"Hidden Option" = "--osscan_guess" or "--fuzzy"
Grepping the source code from nmap 3.48 for osscan_guess or fuzzy:
CHANGELOG:647: if you don't use the secret --osscan_guess or -fuzzy
options.
NmapOps.h:177: int osscan_guess; /* Be more aggressive in guessing OS
type */
nmap.cc:244: {"osscan_guess", no_argument, 0, 0}, /* More guessing
flexability */
nmap.cc:247: {"fuzzy", no_argument, 0, 0}, /* Alias for osscan_guess
*/
Also, this feature is supposed to be turned on automatically if nmap is
completely clueless at what the OS is. I found this manually here:
output.cc:908: // If the FP can't be submitted anyway, might as well
make a guess.
Actually looking at the code is a little beyond me. I am not a
developer or coder, but that might get you started.
A cursory I-have-no-idea-what-I'm-looking-for glance seems to imply that
the fuzzy option widens number of tests (specially crafted packets) it
will run during the fingerprinting stage and it ~might~ also give more
leeway to the possible results.
-Jason
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jay Jacobson
> Sent: Wednesday, December 31, 2003 5:47 PM
> To: nessus _at_ list _dot_ nessus _dot_ org
> Subject: Hidden Option for OS Fingerprint?
>
>
>
> One of Nessus' options is:
>
> Nmap[checkbox]:Use hidden option to identify the remote OS
>
> Specifically, what option does this enable in nmap? Searching the nmap
> manual page for the word "hidden" does not return any
> results. Is there
> any further information or documentation on this feature?
>
> (Renaud: The reason I ask is because I am working on populating some
> initial data into that "Nessus Options Knowledge Base" that
> we previously
> discussed. I need a description of this option.)
>
> Thanks!
>
> ~Jay
>
> ..
> .. Jay Jacobson
> .. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
> ..
> .. Managed Vulnerability Assessment
> .. Services for Information Security Professionals
> ..
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
