Updated Fingerprint Programs

Jeff has done a great job making it easy to update the different xml files I use in Satori, along with the ability to have an underlying repository that helps keep everything the same across all of the files! He's also written a nice DHCP Fingerprinting program himself. These can be found at Devonic Delphi Page

DHCP Fingerprint Manager: imports text-based Wireshark traces to populate and fingerprint systems. Basically, you take a pcap file, parse out just the DHCP packets and export to a text file. You then dump that in and dhcp fingerprint the systems.

It is a lot faster than Satori and it gives you a lot of nice features after you are done. The Statistics is a wonderful little chunk of it you can do after reading in a file. I may have to steal some ideas from him on this! In the statistics area it breaks down % of End Systems by MAC Vendors, Fingerprint Names, Fingerprint Match Scores, OS Names, OS Classes OS Vendors, Device Types, Device Vendors, and then the Authors of the individual Fingerprints.

Fingerprint Editor: The program I use all the time these days to modify the different xml files that Satori and these different programs are using. I used to always do it by hand, but inevitably I always missed updating something. It was nice to have this to help keep things in sync, update the time stamps, etc! If you are creating fingerprints to send me, and not just sending me the raw data, this is the perfect program to use!

There is also DEF File Editor that modifies the definition files the programs above use.

He has quite a few other nice programs out there, and if any of you are delphi programs check out his Delphi Components page. I used a few pieces from there myself.