xprobe2
| What is Xprobe? Written and maintained by Fyodor Yarochkin, Meder Kydyraliev and Ofir Arkin, Xprobe (I & II) is an active OS fingerprinting tools based on Ofir Arkin’s ICMP Usage In Scanning Research project.Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting. The first version of Xprobe2 combined various remote active operating system fingerprinting methods using the ICMP protocol, which were discovered during the “ICMP Usage in Scanning” research project, into a simple, fast, efficient and a powerful way to detect the underlying operating system a targeted host is using. Xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple simultaneously matches, and a signature database. |
| Project History |
| Download |
| CVS export CVS_RSH=ssh /usr/local/bin/cvs -d :pserver:anonymous@cvs.sourceforge.net:/cvsroot/xprobe loginand check out xprobe2-dev module: /usr/local/bin/cvs -z3 -d :pserver:anonymous@cvs.sourceforge.net:/cvsroot/xprobe co xprobe2-dev Xprobe (1 & 2) are copyright © Ofir Arkin, Meder Kydyraliev and Fyodor Yarochkin 2001-2007 |
| Xprobe2 xprobe2-0.3.tar.gz SHA-1: c28d48823c1b953f73fd1b1fbced5c77a63d2bf0 MD5: 3ebb89ed9380038d368327816e34ec54 First Version Published: August 9, 2002. Current Version Published: July 29th, 2005. Ofir Arkin, Fyodor Yarochkin, Meder Kydyraliev |
| Papers |
| The Present and Future of Xprobe2 - The Next Generation of Active Operating System Fingerprinting Published: July 31, 2003. Ofir Arkin, Fyodor Yarochkin, Meder Kydyraliev Although some advancement was made in the field of active operating system fingerprinting in the recent years, still, there are many issues to resolve. This paper presents the enhancements made with Xprobe2 v0.2 RC1 and discusses the tool’s future development. Both the present and future versions of Xprobe2 introduce many enhancements and advancements to the field of active operating system fingerprinting, which are discussed throughout the paper.The paper in PDF format [~492kb] |
XProbe2 - A ‘Fuzzy’ Approach to Remote Active Operating System Fingerprinting   Version 1.0 Published: August 2nd, 2002. Ofir Arkin & Fyodor Yarochkin The tools used today for remote active operating system fingerprinting use a signature database to perform a match between the results they receive from a targeted machine and known operating system fingerprints. Usually, the process is done by utilizing strict signature matching to identify the type of the remote operating system. The operating system fingerprinting tools that rely on strict signature matching face several problems with their way of operation, which when present lead to false identification of the target operating system(s). With this paper we present a different approach to signature matching with remote active operating system fingerprinting. Our approach is one which aims to solve the problems presently faced by remote active operating system fingerprinting tools, as well as providing more accurate results when used against any network topology. |
| A remote active OS fingerprinting tool using ICMP ;login: Magazine, Volume 27, No. 2 Published: April, 2002. |
| X Version 1.0 Published: August 14, 2001. Ofir Arkin & Fyodor Yarochkin X is a logic which combines various remote active operating system fingerprinting methods using the ICMP protocol, which were discovered during the “ICMP Usage in Scanning” research project, into a simple, fast, efficient and a powerful way to detect an underlying operating system a targeted host is using.Xprobe is a tool written and maintained by Fyodor Yarochkin (fygrave@tigerteam.net) and Ofir Arkin (ofir@sys-security.com) that automates X.Why X? - X is a very accurate logic.Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting. This is especially true when trying to identify some Microsoft based operating systems, when TCP is the protocol being used with the fingerprinting process. Since the TCP implementation with Microsoft Windows 2000 and Microsoft Windows ME, and with Microsoft Windows NT 4 and Microsoft Windows 98/98SE are so close, usually when ‘ using the TCP protocol with a remote active operating systems fingerprinting process we are unable to differentiate between these Microsoft based operating system groups. And this is only an example… |
| ICMP based remote OS TCP/IP stack fingerprinting techniques Phrack Magazine, Volume 11, Issue 57, File 7 of 12 Published: August 11, 2001.You can view the article here |
| Presentations |
| IT Underground February 17-18, 2005. Prague Conference Center, Prague, Czech Republic.”On the accuracy of active OS fingerprinting tools” Download: Download Presentation [~495kb] |
| Black Hat Federal 2003 Briefings October 1st-2nd, 2003. The Sheraton Premiere at Tyson’s Corner, Virginia, USA.”Using Xprobe2 in a Corporate Environment” Download: Download Presentation [~600kb] |
| Black Hat USA 2003 Briefings July 28th-31th, 2003. Caesers Palace, Las Vegas, Nevada, USA.”Revolutionizing Operating System Fingerprinting” Download: Zipped Power Point Presentation [~2.3mb] |
| Defcon X August 2nd - August 4th, 2002. Alexis Park Hotel and Resort in Las Vegas, Nevada, USA. “Xprobe2 - Xprobe, The Year After” Download: Zipped Power Point Presentation [~5mb] |
| The Black Hat Briefings Europe 2001, Amsterdam November 21-22, 2001. Golden Tulip Grand - The Krasnapolsky, Amsterdam, The Netherlands. “X - Remote ICMP Based OS Fingerprinting Techniques” Download: Zipped Power Point Presentation [~5.26mb] |
| Defcon 9 July 13-15, 2001. Alexis Park Hotel and Resort, Las Vegas, USA. “Introducing X: Playing Tricks with ICMP” Download: Zipped Power Point Presentation [~9.68mb] |
| The Black Hat Briefings 2001 July 11-12, 2001. Caesars Palace, Las Vegas, USA. “Introducing X: Playing Tricks with ICMP” Download: Zipped Power Point Presentation [~5.64mb] |
| Additional Sites |