How to — Banner Grabbing

Banner Gabbing also known as Service Fingerprinting refers to a text message received from the host containing information about the open ports and services and their version numbers.

These are highly used by hackers and pen-testers to analyze the system in depth.

Let’s see how to perform banner grabbing using various tools available by default in our favorite Kali Linux :) You can always choose to install the tool using apt-get install into any other Linux distro.

The tools we are going to use are: Whatweb, Curl, Wget, netcat, telnet, nikto and Nmap.

So, Let’s get started :)

1. Whatweb

Go to Kali and open the terminal. Into it, type — whatweb <website_url/ip> . Here for demo purposes, I’ve used testphp site. Instead of the URL, you can also provide an IP as well.

using Whatweb for banner grabbing

2. Curl

Go to the Kali terminal and type curl -I <website_url/IP> . In curl, -I switch fetches the header.

using Curl for banner grabbing

3. Wget

Most of you might use wget to download some stuff using CLI which indeed looks cool. But, wget can also help us in performing Banner Grabbing. Let's see how.

Go to the Kali terminal and type wget -q -S <website_url/IP> . in wget, the -q switch is for quiet which helps in preventing unwanted output, and the -S switch is for getting Server response. Using wget also downloads the HTML file of the URL :)

using wget for banner grabbing without -q switch

using wget for banner grabbing with -q switch

4. Netcat

Method-1: Go to Kali terminal and type nc <hostname/ip> 80and press Enter. Then you will see a prompt — type HTTP/1.1 200 and then hit Enter. HTTP/1.1 is the version of HTTP you are specifying and 200 is the HTTP status code.

using netcat for banner grabbing

Method-2: Go to Kali terminal and type nc <hostname/ip>and press Enter. Then you will see a prompt — type HEAD HTTP/ /1.0and then hit Enter. HEAD is the HTTP verb, HTTP/ denotes the root of the page and /1.0 is the HTTP version.

using netcat for banner grabbing

5. Telnet

Go to Kali terminal and type telnet <hostname/IP> 80 and hit Enter. You will see a prompt like this.

telnet prompt for banner grabbing

Then in the prompt type HEAD HTTP/ /1.0 and hit Enter. You will get the output.

Using telnet for banner grabbing

6. Nikto

Go to the Kali Terminal and type nikto -h <website_url> then hit Enter. You will see the banner as the output. Press Ctrl+C to stop the unwanted prompt.

using nikto for banner grabbing

7. Nmap

Finally, with our last tool, let’s see the way we could perform banner grabbing.

Go to the terminal and type nmap -sV -A <hostname/ip> -p 80 and hit Enter. In Nmap, the -sV switch is used for service version detection, the -A switch is used for Aggressive scan, and the -p switch is used for defining the port.

using Nmap for banner grabbing

Here, we’ve come to an end of the banner-grabbing techniques. No doubt there are plenty of other tools and techniques to perform banner grabbing, but these are the by far easiest ones you can master.

That’s all for today. See you one the next blog with a new topic. Goodbye :)