FootPrinting

Website Footprinting

Online Tools for Websites

Finding domains and IP addresses, DNS records, traceroute, nslookup, whois searches etc

LogoFree online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6centralops.net
LogoWhat's that site running?What's that site running? | Netcraft

Kali Tools

  • Photon is a Python script used to crawl a given target URL to obtain information such as URLs (in-scope and out-of-scope), URLs with parameters, email addresses, social media accounts, files, secret keys and subdomains

  • theHarvester: This tool gathers emails, subdomains, hosts, employee names, open ports, and banners from different public sources

Windows Tools

  • Web Data Extractor Pro

  • HTTrack a Website Cloner

Web Servers OpenPorts

https://www.shodan.io/www.shodan.io
LogoCensys | The Authority for Internet Intelligence and InsightsCensys

Nmap

Identifying the services running on the target system

Now that we have identified the target's IP address, we can perform a quick Nmap service version detection scan to identify the open ports running on the target and the corresponding services.

This can be done by running the following command:

As shown in the following screenshot, this scan reveals that the target only has port 22 open running SSH.

Banner grabbing with Nmap scripts

In certain cases, a traditional Nmap service version detection scan may not reveal accurate information about the exact version of a service that is running on a target system.

As a result, you may need to manually interact with a port to identify the exact service version.

Banner grabbing can be automated through the use of an Nmap script. In this case, we will be using the banner.nse script.

You can run the Nmap script when performing an Nmap scan on the target system by running the following command:

As shown in the following screenshot, the banner.nse script does not reveal any new information regarding the version of OpenSSH running on port 22.

While banner grabbing may not reveal any new information about a service running on a target, in certain cases where Nmap cannot detect the exact version of a service running on a port, you will need to revert to manual banner grabbing.

Netcat can be used to perform banner grabbing manually on a port by directly connecting to it.

This can be done by running the following command:

Netcat will connect to the port and will display the banner of the service running on that port.

As shown in the following screenshot, we can confirm that OpenSSH 7.2p2 is running on port 22 on the target.

PreviousUploading Shells/ Transferring FilesNextHost Discovery

Last updated