Use os nmap(1)
recursos de impressão digital, a partir do manpage:
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
Um exemplo:
$ nmap -sV some.mail.server.biz -p 25
Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-17 17:50 CEST
Nmap scan report for some.mail.server.biz (10.0.0.135)
Host is up (0.0052s latency).
PORT STATE SERVICE VERSION
25/tcp open smtp MailEnable smptd 7.08--7.08
Service Info: Host: some.domain.com; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.67 seconds
Não sei se é útil para você, mas a saída usa CPE .