Open in app

Sign in

Write

Sign in

Banner Grabbing

Ashish Khare
5 min readJul 12, 2022

--

Hey guys Ashish this side. In this article, we’ll take a tour of “Banner Grabbing” and learn how the different command-line tools and web interfaces help us to grab the banner of a webserver and its running services…. Grabbing a banner is the most important phase in both the offensive and defensive penetration testing environments.

Table of Content

  • Introduction
  • Why Banner Grabbing?
  • Types of Banner Grabbing
  • Banner grabbing using Kali Linux
  • whatweb
  • cURL
  • wget
  • telnet
  • netcat
  • Nikto
  • Nmap
  • Dmitry
  • Banner grabbing using Netcraft
  • Banner grabbing over Burpsuite
  • Banner grabbing using ID Serve

Introduction:

“Banner Grabbing” is often termed as “Service Fingerprinting”.

Banner refers to a text message received from the host, usually, it includes information about the open ports and services with their version numbers.

Why Banner Grabbing?

Banner Grabbing allows an attacker to discover network hosts and running services with their versions on the open ports and moreover operating systems so that he can exploit the remote host server.

Banner Disclosure is the most common vulnerability with a “CWE-200 i.e. Exposure of Sensitive Information to an Unauthorized Actor” and a “CVSS Score of 5.0 with the Risk factor as Medium.”

Types of Banner Grabbing:

  1. Active Banner grabbing –In this, the attacker craft or modify his/her own packets and send them to the remote host server and analyses the response data in order to get the operating system information and the services running with their versions.
  2. Passive Banner grabbing –Here the attacker collects data about our target using publically available information i.e. by analyzing the server either with the help of “Error Messages” or by “Sniffing up the Network Traffic”.

Banner grabbing using Kali Linux:

*WhatWeb

“WhatWeb” recognizes websites, which helps us to grab the web-applications banner by disclosing the server information with its version, the IP address, the webpage Title, and running operating system.

whatweb http://192.168.95.130

*cURL

The cURL command includes the functionality for retrieving the banner details from HTTP servers. Just execute the following command, and discover what we grab:

curl -s -I 192.168.95.130

However to fetch a clean result, we are using the -s flag to prevent the progress of the error messages from being displayed, and the -I flag to simply print out the header information of all requested pages.

*Wget

We will be using the wget command to capture the HTTP banner of the remote server.

wget -q -S 192.168.95.130

The –q flag will cover up the progress of our output, while the -S flag will print out the header information of all requested pages.

*Telnet

We will be using the Telnet protocol in order to interact with services to grab their banners.

Type the following command to grab the FTP banner of the remote server.

*Netcat

Netcat is a network utility that will help us to grab the SSH banner of the remote host server.

nc 192.168.95.130 22

*Nikto

Nikto is an open-source web-application scanner, which we’ll be using to grab a banner of a website running on an Ubuntu server.

Type the following command in order to capture the installed web server — its version, the configuration index files, the HTTP server options and a list of other useful details.

nikto -h http://192.168.95.130

*Nmap

We’ll use Nmap as a simple banner grabber which connects to an open TCP port and prints out anything sent by the listening service within a couple of seconds

nmap -sV --script=banner 192.168.95.129

The -sV flag prints out the version of the running service.

*Dmitry

Dmitry (Deepmagic Information Gathering Tool) has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and many more.

The –pb flag is used to grab the banner for all the open-ports of the remote host.

Fire the following command to grab the banners of the running services.

dmitry -pb 192.168.95.130

*Banner Grabbing using Netcraft

Netcraft is one of the most operatable information gathering web-interface which help us to check the technologies and the infrastructure of the web-applications.

So I’ll be using a demo website over Netcraft in order to grab some service banners and capture all the possible information.

From the above image, you can see that I have grabbed the Hosting History of testphp.vulnweb.com, which shows up the IP addresses, the operating systems and the webservers along with their last seen.

*Banner Grabbing over Burpsuite

While performing an attack or a penetration test, we all use burp suite somewhere or the other, but does it help us to identify the target’s web server?

Yes, we can simply grab the server’s information through the response generated by the repeater.

From the below screenshot you can see that I’ve sent the interpreted request into the repeater. As soon as I hit the send button, the response will be executed and on the right-hand side you will get the captured server details as Apache/2.2.4 (Ubuntu)

*Banner Grabbing using ID serve

ID Server is a free and a general-purpose Internet server identification utility which helps us to grab the banner of a remote host. You can download the tool from here.

Just enter the target’s website URL and hit the “Query This Server” button. And there it goes, it dumps everything it could, including the IP addresses, open ports, cookie and the server information.

If this article was helpful consider following me and a clap would really motivate me to write more such blogs & articles.

Keep Coming for more.

Happy Hacking!!!

Hacking
Cybersecurity
Kali Linux
Networking
Network Security

--

--

Ashish Khare

Written by Ashish Khare

18 Followers

CEHv12 | Penetration Tester | Red-Teamer | Security Analyst

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams