Satori 0.7.3 : Passive OS fingerprinting Tool

Satori is a passive OS identification/fingerprinting tool. Using winpcap it listens on the wire to all IP traffic, not just tcp/ip syn and syn-ack packets, and tries to utilize everything it hears to determine the OS of the devices it sees. Satori does passive os identification via a multitude of methods. The primary ones currently being actively updated are: TCP (p0f style fingerprinting), DHCP, Web and SMB. Other methods are CDP, HPSP, ICMP, EIGRP, Hot Spare Router Protocol, MDNS, OSPF, Skinny, SNMP, STP, UPNP, IPX/SPX.

Official change log for Satori 0.7.3:

Updated the bpf filters that I use prior to sending pcap traffic to my code to 25 or so of the 30 plugins for Satori. Instead of listing them all out, I’ll just say, most were updated!
They originally did something like ‘tcp or vlan’, this was updated to ‘tcp or (vlan and tcp)’ to help limit the traffic Satori has to process.
Other protocols, where there was a bpf filter such as aarp were added instead of just greater 0 type rules.
CDP has a filter in place that is much better also.
added new .dll that I did a LONG time ago, but wasn’t in the download dir for plugins. SIP.dll
Last but not least, fixed some bugs I found in the SCCP code that wasn’t picking up IP Phones correctly in a LOT of cases.
Oh, and released 0.7.3 version of satori.exe, mainly because I’ve noticed updating the oui.txt file isn’t getting picked up unless I recompile Satori. Not sure why, on my list to fix, but this way updated oui.txt from a few months back is better than the one from a few years ago!

Download Satori 0.7.3

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email