Wednesday, January 18, 2012

amap

Information Gathering -> Network Analysis -> Service fingerprinting -> amap

amap is good for detecting applications / services on a given port. We can reveal the app name and even its version number. It works by sending a trigger message to the port, and compares it's database with the response.

The location of the amap trigger files and response database in BackTrack5:
/usr/local/etc/appdefs.trig
/usr/local/etc/appdefs.resp

Example:

root@bt:~# amap <- prints the available options

root@bt:~# amap -b 192.168.1.11 21 <- examining port 21, with printing the banner

root@bt:~# amap -bq 192.168.1.11 21 80 <- scanning port 21, 80, prints banner, but if a port is closed it doesn't give any information about that. If we want to scan multiple ports we need to list them with a space delimiter.


Official website: http://thc.org/thc-amap/

No comments: