libnmap.objects.os

Using libnmap.objects.os module

TODO

NmapOSFingerprint methods

class libnmap.objects.os.NmapOSFingerprint(osfp_data)[source]

NmapOSFingerprint is a easier API for using os fingerprinting. Data for OS fingerprint (<os> tag) is instanciated from a NmapOSFingerprint which is accessible in NmapHost via NmapHost.os

get_osmatch(osclass_obj)[source]

This function enables NmapOSFingerprint to determine if an NmapOSClass object could be attached to an existing NmapOSMatch object in order to respect the common interface for the nmap xml version < 1.04 and >= 1.04

This method will return an NmapOSMatch object matching with the NmapOSClass provided in parameter (match is performed based on accuracy)

Returns:NmapOSMatch object
ports_used

Return an array of OSFPPortUsed object with the ports used to perform the os fingerprint. This dict might contain another dict embedded containing the ports_reason values.

NmapOSMatch methods

class libnmap.objects.os.NmapOSMatch(osmatch_dict)[source]

NmapOSMatch is an internal class used for offering results from an nmap os fingerprint. This common interfaces makes a compatibility between old nmap xml (<1.04) and new nmap xml versions (used in nmapv6 for instance).

In previous xml version, osclass tags from nmap fingerprints were not directly mapped to a osmatch. In new xml version, osclass could be embedded in osmatch tag.

The approach to solve this is to create a common class which will, for older xml version, match based on the accuracy osclass to an osmatch. If no match, an osmatch will be made up from a concat of os class attributes: vendor and osfamily. Unmatched osclass will have a line attribute of -1.

More info, see issue #26 or http://seclists.org/nmap-dev/2012/q2/252

accuracy

Accessor for accuracy

Returns:int
add_osclass(osclass_obj)[source]

Add a NmapOSClass object to the OSMatch object. This method is useful to implement compatibility with older versions of NMAP by providing a common interface to access os fingerprint data.

get_cpe()[source]

This method return a list of cpe stings and not CPE objects as the NmapOSClass.cpelist property. This method is a helper to simplify data management.

For more advanced handling of CPE data, use NmapOSClass.cpelist and use the methods from CPE class

line

Accessor for line attribute as integer. value equals -1 if this osmatch holds orphans NmapOSClass objects. This could happen with older version of nmap xml engine (<1.04 (e.g: nmapv6)).

Returns:int
name

Accessor for name attribute (e.g.: Linux 2.4.26 (Slackware 10.0.0))

osclasses

Accessor for all NmapOSClass objects matching with this OS Match

NmapOSClass methods

class libnmap.objects.os.NmapOSClass(osclass_dict)[source]

NmapOSClass offers an unified API to access data from analysed osclass tag. As implemented in libnmap and newer version of nmap, osclass objects will always be embedded in a NmapOSMatch. Unmatched NmapOSClass will be stored in “dummy” NmapOSMatch objects which will have the particularity of have a line attribute of -1. On top of this, NmapOSClass will have optional CPE objects embedded.

accuracy

Accessor for OS class detection accuracy (int)

Returns:int
cpelist

Returns a list of CPE Objects matching with this os class

Returns:list of CPE objects
Return type:Array
description

Accessor helper which returns a concataned string of the valuable attributes from NmapOSClass object

Returns:string
osfamily

Accessor for OS family information (Windows, Linux,…)

Returns:string
osgen

Accessor for OS class generation (7, 8, 2.4.X,…).

Returns:string
type

Accessor for OS class type (general purpose,…)

Returns:string
vendor

Accessor for vendor information (Microsoft, Linux,…)

Returns:string

OSFPPortUsed methods

class libnmap.objects.os.OSFPPortUsed(port_used_dict)[source]

Port used class: this enables the user of NmapOSFingerprint class to have a common and clear interface to access portused data which were collected and used during os fingerprint scan

portid

Accessor for the referenced port number used

proto

Accessor for the portused protocol (tcp, udp,…)

state

Accessor for the portused state (closed, open,…)