Wednesday, January 18, 2012


Information Gathering -> Network Analysis -> Service fingerprinting -> amap

amap is good for detecting applications / services on a given port. We can reveal the app name and even its version number. It works by sending a trigger message to the port, and compares it's database with the response.

The location of the amap trigger files and response database in BackTrack5:


root@bt:~# amap <- prints the available options

root@bt:~# amap -b 21 <- examining port 21, with printing the banner

root@bt:~# amap -bq 21 80 <- scanning port 21, 80, prints banner, but if a port is closed it doesn't give any information about that. If we want to scan multiple ports we need to list them with a space delimiter.

Official website:

No comments: