Banner Grabbing

[Sniper]

Hi People, I was wondering, how would you banner grab for the following protocols?

TFTP

DNS

SNMP

[VaKo]

Telnet, beyond that I would be interested to know myself. Nmap should be able to do it.

[Sniper]

I know netcat would do it... but would it return anything? this is what i am interested in... netcat in particular....

[VaKo]

As far as I am aware, netcat is just a low level tool for piping data over network connections. You could use it to do banner grabbing but it would work in exactly the same way as using telnet, just with more work involved. Telnet is pretty much a perfect for the job.

[digip]

Banner gabbing http data with Telnet is as easy as opening port 80 and giving it the HEAD command.

HEAD / HTTP/1.1

GET would return the page, but not the server info, like Apache, PHP, etc, which is in the header. Its also easy to run wireshark and just look at the output, as its the same information, but with more detailed.

I personally use wget to do banner grabs myself. Here is what I use to grab the banner(header) as well as the page and cookies(no certificates):

ECHO [Wget Webpage (with Headers + Cookies) from what site?]
SET /P website="[example: www.google.com] : "

wget -d -o debug.txt --save-headers --save-cookies "%website%".cookie.txt "%website%" --user-agent="Opera/9.51 Beta (Microsoft Windows; PPC; Opera Mobi/1718; U; en)" --no-check-certificate

Save it in a bat file and run it(just don't name it wget.bat since its the same command it calls). It prompts you for the site you want to grab, just enter the website url and it does the rest. You can change the User Agent to anything, I just change it because some sites block the "wget" user agent.

http://gnuwin32.sourceforge.net/packages/wget.htm