Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Banner Grabbing
From: "Joshua D. Abraham" <jabra () ccs neu edu>
Date: Fri, 10 Feb 2006 15:40:07 -0500

Hey Guys,

Recently I have been working on adding banner grabbing functionality to
nmap. I am wondering if anyone has any thoughts on how to present this
to the user. Currently, I have it working so that there is a string 255
chars long and it will store as much of the banner in that as possible.
I believe that any banner longer than that isn't going to be useful to
anyone. Obviously, if the scan is of a range there will need to be a specified ip and port with a banner similar to 
amap's functionity.

amap v4.7 (www.thc.org) started at 2006-02-10 15:38:08 - BANNER GRAB mode

Banner on 127.0.0.1:22/tcp : SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2.1\n



Here is a example of what I have working currently,

(scan with -d2 -A -O target -P0 --osscan-guess)
***************
.... snip

The SYN Stealth Scan took 25.60s to scan 1672 total ports.
Fetchfile found ./nmap-service-probes

Initiating service scan against 2 services on pool-151-196-46-115.bos.east.verizon.net (151.199.46.115) at 15:26
Starting probes against new service: 151.196.46.116:22 (tcp)
Starting probes against new service: 151.196.46.116:8080 (tcp)

Banner: SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2.1\n 

Service scan match (Probe NULL matched with NULL): pool-151-196-46-116.bos.east.verizon.net (151.196.46.116):22 is ssh. 
 Version: |OpenSSH|3.9p1 Debian-1ubuntu2.1|protocol 2.0|

Banner: HTTP/1.1 200 OK\r\nDate Fri, 10 Feb 2006 202617 GMT\r\nServer Apache\r\nLast-Modified Tue, 29 Nov 2005 194136 
GMT\r\nETag "241b8-a6c-68559c00"\r\nAccept-Ranges bytes\r\nContent-Length 2668\r\nConnection close\r\nContent-Type 
text/html\r\n\r\n 

Service scan match (Probe GetRequest matched with GetRequest): pool-151-196-46-116.bos.east.verizon.net 
(151.196.46.116):8080 is http.  Version: |Apache httpd|||

.... snip
***************

     
Regards,
Joshua Abraham


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]