Xprobe2 is a remote active operating system fingerprinting tool with a different approach to operating system fingerprinting. Information on Xprobe2’s technology can be obtained from [1], [2], and [3].
The new version of Xprobe2 introduces enhancements and advancements in Xprobe2’s development.
Xprobe2 now supports:
- Automatic Signature Generation
- XML based output
- The TCP Options Timestamp Fingerprinting method (first to be introduced at Blackhat USA 2003)
The source code of Xprobe2 v0.2 can be found at: http://www.sys-security.com/archive/tools/xprobe2/xprobe2-0.2.tar.gz
MD5 (xprobe2-0.2.tar.gz) = ca723a7e4c8c5001191efdb43e63bbee SHA1 (xprobe2-0.2.tar.gz) = fc7231dbe1de518b49d15b8677a0b65661312cb4
For more information about Xprobe2 0.2 new features please see the presentation given at Blackhat Federal 2003:
http://www.sys-security.com/archive/blackhat/FEDERAL2003/ Ofir_Arkin_BH_FEDERAL.ppt [~600k]
Yours Xprobe2 development team,
Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
Fyodor Yarochkin [fygrave@tigerteam.net]
Meder Kydyraliev [Meder@areopag.net]
[1] http://www.sys-security.com/html/projects/X.html
[2] “xprobe2 - A 'Fuzzy' Approach to Remote Active Operating System Fingerprinting”, Ofir Arkin & Fyodor Yarochkin, August 2002, http://www.sys-security.com/archive/papers/Xprobe2.pdf
[3] “The Present and Future of Xprobe2 – The Next Generation of Active Operating System Fingerprinting”, Ofir Arkin, Fyodor Yarochkin, Meder Kydyraliev, July 2003, http://www.sys-security.com/archive/papers/Present_and_Future_Xprobe2- v1.0.pdf
