XProbe是一款遠程主機操作系統(tǒng)探查工具。開發(fā)者基于和Nmap相同的一些技術(shù)（same techniques），并加入了自己的創(chuàng)新。Xprobe通過ICMP協(xié)議來獲得指紋。最新版本是Xprobe2.0.3版本,Xprobe2通過模糊矩陣統(tǒng)計分析主動探測數(shù)據(jù)報對應(yīng)的ICMP數(shù)據(jù)報特征,進而探測得到遠端操作系統(tǒng)的類型。注:經(jīng)過本人測試,對比較老的操作系統(tǒng),識別效果非常高,對新內(nèi)核系統(tǒng)則識別效果不太準確。

下載鏈接：http://down.51cto.com/data/153234

>>去網(wǎng)絡(luò)安全工具百寶箱看看其它安全工具

安裝步驟：

#tar -zxvf  xprobe2-0.3.tar.gz
#./configure --prefix=/usr/loca/
# make
#make install

 用法:

#/usr/local/xprobe/bin/xprobe2 -h
Options:
          -v                       Be verbose
          -r                       Show route to target(traceroute)
          -p Specify portnumber, protocol and state.
                                   Example: tcp:23:open, UDP:53:CLOSED
          -c           Specify config file to use.
          -h                       Print this help.
          -o                Use logfile to log everything.
          -t             Set initial receive timeout or roundtrip time.
          -s           Set packsending delay (milseconds).
          -d              Specify debugging level.
          -D               Disable module number .
          -M               Enable module number .
          -L                       Display modules.
          -m         Specify number of matches to print.
          -T             Enable TCP portscan for specified port(s).
                                   Example: -T21-23,53,110
          -U             Enable UDP portscan for specified port(s).
          -f                       force fixed round-trip time (-t opt).
          -F                       Generate signature (use -o to save to a file).
          -X                       Generate XML output and save it to logfile specified with -o.
          -B                       Options forces TCP handshake module to try to guess open TCP port
          -A                       Perform analysis of sample packets gathered during portscan in
                                   order to detect suspicious traffic (i.e. transparent proxies,
                                   firewalls/NIDSs resetting connections). Use with -T.
 

以上個選項,讀者可自己去測試。本人給出一個簡單的測試，假設(shè)當(dāng)前目錄在/usr/local/xprobe/bin/下

#./xprobe2 www.163.com
Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
[+] Target is www.163.com
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping  -  ICMP echo discovery module
[x] [2] ping:tcp_ping  -  TCP-based ping discovery module
[x] [3] ping:udp_ping  -  UDP-based ping discovery module
[x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x] [5] infogather:portscan  -  TCP and UDP PortScanner
[x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x] [12] fingerprint:smb  -  SMB fingerprinting module
[x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
[+] 13 modules registered
[+] Initializing scan engine
[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on 220.181.28.51. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on 220.181.28.51. Module test failed
[-] No distance calculation. 220.181.28.51 appears to be dead or no ports known
[+] Host: 220.181.28.51 is up (Guess probability: 50%)
[+] Target: 220.181.28.51 is alive. Round-Trip Time: 0.02320 sec
[+] Selected safe Round-Trip Time value is: 0.04640 sec
[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
[-] fingerprint:smb need either TCP port 139 or 445 to run
[-] fingerprint:snmp: need UDP port 161 open
[+] Primary guess:
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.6" (Guess probability: 100%)
[+] Other guesses:
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.7" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.8" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.9" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.10" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.11" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.5" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.4" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.0" (Guess probability: 100%)
[+] Host 220.181.28.51 Running OS: "Linux Kernel 2.6.1" (Guess probability: 100%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.

探測出上海(本人測試地點IP)這邊訪問網(wǎng)易的系統(tǒng)IP為220.181.28.51的機器系統(tǒng)為linux系統(tǒng) ,并且內(nèi)核版本在2.6.1---2.6.11之間,也有可能是更高內(nèi)核版本,主要是xprobe目前支持探測系統(tǒng)指紋的系統(tǒng)版本有限,經(jīng)過我多次對不同系統(tǒng)freebsd,debian,centos,solaris,aix,windows xp,2000,2003的探測結(jié)果,發(fā)現(xiàn)越老的系統(tǒng)探測結(jié)果越準確,筆者支持該軟件作者繼續(xù)此工作!