Unlike a number of other banner grabbing tools, Banner Grab supports SSL and can perform banner grabbing on SSL-based services.
More information and the most up to date download version can be found via a link on the Titania website under 'Resources' or follow the link https://www.titania.com/freetools?tool=bannergrab and scroll down.
Requirements
Banner Grab requires the GNU C compiler and the OpenSSL library. Both of these are usually installed by default on a number of Linux distributions. Although this program has not been tested on other platforms it should work if the requirements have been met.Building
To build Banner Grab, first extract the archive and change into the source directory. Then execute the following command:gcc -lssl -o bannergrab bannergrab.c
On Mac OS-X you can use the following command:gcc -lssl -lcrypto -o bannergrab bannergrab.c
If for some reason you need to compile it without SSL support, it can be done with the following command:gcc -DNOSSL -o bannergrab bannergrab.c
Running
Banner Grab can be run, in its simplist form, by specifying the host and port as parameters.The command line arguements for Banner Grab are:
Command:
bannergrab [Options] host port
Options:
--udp Connect to a port using UDP. The
default is to use TCP.
--no-triggers Collect only the connection banner,
no triggers and no SSL.
--trigger= Specify the trigger to use. Specify
DEFAULT to use the default trigger.
--no-ssl Prevent SSL connection creation.
--no-hex Output containing non-printable
characters are converted to hex. This
option prevents the conversion.
--conn-time= Connection timeout (default is 5s).
--read-time= Read timeout (default is 3s).
--verbose Show additional program details
such as any errors.
--show-triggers Show the supported triggers.
--version Show the program version.
--help Display the help text you are
reading now.
Triggers
For those of you that do not want to go through the code here is a brief description of what Banner Grabs actions will be when connecting to a port. This is of course dependant on the user not simply disabling the triggers.Banner Grab will look at the port number that has been specified and try to match it to a trigger/set of triggers. It does NOT probe the service to determine this. If a trigger is found for that port then it will use that, otherwise it will use the default one.
The triggers for the service will be sent one after another and the response captured. It is as simple as that.
The triggers do the following:
FTP
* Asks for help.
* Attempts to login anonymously.
* Quits.
SMTP
* Says Hello.
* Asks for help.
* Attempts to VRFY postmaster.
* Attempts to VRFY bannergrab123.
* Attempts to EXPN postmaster.
* Quits.
Telnet
* Sends two carridge returns.
Finger
* Attempts to enumerate a few users.
HTTP(S)
* Asks for OPTIONS.
POP2/3
* Quits.
NNTP
* Asks for HELP.
* Lists the newsgroups.
* Quits.
FW1 Admin
* Attempts to list IPs.
FW1 Auth
* Sends two carridge returns.
LDAP(S)
* Performs an Anonymous bind.
* Gets a list of base Distinguished
Names (DN).
MSSQL
* Attempts a login using BannerGrab
user.
MySQL
* Waits longer for a MySQL response.
Discard/Echo
* Send echo.
Chargen/Daytime/QOTD/SSH/VMWare/Printer
* Send nothing.
NTP
* Queries time
* Queries read list
* Queries peers
SNMP
* Sends "public" community string
* Sends "private" community string
NetBIOS Name Service
* Name query
ALL OTHERS (Default)
* Send OPTIONS and ask for HELP.
Licence
SSLScan is covered by the GPL version 3 licence with the following exclusion:In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
You can get a copy of the GPLv3 license from www.titania-security.com For legacy downloads and the latest download please go to the 'Resources' on the Titania website or follow the link https://www.titania.com/freetools?tool=bannergrab
No comments:
Post a Comment
Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.