Tenable’s Research group recently introduced a highly accurate form of operating system identification. This new method combines input from various other plugins that perform separate techniques to guess or identify a remote operating system.

The new plugin relies on the following NASL scripts :

• os_fingerprint_http.nasl
• os_fingerprint_mdns.nasl
• os_fingerprint_msrprc.nasl
• os_fingerprint_ntp.nasl
• os_fingerprint_sinfp.nasl
• os_fingerprint_smb.nasl
• os_fingerprint_snmp.nasl
• os_fingerprint_ssh.nasl
• os_fingerprint_uname.nasl
• os_fingerprint_linux_distro.nasl
• os_fingerprint_xprobe.nasl

I always use more than one tool to guess the target’s OS and xprobe2 has proved to give me the best results. As OS cloaking gets more and more widespread I think It’s great that nessus will use a combination of different plugins.

This new type of detection is available to all Nessus users who have updated their plugins recently with either the Direct or Registered Feeds.

I’m sure there will be ways to evade this new OS detection and that’s why manual analysis must always take over from where the scanner left it. You just can’t rely solely on automated scanners to do the job for you

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!