Tweet
Banner grabbing is a process used to determine information about services running on ports found to be open and listening on a target system. This is extremely useful to penetration testers during their assessment process. Typically the technique is undertaken using a telnet like client to retrieve banner information about the target that reveals the nature of the service.
A banner is what a service returns to the requesting client to give information about the service itself. Information that the banner reveals can be varied, but often include information such as the server software, version number, when it was last modified, the operating system the server software was build for and similar information.
A wealth of tools enable the penetration tester to do banner grabbing by hand.
nc
Netcat was written by a guy we know as the Hobbit and is the TCP/IP swiss army knife. Even though the tool has limited functionality it seems to have a lot of uses. It is a widely used tool today even though it has not been maintained for several years.
Ncat
This tool is the Nmap Project version of nc and was made to add functionality to the older nc tool. This modern reimplementation supports SSL, IPv6, SOCKS and HTTP proxies, connection brokering, and more.
sbd
An older tool by Michel Blomgren very much like nc.
Socat
A tool much like Ncat but with a somewhat different command line syntax.
CryptCat
Also a tool much like Ncat.
More automated tools includes the following tools...
Netcraft
This is an online tool designed to gather information about servers.
Xprobe
This is an older linux tool that can retrieve information about a system and present it to the penetration tester.
p0f
This is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications without interfering in any way.
A banner is what a service returns to the requesting client to give information about the service itself. Information that the banner reveals can be varied, but often include information such as the server software, version number, when it was last modified, the operating system the server software was build for and similar information.
A wealth of tools enable the penetration tester to do banner grabbing by hand.
nc
Netcat was written by a guy we know as the Hobbit and is the TCP/IP swiss army knife. Even though the tool has limited functionality it seems to have a lot of uses. It is a widely used tool today even though it has not been maintained for several years.
Ncat
This tool is the Nmap Project version of nc and was made to add functionality to the older nc tool. This modern reimplementation supports SSL, IPv6, SOCKS and HTTP proxies, connection brokering, and more.
sbd
An older tool by Michel Blomgren very much like nc.
Socat
A tool much like Ncat but with a somewhat different command line syntax.
CryptCat
Also a tool much like Ncat.
More automated tools includes the following tools...
Netcraft
This is an online tool designed to gather information about servers.
Xprobe
This is an older linux tool that can retrieve information about a system and present it to the penetration tester.
p0f
This is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications without interfering in any way.