arpdiscover -6
# Simply SynScan the target -target -port full -mode-null -search-null -db-null
- Global:
- -version
Print version.
- -help
This help message.
- -target ip|ip6|hostname
Target. This is used to auto-detect some global parameters like device or ip.
- -port port|portList|top10|top100|top1000|all
Target port. Default for top10 ports for plugins able to handle multiple ports. This format is documented in `perldoc Net::SinFP3::Global' expandPorts method.
- -port-src port
Source port to use. Not supported by all plugins.
- -passive
Use passive fingerprinting. Default to use active one.
- -6
Use IPv6 fingerprinting where available. Default to off.
- -jobs number
Maximum number of jobs in parallel. Default: 10.
- -dns-reverse
Do a reverse DNS lookup for targets. Default to no.
- -device name
Network device to use. Default to auto-detect.
- -thread
Use threaded worker model (discouraged). Fork is used by default (and in Perl, it is better than ithreads).
- -retry times
Re-launch probes specified number of time. Default: 3.
- -timeout seconds
Time in seconds before timing out. Default: 3.
- -pps number
Number of packet per seconds. Default: 200.
- -ip-src ip
The source IPv4 address to use. Default to auto-detect.
- -ip6-src ip6
The source IPv6 address to use. Default to auto-detect.
- -mac-src mac
The source MAC address to use. Default to auto-detect.
- -subnet-src subnet
The source IPv4 subnet address to use. Default to auto-detect.
- -subnet6-src subnet
The source IPv6 subnet address to use. Default to auto-detect.
- -ip-gateway ip
The gateway IPv4 address to use. Default to auto-detect.
- -ip6-gateway ip6
The gateway IPv6 address to use. Default to auto-detect.
- -mac-gateway mac
The gateway MAC address to use. Default to auto-detect.
- -verbose level
Use the following verbose level number. Between 0 and 3, from the less verbose to the most verbose. Default to 1.
- -quiet
Set verbose level to 0. Default to not.
- -threshold score
Use the specified threshold for plugins supporting it. Default to no threshold (0).
- -best-score
Only gather results for the best matches. Default to not.
- Manually select all plugins and their options:
- -input plugin
Use specified plugin for input. Default input plugin is Net::SinFP3::Input::SynScan.
- -input-arg plugin-arg
Parameter to the specified input plugin. Must use multiple times to give multiple parameters.
- -db plugin
Use specified plugin for db. Default DB plugin is Net::SinFP3::DB::SinFP3. Example: " -db SinFP3 -db-arg file=sinfp3.db".
- -db-arg plugin-arg
Parameter to the specified db plugin. Must use multiple times to give multiple parameters.
- -mode plugin
Use specified plugin for mode. Default mode plugin is Net::SinFP3::Mode::Active.
- -mode-arg plugin-arg
Parameter to the specified mode plugin. Must use multiple times to give multiple parameters.
- -search plugin
Use specified plugin for search. Default search plugin is Net::SinFP3::Search::Active.
- -search-arg plugin-arg
Parameter to the specified search plugin. Must use multiple times to give multiple parameters.
- -output plugin
Use specified plugin for output. Default output plugin is Net::SinFP3::Output::Console.
- -output-arg plugin-arg
Parameter to the specified output plugin. Must use multiple times to give multiple parameters.
- Plugin loading options:
- -input-null
Turn off input plugin.
- -input-arpdiscover
Use ARP scanning on the local subnet to discover targets. Works also with -6 argument.
- -input-pcap
Take a pcap file (or files) as input.
- -input-synscan
Perform a TCP SYN scan to find open ports. Default plugin.
- -input-ipport
Use only target IP or hostname and one port.
- -input-sniff
Listen on the network to capture frames.
- -input-signature
Will ask the end-user to past an active signature as a string.
- -input-signaturep
Will ask the end-user to past a passive signature as a string.
- -input-connect
Performs a standard TCP connect() and sends a "GET /HTTP/1.0". Then, it analyzes the SYN|ACK response to perform active fingerprinting.
- -input-server
Starts a SinFP3 server on localhost:32000, so clients speaking the SinFP3 API will be able to access the fingerprinrint engine.
- -mode-null
Turn off mode plugin.
- -mode-active
Run using active plugin. This does active OS fingerprinting via SinFP3 engine.
- -mode-passive
Run using passive plugin. This does passive OS fingerprinting via SinFP3 engine.
- -db-null
Turn off DB plugin.
- -db-sinfp3
Use Net::SinFP3::DB::SinFP3 database plugin. Default plugin.
- -search-null
Turn off search plugin.
- -search-active
Perform a search through a database in active mode. Default plugin.
- -search-passive
Perform a search through a database in passive mode.
- -log-null
Turn off log plugin.
- -log-console
Log messages to the console. Default plugin.
- -output-null
Turn off output plugin.
- -output-console
Render output to the console with many details.
- -output-client
Render output to the connected client using SinFP3 communication protocol.
- -output-simple
Render output to the console, in a simple way. Default plugin.
- -output-dumper
Prints a dump to the console.
- -output-osonly
Only outputs operating system, and not full details of the fingerprint.
- -output-osversionfamily
Only outputs operating system and its version family, and not full details of the fingerprint.
- -output-pcap
Saves a trace to a pcap file. You can reply it afterwards using Net::SinFP3::Input::Pcap.
- -output-csv
Saves fingerprinting results a csv file. You can use -csv-file to choose the output file.
- -output-ubigraph
Takes a CSV file and display results using Ubigraph. You must use a CSV file as generated by Net::SinFP3::Output::CSV. You can use -csv-file to choose the input file.
- Plugin specific options:
- -db-update
Will update the database for the selected Net::SinFP3::DB plugin.
- -db-file file
Database file to use. Default is plugin dependant.
- -sniff-promiscuous
Use promiscuous mode while sniffing. Default to true.
- -pcap-anonymize
Replaces IP source and destination addresses (and update IP/TCP checksums) to anonymize a pcap output. Default to not.
- -pcap-append
Append to an already existing pcap file. Default to not.
- -pcap-filter pcap
Use specified pcap filter. Use it where available.
- -csv-file file
Use input taken from specified CSV file.
- -pcap-file file|fileList
Use input taken from specified pcap file or fileList. FileList uses Perl glob function.
- -active-3
Run all probes in active mode (default).
- -active-2
Run only probes P1 and P2 in active mode (stealthier).
- -active-1
Run only probe P2 in active mode (even stealthier).
- -synscan-fingerprint
Do not perform classic 3 packets fingerprinting, just use the SYN|ACK reply from the SYN request for fingerprinting.