scapy.modules.p0fv2
Clone of p0f v2 passive OS fingerprinting
- scapy.modules.p0fv2.p0f(pkt)[source]
Passive OS fingerprinting: which OS emitted this TCP packet ? p0f(packet) -> accuracy, [list of guesses]
- class scapy.modules.p0fv2.p0fKnowledgeBase(filename)[source]
Bases:
KnowledgeBase
- scapy.modules.p0fv2.p0f_getlocalsigs()[source]
This function returns a dictionary of signatures indexed by p0f db (e.g., p0f_kdb, p0fa_kdb, …) for the local TCP/IP stack.
You need to have your firewall at least accepting the TCP packets from/to a high port (30000 <= x <= 40000) on your loopback interface.
Please note that the generated signatures come from the loopback interface and may (are likely to) be different than those generated on “normal” interfaces.
- scapy.modules.p0fv2.p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, extrahops=0, mtu=1500, uptime=None)[source]
Modifies pkt so that p0f will think it has been sent by a specific OS. If osdetails is None, then we randomly pick up a personality matching osgenre. If osgenre and signature are also None, we use a local signature (using p0f_getlocalsigs). If signature is specified (as a tuple), we use the signature.
For now, only TCP Syn packets are supported. Some specifications of the p0f.fp file are not (yet) implemented.