Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Banner grabbing

Re: Banner grabbing

From: Clyde Laushey <laushey_at_verizon.net>
Date: Fri, 13 Jan 2006 19:44:25 -0500

Check out amap at http://thc.org/thc-amap/; that should do what you want.
You can pipe nmap output into amap or manually code the IP's & ports you
want to grab banners from.
* * * * *
Clyde Laushey
Information Security
Virginia Commonwealth University

> ----- Original Message -----
> From: "'Joshua D. Abraham'" <jabra_at_ccs.neu.edu>

> On Fri, Jan 13, 2006 at 12:34:14AM -0800, Brandon Enright wrote:
>> Joshua D. Abraham wrote:
>> >
>> > Hey Guys,
>> >
>> > Currently, I am building a tool that is based on nmap. I would like to
>> > be able to grab banners when performing an nmap scan. I looked briefly
>> > at the code and I believe that the banners are being captured and not
>> > displayed. Currently, I am using another tool to capture the banners
>> > and I would like to depreciate this dependency. My skills in C/C++
>> > are very rusty and I would really like to see this as a feature in
>> > nmap.
>> >
>> > Thanks,
>> > Joshua Abraham
>> >
>> >
>>
>>
>> You are looking for the Service Version flag "-sV". Nmap will try a
>> number
>> of different payloads depending on the port and attempt to match against
>> a
>> list of regular expressions.
>>
>> If you are also operating system fingerprinting with "-O" you may want to
>> use "-A" instead which turns on both "-O" and "-sV".
>>
>> Hope that helps.
>>
>> Brandon
>
>
> Currently, I am using -A in the tool I have built. What i am looking
> for is nmap to display the banners for the service not just the
> version and service name.
>
> Example:
>
> $ telnet 127.0.0.1 22
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2
>
> Which is different from:
>
> $ nmap -A 127.0.0.1
> Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-01-13
> 14:39 EST
> Interesting ports on localhost.localdomain (127.0.0.1):
> (The 1658 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE VERSION
> 22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 15.418
> seconds
>
>
> Regards,
> Josh
>
>>
>>
>> --
>> Brandon Enright
>> UCSD ACS/Network Operations
>> bmenrigh_at_ucsd.edu
>>
>>
>>
>> _______________________________________________
>> Sent through the nmap-dev mailing list
>> http://cgi.insecure.org/mailman/listinfo/nmap-dev
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Jan 13 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos