2011/03/26

New version of SSL Capable NetCat. Changes for version 1.05:

  • bugfix: use syswrite everywhere (bugfix: Paul Kolano)
  • bugfix: check for eof return value from sysread() in _rwLoop() (bugfix: Michael Braun)
  • new: -S feature to use a program as a send hook
  • new: -R feature to use a program as a recv hook

You can find it from its own page by clicking here.

2011/03/19

A new SinFP version has been released. This is version 2.09. Find more.

2011/01/04

A new SinFP version has been released. This is version 2.07, which brings the following changes:

  • bugfix: padding vs payload issue for TCP options
  • update: more verbose message on closed/filtered port
  • update: copyright notice
  • update: mailing list link
  • new signatures (sinfp-20101224.db: 158 signatures)

Find more.

2010/10/15

Mise à jour des liens de publications. Nouveaux compte-rendus de conférences :

2009/07/04

New version of SSL Capable NetCat. Changes for version 1.04:

  • bugfix: potential parsing error in telnet negociation
  • update: better documentation on usage options and examples
  • new: -w feature to close connection after a timeout

You can find it from its own page by clicking here.

2009/07/01

New version of SSL Capable NetCat (again?). Yes. Changes for version 1.03:

  • bugfix: telnet support is now implemented smile
  • update: no more dependence upon Net::Telnet module. BTW, telnet negociation in original netcat is not perfectly implemented, but perfectly works.

You can find it from its own page by clicking here.

2009/06/30

GomoR is neither dead nor alive, but he is still on the Web 2.0 sphere. I just released an updated version of SSL Capable NetCat. Here are the changes for version 1.02:

  • bugfix: SSL+IPv6
  • bugfix: reading from STDIN on command line
  • new: perldoc
  • new: copyright notice (BSD license)

You can find it from its own page by clicking here.

2008/05/03

SSL Capable NetCat has been integrated in FreeBSD ports tree. Thanx to sbz.

2008/04/27

I rewrote my old SSL Capable NetCat tool (originally written in 05/2006). I added many cool features, click here to know more.

2008/04/15

It was time for GomoR.org to be more Web 2.0. This is done now, thanx to TWiki. I need to write the new Tools and Papers section, it will come. Same goes for sinfp-demo.pl, it is still accessible from Old GomoR.org web site.

UPDATE: sinfp-demo.pl has been ported to new GomoR.org website. Click here.

2008/01/08

Mise à jour de mon CV (AboutCv), je travaille maintenant chez Thomson.

2008/01/05

Mise en ligne d'un article paru dans le magazine MISC (MISC numéro 14). Cet article aborde différentes techniques de protection contre la prise d'empreinte des systèmes d'exploitation, par la personalisation des paramètres de la pile TCP/IP. C'est par ici.

2007/03/27

SinFP has now its own section, goto this page: SinFP fingerprinting tool.

2007/03/18

OSPF Attack Shell has now its own section, goto this page: OSPF Attack Shell.

2007/02/18

First update since a long time. Here is the new GomoR.org website design.

UPDATE: this design is obsolete. Find the old GomoR.org here:

2006/11/04

Mise en ligne d'un article paru dans le magazine MISC (MISC numéro 7). Cet article aborde différentes techniques de prise d'empreinte active des systèmes d'exploitation, par analyse des différences entre les implémentations TCP/IP. C'est par ici.

2006/10/29

Net::SinFP 2.03 released. Minor changes, but the database is reaching a comfortable size: nearly 120 signatures. Get it on Sourceforge:

Changes:

2.03 Sun Oct 29 21:57:05 CET 2006
   - Search.pm: new deformation masks added
   - sinfp.pl: default displaying of OS information updated, it is shorter now
   - sinfp.pl: new parameter -C, to show complete OS information like old
               behaviour
   - new signatures

Great news for Net::Packet users. Version 3.00 is finally out. You can get it on CPAN:

Changes since 2.22:

3.00 Sun Oct 29 15:31:06 CET 2006
  - Net::Packet::Dump: added keepTimestamp attribute to keep original pcap
                       timestamp. Default is to not keep original and use our
                       own timestamp.
  - bugfix: in Utils.pm, a redifined error is now removed
  - bugfix: in DescL4.pm, a redifined error is now removed
  - bugfix: in DescL4.pm, family attribute now initialized
  - pod update: lib/Net/Packet.pm
  - pod update: lib/Net/Packet/Dump.pm
  - pod update: lib/Net/Packet/Env.pm
  - pod update: lib/Net/Packet/Frame.pm
  - pod update: lib/Net/Packet/Desc.pm
  - pod update: lib/Net/Packet/DescL2.pm
  - pod update: lib/Net/Packet/DescL3.pm
  - pod update: lib/Net/Packet/DescL4.pm

3.00_02 Wed Oct  4 23:18:43 CEST 2006
   - bugfix: now it is possible to open a network interface with no IP address
   - bugfix: now it is possible to create a Dump object and give it another Env
             object, without interfering with the default Env object

3.00_01 Wed Sep 27 17:25:47 CEST 2006
   - *** WARNING: developer release, the pod is not up to date with the code
   - Now uses array as objects (with Class::Gomor::Array)
   - good speed improvement by replacing calls to accessors methods to
     direct array indice lookup
   - small memory usage improvement thanks to array objects
   - Net::Packet::Dump: complete rewrite
   - Net::Packet::Env: nearly complete rewrite

2006/07/02

SinFP included in BackTrack live CD pen-test distro !! so cool for me smile Get this wonderful live CD here:

SinFP 2.01 released. You can download it on Sourceforge (http://sourceforge.net/projects/sinfp/). Here is the changes list:

2.01 Sun Jul  2 11:52:43 CEST 2006
   - bugfix: when a target responds to P2, but to not P1, we craft
             a fake P1 reply
   - update: display a warning when a signature is matched in a heuristic mode,
             but not enough TCP options were received from P2 for a considered
             reliable match
   - new signatures

2006/06/14

SinFP 2.00 released. This is a major release, which improves the OS detection process quite a lot. You can download it on Sourceforge (http://sourceforge.net/projects/sinfp/). Here is the changes list:

   - complete rewrite
   - sinfp.db completely reworked
   - new tests based on comparison between probe and response (TCP seq/ack
     comparison, IP ID value comparison)
   - new matching algorithm, works like a search engine (a problem of finding
     intersection, by applying a deformation mask on keywords) much more
     efficient than in 1.xx branch
   - possibility to pass manually a matching mask to change a little the
     matching algorithm
   - passive fingerprinting much more acurate thanks to new matching algorithm
   - possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
   - match IPv6 signatures against IPv4 ones
   - API changes, not compatible with 1.xx version anymore
   - DB schema changes, not compatible with 1.xx version anymore
   - many bugfixes

2006/05/25

SinFP on Tao Security's blog:

2006/05/17

SinFP project has entered Sourceforge. All downloads will be redirected there for the packaged version.

2006/05/14

SinFP has reached more than 1000 downloads in less than a week. I thank all of you for trying it.

2006/05/06

SinFP 1.01 has been released as a packaged source archive. It ships with all required modules, so you do not need to bother with CPAN, if you do not like that.

2006/04/05

Tools section has been reworked, dead links have been updated, old tools removed, new tools added.

2006/03/13

Net::SinFP 1.00 is out. This is a finalized version, use it extensively :). Get it on CPAN:

Changes:

1.00 Mon Mar 13 13:37:01 CET 2006
   - sinfp.db: more signatures (IPv4 and IPv6 ones)
   - sinfp.db: migration from DBD::SQLite 1.08 to 1.11
   - Makefile.PL: now installs sinfp.db into /usr/local/share/sinfp when
                  installation is run as root
   - Makefile.PL: sinfp.pl, np-anon-pcap.pl, np-read-anon.pl are installed into
                  /usr/local/bin if installation is run as root
   - SinFP: algorithm to match OSFPs is now quicker (especially in passive mode)
   - SinFP: algorithm to match OSFPs is now also a little better
   - SinFP: bugfix when running in offline passive mode (now skip non IP frames)
   - sinfp.pl: -k parameter to keep generated pcap file (default to not)
               pcap files are especially useful for unknown fingerprints, send
               them to me ;) (use np-anon-pcap.pl to anonymize IPs)

2006/03/10

GomoR is still alive, and back with more willpower. Here is a link to an old interview by a Perl Argentina group:

2005/06/21

New OS fingerpringing tool: Net::SinFP, get it on CPAN.
Last update: 2011-03-26 at 16:10:23 (r27)

 
"Study from the past to learn about the future."
--GomoR

Copyright © 2000-2011 www.GomoR.org.
Top left logo is Copyright © 2008-2011 Mikael Auffret.
All rights reserved.