xprobe2 – A Remote active operating system fingerprinting tool

What is Xprobe2?

xprobe2 – A Remote active operating system fingerprinting tool

xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. xprobe2 relies on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
The operation of xprobe2 is described in a paper titled “xprobe2 – A ‘Fuzzy‘ Approach to Remote Active Operating System Fingerprinting”

Option’s

How to install Xprobe2

First you need to open your terminal after that you type this below command in your terminal this command will help you to install this xprobe2 package.
Linux

sudo apt install xprobe

Termux

pkg install xprobe

How to use xprobe

Just use this below command or see this below image.

sudo xprobe2 ( Domain name )

Example’s

xprobe2 -v -D 1 -D 2 192.168.1.10

Will launch an OS fingerprinting attempt targeting 192.168.1.10. Modules 1 and 2, which are reachability tests, will be disabled, so probes will be sent even if target is down. Output will be verbose.

xprobe2 -v -p udp:53:closed 192.168.1.20

Will launch an OS fingerprint attempt targeting 192.168.1.20. The UDP destination port is set to 53, and the output will be verbose.

xprobe2 -M 11 -p tcp:80:open 192.168.1.1

Will only enable TCP handshake module (number 11) to probe the target, very usefull when all ICMP traffic is filtered.

xprobe2 -B 192.168.1.1

Will cause TCP handshake module to try blindly guess open port on the target by sequentially sending TCP packets to the most likely open ports (80, 443, 23, 21, 25, 22, 139, 445 and 6000)

xprobe2 -T 1-1024 127.0.0.1

Will enable portscanning module, which will scan TCP ports starting from 1 to 1024 on 127.0.0.1

xprobe2 -p tcp:139:open 192.168.1.2

If remote target has TCP port 139 open, the command line above will enable application level SMB module (if remote target has TCP port 445 open, substitue 139 in the command line with 445).

xprobe2 -p udp:161:open 192.168.1.10

Will enable SNMPv2c application level module, which will try to retrieve sysDescr.0 OID using community strings taken from xprobe2.conf file.

xprobe2 fingerprints remote operating system by analysing the replies from the target, so to get the most out of xprobe2 you need to supply xprobe2 with as much information as possible, in particular it is important to supply at least one open TCP port and one closed UDP port. Open TCP port can either be provided in command line (-p), obtained through built-in port-scanner (-T) or -B option can be used to cause xprobe2 to try to blindly guess open TCP port. UDP port can be supplied via command line (-p) or through built-in port-scanner (-U).

Leave a Reply

Your email address will not be published. Required fields are marked *