Notes / Disclaimer:
- OS detection is only a “byproduct” of vulnerability scanning and not a core function of the feed. There is no guarantee for completeness / fully reliability.
- The OS detection itself is done on a “best effort” / “best guess” base without any guarantee that it is working for every single target / environment, especially if the detection happens remotely
- The more services a target is exposing the higher the chances are that an OS is detected fully / correctly / in detail
- Some more extended OS detection (e.g. based on industrial protocols) is only available in the commercial enterprise feed
Hi *,
as you might know the feed (and its Detection and VTs) is heavily relying on the banner of
services running / exposed on a remote host.
In the last months we did some improvements to our unknown banner reporting to consolidate this info into a single VT. If you’re stumbling over the output of the following VT within a report:
Name: Unknown OS and Service Banner Reporting
OID: 1.3.6.1.4.1.25623.1.0.108441
Family: Service detection
it would be great if you could either post the information in a new thread within the Vulnerability Tests category or (if it contains sensitive info) privately to me via a PN.
This helps us to improve the feed and to detect a wider range of different Operating Systems and
Services.
Thank you for your contribution.
Additional to the “Unknown OS Reporting” described above general information on the OS Detection methods are available in the following VT:
Name: OS Detection Consolidation and Reporting
OID: 1.3.6.1.4.1.25623.1.0.105937
Family: Product detection
This output could also contain some information on an existing OS Detection which could be improved / updated to detect an OS more precisely.