How to query from a large amount of information (Python)

Question

I've recently been thinking of projects to start, and I've settled on an OS fingerprinting tool. I know that the OS can be determined by matching TTL and TCP window size, but I don't know the most efficient way to cross-reference that information to identify the OS.

My idea so far is to have a text file containing the different fingerprints, and once the TCP traffic is captured, cross-reference it with the contents of the text file. But this method seems too bulky and slow. I thought of having some basic fingerprints built in and then cross-referencing text files within some structured sub-directories, but this also seems like a shoddy workaround.

At its core, my question is this; What is the best and most efficient way to query a large amount of information for specific information using Python?

Side note: I know that Scapy can be used with Nmap and P0f, but I'd like to avoid using these.

That's what I'm asking. I have a large amount of information to query from. What's that best way to do it? — The Defalt, Jul 19 '16 at 14:38
If you have a large amount of information, how are you storing it? — Brendan Abel, Jul 19 '16 at 14:57

frist · Answer 1 · 2016-07-19T08:05:31.453

I know it's a headshot answer but I can't keep silent. Answering on your question How to query from a large amount of information (Python) literally I would recommend to read from special device /dev/urandom. The code can be looks like this:

information = ''
with open('/dev/urandom', 'b') as fi:
    while True:
        buf = fi.read(4096)
        if len(buf) == 0:
            break
        information += buf

How to query from a large amount of information (Python)

1 Answers1