OS Fingerprinting with Ruby

J

Joe Martin

I'm working my way into learning some basic socket programming. I would
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. Is this possible to do without relying on the actual
nmap program? Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?

Thanks!
 
A

Aaron Turner

I'm working my way into learning some basic socket programming. =A0I woul= d
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. =A0Is this possible to do without relying on the actual
nmap program? =A0Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?

I'm not sure I would categorize OS fingerprinting as "basic socket
programming". For that you need raw socket access (PF_PACKET under
Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS's respond. It's a *lot* of
work.

Anyways, yes it could be done in Ruby... although I don't recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &
reading responses.


--=20
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Win=
dows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
 
J

Joel VanderWerf

Aaron said:
I'm not sure I would categorize OS fingerprinting as "basic socket
programming". For that you need raw socket access (PF_PACKET under
Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS's respond. It's a *lot* of
work.

Anyways, yes it could be done in Ruby... although I don't recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &
reading responses.

I don't know about PF_PACKET in ruby either, but you can use raw sockets
in ruby with PF_INET to get to the level of IP headers, at least.

There's an example of this in the examples/raw.rb in the bit-struct gem.
Maybe it can be adapted for PF_PACKET?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top