I Built an Open-Source Service Fingerprinter — Here’s What It Finds
Summary
Nerva is a new open-source command-line interface (CLI) tool designed for high-performance service fingerprinting across open ports. Developed in Go, Nerva supports over 120 protocols, including TCP, UDP, and SCTP, and operates approximately four times faster than `nmap -sV` while maintaining a 99% detection accuracy. It functions as a single binary with zero dependencies, making it highly portable and easy to integrate into existing security workflows. The tool identifies common services like SSH and HTTP, but also specializes in detecting industrial control systems (Modbus, OPC-UA), telecom infrastructure (Diameter, SS7 over SCTP), and modern services such as Kubernetes API servers and Kafka. Nerva employs smart detection logic, prioritizing common protocols for specific ports to enhance speed, and offers JSON and CSV output options for reporting and automation.
Key takeaway
For security teams and penetration testers struggling with slow service identification after port scanning, Nerva offers a significant speed and coverage upgrade. You should integrate Nerva into your reconnaissance pipeline to quickly convert lists of open ports into actionable service intelligence, especially for obscure protocols like SCTP or non-standard port configurations, thereby accelerating vulnerability discovery and asset inventory efforts.
Key insights
Nerva rapidly identifies services on open ports across diverse protocols, filling a critical gap in reconnaissance tooling.
Principles
- Protocol coverage is paramount for comprehensive security assessment.
- Speed and accuracy are both achievable in service fingerprinting.
- Non-standard ports often harbor significant, overlooked risks.
Method
Nerva uses port-aware prioritization to efficiently test protocols, falling back to broader checks if initial attempts fail. It supports TCP, UDP, and SCTP, extracting metadata from identified services.
In practice
- Integrate Nerva into pentesting workflows for faster recon.
- Use Nerva for asset inventory and CI/CD exposure validation.
- Employ SCTP support to assess telecom core networks.
Topics
- Service Fingerprinting
- Network Reconnaissance
- Industrial Control Systems
- Telecom Infrastructure
- Open-Source Tools
Code references
Best for: CTO, VP of Engineering/Data, Security Engineer, Software Engineer, DevOps Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by LLM on Medium.