netcat can be used to quickly grab a service banner, as well as trusty nmap. I’ll show you some tips!
The netcat command is simply:
$ nc [target] [port]
Add tack v to get more verbosity.
Examples:
$ nc -v scottlinux.com 22 Connection to scottlinux.com 22 port [tcp/ssh] succeeded! SSH-2.0-OpenSSH_5.3p1
$ nc -v scottlinux.com 80 Connection to scottlinux.com 80 port [tcp/http] succeeded! HEAD / HTTP/1.1 [enter, enter] HTTP/1.1 400 Bad Request Date: Thu, 22 Dec 2011 16:17:19 GMT Server: Apache Strict-Transport-Security: max-age=43200; includeSubDomains Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=iso-8859-1
$ nc -v scottlinux.com 25 Connection to scottlinux.com 25 port [tcp/smtp] succeeded! 220 *************************
And of course nmap can be used for banner grabbing as well!
The nmap command to use which will scan all open ports and report banners is:
$ sudo nmap -sV [target]
$ nmap -sV scottlinux.com Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-22 11:37 EST Nmap scan report for scottlinux.com (173.230.156.66) Host is up (0.083s latency). rDNS record for 173.230.156.66: li166-66.members.linode.com Not shown: 996 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3p1 (protocol 2.0) 25/tcp open smtp Cisco PIX sanitized smtpd 80/tcp open http Apache httpd 443/tcp open ssl/http Apache httpd Service Info: Device: firewall Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 22.86 seconds
Sweet!
