p0f

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2026 License: BSD-3-Clause Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	Linux311  = MustParse("*:64:0:*:mss*20,10:mss,sok,ts,nop,ws:df,id+:0")
	Linux3x   = MustParse("*:64:0:*:mss*10,0:mss,sok,ts,nop,ws:df,id+:0")
	Linux26   = MustParse("*:64:0:*:mss*4,7:mss,sok,ts,nop,ws:df,id+:0")
	Linux24   = MustParse("*:64:0:*:mss*4,0:mss,sok,ts,nop,ws:df,id+:0")
	WindowsXP = MustParse("*:128:0:*:16384,0:mss,nop,nop,sok:df,id+:0")
	Windows7  = MustParse("*:128:0:*:8192,8:mss,nop,ws,nop,nop,sok:df,id+:0")
	Windows10 = MustParse("*:128:0:*:8192,2:mss,nop,ws,nop,nop,sok:df,id+:0")
	MacOS     = MustParse("*:64:0:*:65535,6:mss,sok,ts,nop,ws:df+:0")
	Android   = MustParse("*:64:0:*:mss*44,1:mss,sok,ts,nop,ws:df,id+:0")
	IOS       = MustParse("*:64:0:*:65535,3:mss,nop,ws,sok,ts:df,id+:0")
	Nmap      = MustParse("*:64-:0:265:512,0:mss,sok,ts:ack+:0")
)

Predefined p0f signatures for common OS versions.

Functions

This section is empty.

Types

type Signature

type Signature struct {
	IPVersion   string     // "4", "6", "*"
	TTL         int        // initial TTL value
	HasTTLMinus bool       // true if TTL has "-" suffix (bad TTL)
	IPOptLen    int        // IP options header length in bytes
	MSS         int        // -1 = wildcard
	WindowSize  int        // window size value, -1 = wildcard
	WindowType  WindowType // how to interpret WindowSize
	WindowScale int        // window scale shift count, -1 = wildcard
	Options     []string   // TCP options layout (e.g. ["mss","sok","ts","nop","ws"])
	Quirks      []string   // IP/TCP quirks (e.g. ["df","id+"])
	Payload     string     // "0", "+", or "*"
}

Signature represents a parsed p0f TCP fingerprint.

func MustParse

func MustParse(sig string) *Signature

MustParse parses a p0f signature string and panics on error.

func Parse

func Parse(sig string) (*Signature, error)

Parse parses a p0f signature string in the format: {ip_ver}:{ttl}:{ip_opt_len}:{mss}:{window,wscale}:{opt_layout}:{quirks}:{pay_class}

func (*Signature) String

func (s *Signature) String() string

String reconstructs the p0f signature string.

type Spoofer

type Spoofer struct {
	// contains filtered or unexported fields
}

Spoofer applies TCP/IP field spoofing based on a p0f signature.

func NewSpoofer

func NewSpoofer(sig *Signature) *Spoofer

NewSpoofer creates a new Spoofer for the given signature.

func (*Spoofer) Apply

func (s *Spoofer) Apply(conn net.Conn) error

Apply sets spoofable TCP/IP fields on a raw TCP connection. Currently supports: TTL, DF flag, window size. Platform-specific syscall implementations are in platform_*.go files.

func (*Spoofer) ApplyToRawConn added in v0.2.0

func (s *Spoofer) ApplyToRawConn(raw syscall.RawConn) error

ApplyToRawConn applies the p0f signature to a syscall.RawConn. This is intended for use with net.Dialer.Control to set socket options before the TCP handshake (SYN packet) is sent.

type WindowType

type WindowType int

WindowType describes how the TCP window size is computed.

const (
	// WindowNormal indicates the exact window size value.
	WindowNormal WindowType = iota
	// WindowMSS indicates window = MSS * N.
	WindowMSS
	// WindowMOD indicates window = N * rand(1, 65535/N).
	WindowMOD
	// WindowMTU indicates window = MTU * N.
	WindowMTU
	// WindowAny indicates any window size is acceptable.
	WindowAny
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL