How to — Banner Grabbing
Banner Gabbing also known as Service Fingerprinting refers to a text message received from the host containing information about the open ports and services and their version numbers.
These are highly used by hackers and pen-testers to analyze the system in depth.
Let’s see how to perform banner grabbing using various tools available by default in our favorite Kali Linux :) You can always choose to install the tool using apt-get install into any other Linux distro.
The tools we are going to use are: Whatweb, Curl, Wget, netcat, telnet, nikto and Nmap.
So, Let’s get started :)
1. Whatweb
Go to Kali and open the terminal. Into it, type — whatweb <website_url/ip>
. Here for demo purposes, I’ve used testphp site. Instead of the URL, you can also provide an IP as well.
2. Curl
Go to the Kali terminal and type curl -I <website_url/IP>
. In curl, -I switch fetches the header.
3. Wget
Most of you might use wget to download some stuff using CLI which indeed looks cool. But, wget can also help us in performing Banner Grabbing. Let's see how.
Go to the Kali terminal and type wget -q -S <website_url/IP>
. in wget, the -q switch is for quiet which helps in preventing unwanted output, and the -S switch is for getting Server response. Using wget also downloads the HTML file of the URL :)
4. Netcat
Method-1: Go to Kali terminal and type nc <hostname/ip> 80
and press Enter. Then you will see a prompt — type HTTP/1.1 200
and then hit Enter. HTTP/1.1 is the version of HTTP you are specifying and 200 is the HTTP status code.
Method-2: Go to Kali terminal and type nc <hostname/ip>
and press Enter. Then you will see a prompt — type HEAD HTTP/ /1.0
and then hit Enter. HEAD is the HTTP verb, HTTP/ denotes the root of the page and /1.0 is the HTTP version.
5. Telnet
Go to Kali terminal and type telnet <hostname/IP> 80
and hit Enter. You will see a prompt like this.
Then in the prompt type HEAD HTTP/ /1.0
and hit Enter. You will get the output.
6. Nikto
Go to the Kali Terminal and type nikto -h <website_url>
then hit Enter. You will see the banner as the output. Press Ctrl+C to stop the unwanted prompt.
7. Nmap
Finally, with our last tool, let’s see the way we could perform banner grabbing.
Go to the terminal and type nmap -sV -A <hostname/ip> -p 80
and hit Enter. In Nmap, the -sV switch is used for service version detection, the -A switch is used for Aggressive scan, and the -p switch is used for defining the port.
Here, we’ve come to an end of the banner-grabbing techniques. No doubt there are plenty of other tools and techniques to perform banner grabbing, but these are the by far easiest ones you can master.
That’s all for today. See you one the next blog with a new topic. Goodbye :)