github.com/projectdiscovery/network-fingerprint

network-fingerprint

Capture packet request/response pairs for a port and/or IP to aid in Network protocol based Nuclei Templates creation.

Resources

• Installation Instructions
• Usage
• Running network-fingerprint
• Output Format

Usage

▶ network-fingerprint -h

This will display help for the tool. Here are all the switches it supports.

Flag	Description	Example
iface	Interface to perform capture on (default "lo0")	network-fingerprint -iface eth0
ip	IP to filter packets for	network-fingerprint -ip 127.0.0.1
port	Port to capture packets on	network-fingerprint -port 27017

Installation Instructions

network-fingerprint requires go1.15+ to install successfully and have libpcap-dev installed on the system.

To install libpcap-dev:-

▶ apt install -y libpcap-dev

▶ GO111MODULE=on go get -v github.com/projectdiscovery/network-fingerprint

Running network-fingerprint

To run the tool on a target to capture traffic on a port, just use the following command.

▶ network-fingerprint -port <port>

where <port> is the port you want to capture traffic for.

To also filter by IP while running on more common ports like 80, where there is a lot of noise, you can use the ip flag.

▶ network-fingerprint -port <port> -ip <destination-ip> 

Output Format

testing@local# network-fingerprint -port 27017 -ip 127.0.0.1
2021/04/08 23:15:07 network-fingerprint: nuclei-helper by @pdiscoveryio
2021/04/08 23:15:07 [device] en0 IP: 192.168.1.9
2021/04/08 23:15:07 [device] bridge100 IP: 192.168.64.1
2021/04/08 23:15:07 [device] lo0 IP: 127.0.0.1

{
  "data": "\ufffd",
  "hex": "dd",
  "request": true
}
{
  "data": "?\u0001",
  "hex": "3f01",
  "response": true
}

Requests (Client to Destination) messages have request: true while responses (Destination To Client) have response: true set to help in easily identifying correct fingerprints.