OS-Sommelier is a tool for Memory based OS fingerprinting. It runs on a 32-bit Linux host. It supports multiple 32-bit guest OSes, like Linux, Windows, *BSD, etc.
cd src
make
The default signature database is OS-Sommelier/md5/
-
Take a snapshot of guest OS memory first.
-
Signature generating
./signa -g [snapshot] 0 > ../md5/OS-name -
Signature matching
./signa -s [snapshot] 0