OS Fingerprinting with Ruby

I’m working my way into learning some basic socket programming. I would
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. Is this possible to do without relying on the actual
nmap program? Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?

Thanks!

On Wed, Sep 16, 2009 at 12:00 PM, Joe M.
[email protected] wrote:

I’m working my way into learning some basic socket programming. I would
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. Is this possible to do without relying on the actual
nmap program? Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?

I’m not sure I would categorize OS fingerprinting as “basic socket
programming”. For that you need raw socket access (PF_PACKET under
Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS’s respond. It’s a lot of
work.

Anyways, yes it could be done in Ruby… although I don’t recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &
reading responses.

Aaron T. wrote:

Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS’s respond. It’s a lot of
work.

Anyways, yes it could be done in Ruby… although I don’t recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &
reading responses.

I don’t know about PF_PACKET in ruby either, but you can use raw sockets
in ruby with PF_INET to get to the level of IP headers, at least.

There’s an example of this in the examples/raw.rb in the bit-struct gem.
Maybe it can be adapted for PF_PACKET?

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs