3

How can I identify a remote host OS (Unix/Windows) using python ? One solution I found is to check whether the port22 is open but came to know that some Windows hosts also having Port 22 open but connections refused. Please let me know the efficient way to do the same. Thanks in advance.

Improve this question
5
  • As a general answer, you can't. The only way I can think of is to identify a service that is written in Python (the server serves a Django website, or hosts an application that is written in Python). But then, this works because you have the knowledge that such an application uses Python. It could be just the same coded in another language, you couldn't tell the difference. This is internal implementation detail. Commented Oct 10, 2017 at 14:40
  • Do you have access to these remote servers or are you trying to determine the operating system via advertised services like SSH etc? Commented Oct 10, 2017 at 14:41
  • 1
    A commonly used tool that does what you need is Nmap. I guess that as a workaround you could write a Python wrapper over it, or take a look at [Python]: python-nmap. Commented Oct 10, 2017 at 14:46
  • I think this is a fair question, but I doubt there is a satisfactory answer. If you can actual get access to some service running on the host, then maybe you have a chance. But if you've got to work it out from nothing more than which IP ports are open, I think you're out of luck. Many systems hide their ports behind software firewalls, anyway. You'll be left trying to work out the OS from how it responds to an ICMP "ping", which will be difficult to impossible. Commented Oct 10, 2017 at 14:46
  • This question is too broad, and it's not Python-specific. You can try to guess the remote OS relying on the specifics of the TCP/IP stack implementation (default window sizes, default flags and responses in corner cases, etc.) There are some tools that try to do that for you (like the mentioned nmap, see -O option), but the general discussion about how to do it goes well beyond the scope of this site. Commented Oct 10, 2017 at 15:08

1 Answer 1

Reset to default
1

For security reasons, most operating systems do not advertise information over the network. While tools such as nmap can deduce the OS running on a remote system by scanning ports over the network the only way to reliably know the OS is to login to the system. In many cases the OS will be reported as part of the login process so establishing a connection over the network will suffice to determine the OS. Running "uname -a" on the remote system will also retrieve the OS type on linux systems.

This will retrieve the welcome string from HOST which usually includes the OS type. Substitute a valid user name for UNAME and host name for HOST.

    #!/usr/bin/env python3

    import sys
    import subprocess

    CMD="uname -a"

    conn = subprocess.Popen(["ssh", "UNAME@HOST", CMD],
            shell=False,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE)
    res = conn.stdout.readlines()
    print(res)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.