amap is good for detecting applications / services on a given port. We can reveal the app name and even its version number. It works by sending a trigger message to the port, and compares it's database with the response.
The location of the amap trigger files and response database in BackTrack5:
/usr/local/etc/appdefs.trig
/usr/local/etc/appdefs.resp
Example:
root@bt:~# amap <- prints the available options
root@bt:~# amap -b 192.168.1.11 21 <- examining port 21, with printing the banner
root@bt:~# amap -bq 192.168.1.11 21 80 <- scanning port 21, 80, prints banner, but if a port is closed it doesn't give any information about that. If we want to scan multiple ports we need to list them with a space delimiter.
Official website: http://thc.org/thc-amap/
No comments:
Post a Comment