Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: Banner grabbing
From: "'Joshua D. Abraham'" <jabra () ccs neu edu>
Date: Fri, 13 Jan 2006 14:43:22 -0500
On Fri, Jan 13, 2006 at 12:34:14AM -0800, Brandon Enright wrote:

Joshua D. Abraham wrote:


Hey Guys,

Currently, I am building a tool that is based on nmap. I would like to
be able to grab banners when performing an nmap scan. I looked briefly
at the code and I believe that the banners are being captured and not
displayed. Currently, I am using another tool to capture the banners
and I would like to depreciate this dependency.  My skills in C/C++
are very rusty and I would really like to see this as a feature in
nmap.

Thanks,
Joshua Abraham





You are looking for the Service Version flag "-sV".  Nmap will try a number
of different payloads depending on the port and attempt to match against a
list of regular expressions.

If you are also operating system fingerprinting with "-O" you may want to
use "-A" instead which turns on both "-O" and "-sV".

Hope that helps.

Brandon



Currently, I am using -A in the tool I have built. What i am looking
for is nmap to display the banners for the service not just the
version and service name.

Example:

$ telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2

Which is different from:

$ nmap -A 127.0.0.1
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-01-13
14:39 EST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1658 ports scanned but not shown below are in state: closed)
    PORT    STATE SERVICE VERSION
    22/tcp  open  ssh     OpenSSH 3.9p1 (protocol 2.0)

Nmap run completed -- 1 IP address (1 host up) scanned in 15.418
seconds


Regards,
Josh




--
Brandon Enright
UCSD ACS/Network Operations
bmenrigh () ucsd edu



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]