Nmap Development mailing list archives
Re: [NSE] Simple Banner Grabbing, Banner Grabber and Grabber of Banners - banner.nse
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 01 Nov 2008 22:37:24 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/2008 09:08 AM, jah wrote:
On 01/11/2008 05:04, Kris Katterjohn wrote:On 10/31/2008 11:41 PM, jah wrote:Hi folks, I was looking at Nmap's TODO list and saw mention of a banner grabbing script, so for some light relief I tidied-up a script I had for just such a purpose.I guess my idea wasn't so bad after all[1] :)Hi Kris, Certainly not a bad idea. Even with --version-intensity 0 it's not possible to do pure banner grabbing without sending any probes and so using a script such as this is a good way to get maximum information without going as far as version scanning. And it's often helpful to know when a service blurts something out, without having to trawl through a --version-trace (which can be large with many targets or high intensity).
I ran your updated script against a quick 4096 random hosts and it works just like expected: 21/tcp open ftp syn-ack |_ Banner: 220 Microsoft FTP Service\x0D\x0A 22/tcp open ssh syn-ack |_ Banner: SSH-1.5-Cisco-1.25\x0A 23/tcp open telnet syn-ack |_ Banner: \xFF\xFD\x18\xFF\xFD \xFF\xFD#\xFF\xFD' 80/tcp open http syn-ack |_ Banner: HTTP/1.0 403 Forbidden\x0D\x0AContent-Type: text/html\x0D\x0... 143/tcp open imap syn-ack |_ Banner: * OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS ... 3306/tcp open mysql syn-ack |_ Banner: c\x00\x00\x00\xFFj\x04Host '[addr removed]... This conglomerate list is certainly nicer looking than what my original script would have produced since you format the data well. I do have to say that your debug message reads funny though: SCRIPT ENGINE DEBUG: Banner No Banner from [ip] on 80 tcp: TIMEOUT So just for the record I'm for the inclusion of this script. Nice job.
The odd thing is that I did a search of nmap-dev after I saw banner grabbing mentioned in the TODO list to make sure the script wasn't already floating around. I saw a thread from 2006 where it was suggested to use Amap and some stuff from 2002 which I didn't even look at. Where was your cleverly titled post [1] in these results? I guess my search term should have been "banner grabber" rather than "banner grabbing"...
I really like how I'll always be able to find this thread now ;)
Cheers for the input, jah
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSQ0gbv9K37xXYl36AQKUng//S0GWUK++ZuLJsPrQ6QVZ4NN6CXR/Q3KJ GtxBe9xPQV8nd6WMHOE3Ex3NeNdhl3obPm0gBFWZ3506P4w1tN8GC97nARAQXoKL thalwghIlbvr6of4rbbaqI6x5ZmX+pzpsCcnxgiHDkClJ34k80lRavuNvMW9FLLn Qp3P0ziTKOhETIpk7yieAFblkKncCiS/O8mhd9Ntf1gRFaJIMGsGZf0+bt9j9/oH bMMunwWwiIKUIgISKaSd3g9/DbQJBs/H/E1XAkdQlMAfSH/cOKJU5d8PdDWoc+Ae 6+B5+fte3XZ288C3BriXwgw41QAtzc8OZXsZ7jAdnO6vs2NHRFzxRYtkODg4pLzj CiR+op/cXu0y4eTifjxxtTYV5cysrkG+L8WqrDnwi3DEAXoUxzjqQI2q08PU6dvx oD0r35s7EFIYETeBj4sI0nO3HZDLnr4IClI1mAGj6w1OPnRuAPeZecmn9C5aOW45 TzC75tP+iOW7YnsPENT8iSRJvCzK00Urzx13U7nEaOOPF0zf+JtH40sps7bOzIwe HfhOWNivgG7mV3Pnyb9EpBXc9RGtraOAiZlkAeZCrNKSBtnEmQzPOT23nT/8npAB bbSB8bwXRPu65A0ll9slpKM72nXmM3OG2HsHlS7jv8a/xeoMSwd2ptAd1C5Qr/Jl FeODHPEw7Z4= =/XEr -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] Simple Banner Grabbingbanner.nse jah (Oct 31)
- Re: [NSE] Simple Banner Grabbingbanner.nse Kris Katterjohn (Oct 31)
- Re: [NSE] Simple Banner Grabbing, Banner Grabber and Grabber of Banners - banner.nse jah (Nov 01)
- Re: [NSE] Simple Banner Grabbing, Banner Grabber and Grabber of Banners - banner.nse Kris Katterjohn (Nov 01)
- Re: [NSE] Simple Banner Grabbing, Banner Grabber and Grabber of Banners - banner.nse jah (Nov 02)
- Re: [NSE] Simple Banner Grabbing, Banner Grabber and Grabber of Banners - banner.nse jah (Nov 01)
- Re: [NSE] Simple Banner Grabbingbanner.nse Kris Katterjohn (Oct 31)
- Re: [NSE] Simple Banner Grabbingbanner.nse Fyodor (Nov 03)