操作系统识别
╋━━━━━━━━━━━━━━━╋
┃操作系统识别 ┃
┃操作系统识别技术 ┃
┃ 总类繁多 ┃
┃ 好产品采用多种技术组合 ┃
┃TTL起始值 ┃
┃ Windows: 128 (65-----128) ┃
┃ Linux/Unix: 60 (1-64) ┃
┃ 某些Unix: 255 ┃
╋━━━━━━━━━━━━━━━╋
╋━━━━━━━━━━━━━━━╋
┃操作系统识别 ┃
┃python ┃
┃ from scapy.all import ┃
┃ win="1.1.1.1" ┃
┃ linu="1.1.1.2" ┃
┃ aw=sr1(IP(dst=win)/ICMP()) ┃
┃ al=sr1(IP(dst=linu)/ICMP()) ┃
┃ if a[IP].ttl<=64 ┃
┃ print "host is Linux" ┃
┃ else ┃
┃ print "host is windows" ┃
┃ ┃
┃./ttl_os.py ┃
╋━━━━━━━━━━━━━━━╋
╭────────────────────────────────────────────╮
[ttl_os.py]
#!/usr/bin/python
from scapy.all import *
import loggging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
import sys
if len(sys.argv)!=2:
print "Usage - ./ttl_os.py [IP Address]"
print "Example - ./ttl_os.py 10.0.0.5"
print "Example will perform ttl analysis to attempt to determine whether the system is windows or Linux"
sys.exit()
ip=sys.argv[1]
ans=sr1(IP(dst=str(ip))/ICMP(),timeout=1,verbose=0)
if ans == None:
print "No response was returned"
elif int(ans[IP].ttl)<=64:
print "Host is Linux/Unix"
else:
print "Host is Windows"
╰────────────────────────────────────────────╯
root@kali:~# chmod u+x ttl_os.py
root@kali:~# ./ttl_os.py 192.168.1.133
WARNING: No route found for IPv6 destination :: (no default route?)
Host is Windows
root@kali:~# ./ttl_os.py 192.168.1.134
WARNING: No route found for IPv6 destination :: (no default route?)
Host is Linux/Unix
root@kali:~# ./ttl_os.py 192.168.1.1
WARNING: No route found for IPv6 destination :: (no default route?)
Host is Linux/Unix
╋━━━━━━━━━━━━━━━╋
┃操作系统识别 ┃
┃nmap使用多种技术识别操作系统 ┃
┃ nmap 1.1.1.1 -O ┃
┃ 系统服务特征 ┃
╋━━━━━━━━━━━━━━━╋
root@kali:~# nmap -O 192.138.1.133
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-05 01:24 CST
Nmap scan report for 192.138.1.133
Host is up (0.00073s latency).
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios- ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 80:00:27:B0:3A:76(Cadmus Computer Systems)
Device type: general purpose
Running: Microsoft Windows XP
OS CPE: cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3
OS details: microsoft Windos XP SP2 or SP3
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.47 seconds
root@kali:~# nmap -O 192.138.1.134
tarting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-05 01:24 CST
Nmap scan report for 192.138.1.133
Host is up (0.00073s latency).
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtb
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
8009/tcp open ajp13
8180/tcp open unknown
MAC Address: 80:00:27:B0:3A:76(Cadmus Computer Systems)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o: linux: linux_kernel:2.6
OS details: Linux 2.6.9 - 2.6.33
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.47 seconds
root@kali:~# nmap -O 192.138.1.1
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-03 16:31 CST
Nmap scan report for 192.168.1.1
Host is up (0.00082s latency).
PORT STATE SERVICE
80/tcp open http
1900/tcp open upup
MAC Address: Do:C7:C0:99:ED:3A (Tp-link Technologies Co.)
Warning: OSScan results may be unrelibale because we coule not find at least 1 open and 1 closed port
Aggressive OS guesses: Canon imageRUNNER C5185 printer (98%), VxWorks(94%), Can on imageRUNNER C2380i pinter(93%), Fujitsu Externus DX80 or IBM DCS9900 NAS divie(93%), Avaya 4526GTX switch (92%), HP ProCurve 3500yl,5406zl, or 6200yl switch or UTStarcom F100 VoIP phone(89%), Nortel CS1000M VoIP PBX or Xerox Phaser 8560DT printer(88%)
No exact OS matches for host (test conditions non-ideal).
Network distance: 1 hop
OS detection performed. Please report any incorrect results at