Capture packet request/response pairs for a port and/or IP to aid in Network protocol based Nuclei Templates creation.
This will display help for the tool. Here are all the switches it supports.
| Flag | Description | Example |
|---|---|---|
| iface | Interface to perform capture on (default "lo0") | network-fingerprint -iface eth0 |
| ip | IP to filter packets for | network-fingerprint -ip 127.0.0.1 |
| port | Port to capture packets on | network-fingerprint -port 27017 |
network-fingerprint requires go1.15+ to install successfully and have libpcap-dev installed on the system.
To install libpcap-dev:-
▶ apt install -y libpcap-dev
▶ GO111MODULE=on go get -v github.com/projectdiscovery/network-fingerprint
To run the tool on a target to capture traffic on a port, just use the following command.
▶ network-fingerprint -port <port>
where <port> is the port you want to capture traffic for.
To also filter by IP while running on more common ports like 80, where there is a lot of noise, you can use the ip flag.
▶ network-fingerprint -port <port> -ip <destination-ip>
Here is a detailed blog showcasing the uses of network-fingerprint - https://blog.projectdiscovery.io/writing-network-templates-with-nuclei/
Output Format
testing@local# network-fingerprint -port 27017 -ip 127.0.0.1 2021/04/08 23:15:07 network-fingerprint: nuclei-helper by @pdiscoveryio 2021/04/08 23:15:07 [device] en0 IP: 192.168.1.9 2021/04/08 23:15:07 [device] bridge100 IP: 192.168.64.1 2021/04/08 23:15:07 [device] lo0 IP: 127.0.0.1
{
"data": "\ufffd",
"hex": "dd",
"request": true
}
{
"data": "?\u0001",
"hex": "3f01",
"response": true
}Requests (Client to Destination) messages have request: true while responses (Destination To Client) have response: true set to help in easily identifying correct fingerprints.