Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Banner grabbing
From: "Joshua D. Abraham" <jabra () ccs neu edu>
Date: Fri, 13 Jan 2006 19:58:50 -0500


Yea that is what i am currently using in pbnj. I am hoping to
depreciate amap as a dependency.

There are several limitations to amap. For example, you can't
set an specific device to scan from like nmap has( nmap -e <interface>). 
Also, it doesn't have XML output and the license has issues
as it is conflicting with the GPL because it implies
restriction on the GPL. 

http://www.archivum.info/linux.debian.bugs.dist/2006-01/msg02126.html


I really think Nmap should have this functionality as I believe it
pretty much does, though it isn't displaying the banner.

--Josh

On Fri, Jan 13, 2006 at 07:44:25PM -0500, Clyde Laushey wrote:
Check out amap at http://thc.org/thc-amap/; that should do what you want. 
You can pipe nmap output into amap or manually code the IP's & ports you 
want to grab banners from.
* * * * *
Clyde Laushey
Information Security
Virginia Commonwealth University

----- Original Message ----- 
From: "'Joshua D. Abraham'" <jabra () ccs neu edu>


On Fri, Jan 13, 2006 at 12:34:14AM -0800, Brandon Enright wrote:
Joshua D. Abraham wrote:

Hey Guys,

Currently, I am building a tool that is based on nmap. I would like to
be able to grab banners when performing an nmap scan. I looked briefly
at the code and I believe that the banners are being captured and not
displayed. Currently, I am using another tool to capture the banners
and I would like to depreciate this dependency.  My skills in C/C++
are very rusty and I would really like to see this as a feature in
nmap.

Thanks,
Joshua Abraham




You are looking for the Service Version flag "-sV".  Nmap will try a 
number
of different payloads depending on the port and attempt to match against 
a
list of regular expressions.

If you are also operating system fingerprinting with "-O" you may want to
use "-A" instead which turns on both "-O" and "-sV".

Hope that helps.

Brandon


Currently, I am using -A in the tool I have built. What i am looking
for is nmap to display the banners for the service not just the
version and service name.

Example:

$ telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2

Which is different from:

$ nmap -A 127.0.0.1
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-01-13
14:39 EST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1658 ports scanned but not shown below are in state: closed)
   PORT    STATE SERVICE VERSION
   22/tcp  open  ssh     OpenSSH 3.9p1 (protocol 2.0)

Nmap run completed -- 1 IP address (1 host up) scanned in 15.418
seconds


Regards,
Josh



--
Brandon Enright
UCSD ACS/Network Operations
bmenrigh () ucsd edu



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev 



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]