|
Nmap Development
mailing list archives
Re: Banner grabbing
From: "Joshua D. Abraham" <jabra () ccs neu edu>
Date: Fri, 13 Jan 2006 19:58:50 -0500
Yea that is what i am currently using in pbnj. I am hoping to
depreciate amap as a dependency.
There are several limitations to amap. For example, you can't
set an specific device to scan from like nmap has( nmap -e <interface>).
Also, it doesn't have XML output and the license has issues
as it is conflicting with the GPL because it implies
restriction on the GPL.
http://www.archivum.info/linux.debian.bugs.dist/2006-01/msg02126.html
I really think Nmap should have this functionality as I believe it
pretty much does, though it isn't displaying the banner.
--Josh
On Fri, Jan 13, 2006 at 07:44:25PM -0500, Clyde Laushey wrote:
Check out amap at http://thc.org/thc-amap/; that should do what you want.
You can pipe nmap output into amap or manually code the IP's & ports you
want to grab banners from.
* * * * *
Clyde Laushey
Information Security
Virginia Commonwealth University
----- Original Message -----
From: "'Joshua D. Abraham'" <jabra () ccs neu edu>
On Fri, Jan 13, 2006 at 12:34:14AM -0800, Brandon Enright wrote:
Joshua D. Abraham wrote:
Hey Guys,
Currently, I am building a tool that is based on nmap. I would like to
be able to grab banners when performing an nmap scan. I looked briefly
at the code and I believe that the banners are being captured and not
displayed. Currently, I am using another tool to capture the banners
and I would like to depreciate this dependency. My skills in C/C++
are very rusty and I would really like to see this as a feature in
nmap.
Thanks,
Joshua Abraham
You are looking for the Service Version flag "-sV". Nmap will try a
number
of different payloads depending on the port and attempt to match against
a
list of regular expressions.
If you are also operating system fingerprinting with "-O" you may want to
use "-A" instead which turns on both "-O" and "-sV".
Hope that helps.
Brandon
Currently, I am using -A in the tool I have built. What i am looking
for is nmap to display the banners for the service not just the
version and service name.
Example:
$ telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2
Which is different from:
$ nmap -A 127.0.0.1
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-01-13
14:39 EST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
Nmap run completed -- 1 IP address (1 host up) scanned in 15.418
seconds
Regards,
Josh
--
Brandon Enright
UCSD ACS/Network Operations
bmenrigh () ucsd edu
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
 By Date 
By Thread
Current thread:
|
Intro
