Passive TCP/IP fingerprinting tool

Ivan Tyunin

Last update: Sep 12, 2022

Related tags

Network programming sp0ky

Overview

This tool analyzes first stage of TCP handshake (SYN) and recognize operating system of client

Build

To build sp0ky, you need to install Rust

git clone https://github.com/MOL0ToK/sp0ky.git
cd sp0ky
cargo build --release

./target/release/sp0ky

Run

sudo sp0ky -i <interface>

Run in docker

To access host network interfaces, you should run docker container in host network mode

docker run --net=host -e SP0KY_INTERFACE=<interface> mol0tok/sp0ky:latest

API usage

To get connection information, you can use the API on port 7564.

Request:

curl http://localhost:7564/111.111.111.111:53155

Response with result:

{"os":"Windows","signature":"4:116+12:0:1360:64240:8:mss,nop,ws,nop,nop,sok:10:000000010"}

Or without:

{}

Fingerprint (signature)

In addition to operating system information, this tool generates a fingerprint that you can use for additional processing.

Fingerprint format: IP_VERSION:TTL+HOPS:IP_OPTIONS_LENGTH:MSS:TCP_WINDOW_SIZE:TCP_WINDOW_SCALE:TCP_OPTIONS:IP_FLAGS:TCP_FLAGS

Example: 4:116+12:0:1360:64240:8:mss,nop,ws,nop,nop,sok:10:000000010

Similar tools

TODO

Operating system recognition
Network adapter recognition by MTU

Tunnel TCP traffic through SOCKS5 or HTTP using a TUN interface.

tun2proxy Tunnel TCP traffic through SOCKS5 or HTTP on Linux. Authentication not yet supported. Error handling incomplete and too restrictive. Build C

34 Nov 29, 2022

A remote shell, TCP tunnel and HTTP proxy for Replit.

Autobahn A remote shell, TCP tunnel and HTTP proxy for Replit. Hybrid SSH/HTTP server for Replit. Based on leon332157/replish. Autobahn runs a WebSock

12 Sep 24, 2022

Fast User-Space TCP/UDP Stack

Catnip Catnip is a TCP/IP stack that focuses on being an embeddable, low-latency solution for user-space networking. Building and Running 1. Clone Thi

79 Sep 9, 2022

A tcp proxy server/client which exchange the data in temp files

ftcp A tcp proxy server/client which exchange the data in temp files 通过在临时文件中交换数据来进行TCP代理的一个服务端/客户端学校内网中有针对教学楼的防火墙导致教室电脑难以上网（但学校内建有公共ftp服务器，因此就有了这个借

2 Feb 17, 2022

A rustic tcp + serialization abstraction.

Wire An abstraction over TCP and Serialization "put a struct in one side and it comes out the other end" Wire is a library that makes writing applicat

33 May 12, 2021

Send files over TCP. Quick and simple. Made in Rust.

SFT Multithreaded utility to send files over TCP. The sender writes a header containing the filename, and then the contents of the file, buffered, to

0 Dec 24, 2021

A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls

bore A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does:

6.2k Dec 31, 2022

A tcp port forwarding system like ngrok.

Pruxy A tcp port forwarding system like ngrok. Todo http request handler agent - server connection agent How to use Generate cert files mkdir ssl_ce

1 Jan 24, 2022

An app which reads data from a serial port and serves it on a TCP port.

serial-to-tcp An app which reads data from a serial port and serves it on a TCP port. How to use Clone this repo and build the app as outlined below (

3 Oct 21, 2022

Releases(v0.1.0)

v0.1.0(Oct 13, 2021)
What's Changed

feat: Operating system recognition by @MOL0ToK in https://github.com/MOL0ToK/sp0ky/pull/1

feat: Github actions by @MOL0ToK in https://github.com/MOL0ToK/sp0ky/pull/2

New Contributors

@MOL0ToK made their first contribution in https://github.com/MOL0ToK/sp0ky/pull/1

Full Changelog: https://github.com/MOL0ToK/sp0ky/commits/v0.1.0
Source code(tar.gz)
Source code(zip)