Tuesday, November 13, 2012

(Simple, pretty crappy) Banner Grabbing with Linux

HTTP Server Banner Grab

Using netcat (nc) to interact with an HTTP server. The output can be 'teeed' and 'grepped'

$ nc www.computerbiology.com 80
GET / HTTP/1.1
Host: computerbiology.com
User-Agent: commandline :-D
Referrer: google.com

[Enter key 2x]  and you get a response like this:

HTTP/1.1 301 Moved Permanently
Date: Tue, 07 May 2013 23:29:42 GMT
Server: Apache
X-Pingback: http://www.computerbiology.com/xmlrpc.php
Location: http://www.computerbiology.com/
Content-Length: 0
Content-Type: text/html; charset=UTF-8


Telnet Server

A simple netcat one liner can be used by itself or in scripts to perform banner grabbing.

Telnet banner grab and output to file:
nc -v host.com 23 | tee output.txt | sleep 3

This command opens a verbose netcat connection, tee grabs the stdout and sends the output to a file, and sleep for a few seconds to ensure connection was made and entire banner captured.

Note: output.txt can be changed to a $var for bash scripting to reduce disk I/O