Greeting Everyone! Hope everything is going good As We know banner grabbing Which containing As we can Call service footprinting Which Comes Under Penetration testing phase. We are going to look different techniques to utilize Your banner grabbing phase when Your testing your target.
What is Banner grabbing?
In this phase Tester discover Targeted device services, version number verify open ports etc. This phase we can say footprinting against all services. Banner grabbing help to verifiy OS Details, Server Info as banner disclose most common vulnerability As we can say CVE According To service Version. Types Of banner Grabbing Are , Active and passive banner grabbing.
Common Way to Banner Grabbing Against Your Target
- whatweb
- wget
- cURL
- Wappalyzer
- dmitry
What Web: Whatweb is faster tool which help to grab information such as Server info, Cookie Header Info, OS with verison & IP . And web page Title etc. This tool helpfull for a tester to collect some possible Info against Target:
Usage: whaweb http://yourip
As above Picture As result we Get Server version , technology they are using as Title etc.
Curl: Curl Is really Good Command Tool which help to grab banner of http response we can check Response Section Using curl .
Usage: curl -s -I ip/domain
As above we see Respose Header Section here To utilize Your scanning Phase we used -s to prevent error message -I o print out header Informaion.
wget: Wget is good Tool to wget which most commonly used network dowloader to fetch file here wget command to capture http banner of Targeted device.
Usage: wget -q -S yourtarget
As result we get Banner Information about our arget Which contain Server veriosn As we Define -o we used to progress our output -S Which helps to print out info As result.
Wappalyzer: Wappalyzer is exension based tool which grab Possible information about target As Framework they are using, Server version, programmin Language, Technology etc.
Usage: Download Extension:
For Chrome : https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en
Mozila : https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/
dmitry : Dmitry help you to gather as much information as possible about a host. It helps to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups etc.
Usage: dmitry 94.126.67.63
As above picure We See Open Port Or different info Regarding network information.
Conclusion: As Today we Discussed How To Utlize Your Banner grabbing Phase While Tesing Against target. As we Used Different Tool which default with Some Linux distribuion Such as Kali linux, Parrot os etc. We Grabbed Info Such as server Info, Technology info, Services, Port, Programming laguage etc.
Stick With Our Blog : Click Here
Author
Pallab Jyoti Borah
VAPT Analyst