SinFP is a pen testing tool designed to fingerprint targeting operating systems when only single port is open. SinFP works passively and actively, meaning it can be used against a live host to identify the operating system by only sending 2 or 3 TCP packets. Or passively against a saved pcap file, handy when performing a penetration test from a bastion host or when pivoted through another machine.
Typically nmap provides better OS identification, however SinFP has it’s uses even for modern day penetration testing engagements.
SinFP is designed for penetration testers and network security professionals.
An overview of the tools syntax can be found below:
Execution: ./sinfp.pl -i -p Parameters: -d Network device to use -I Source IP address to use -3 Run all probes (default) -2 Run only probes P1 and P2 (stealthier) -1 Run only probe P2 (even stealthier) -v Verbose -s Signature file to use -O Print only operating system -V Print only operating system and its version family -H Use HEURISTIC2 masks to match signatures (advanced users) -A Use a custom list of matching masks (advanced users) Online mode specific parameters: -k Keep generated pcap file -a Do not generate an anonymized pcap file trace Offline mode specific parameters: -f Name of pcap file to analyze IPv6 specific parameters: -6 Use IPv6 fingerprinting, instead of IPv4 -M Source MAC address to use -m Target MAC address to use -4 If no IPv6 signature matches, try against IPv4 ones Active mode specific parameters: -r No. of tries to perform for a probe (default: 3) -t Timeout before considering a packet to be lost (default: 3) Passive mode specific parameters: -P Passive fingerprinting -F Pcap filter
SinFP is available from here and includes all required modules