Interesting Find: THC-AMAP – fast and reliable application fingerprint mapper
The Hackers Choice http://www.thc.org
THC-Amap Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to. amap-5.2.tar.gz You can download the current trigger, response and rpc detection information here (if you have amap 5.0 or newer, "amap -W" does an automatic Online Web Update of these files): appdefs.trig appdefs.resp appdefs.rpc Last update 2006-01-23 (note that database updates are not counted) [0x00] News and Changelog CHANGELOG for 5.2: ! THIS IS A THC TAX ANNIVERSARY SPECIAL RELEASE ! HAVE FUN ! * Included patch from firstname.lastname@example.org for cleaner gcc compile * Added SSL_Pending() to prevent rare locking on SSL ports, thanks to michel(at)arboi.fr.eu.org for reporting * Added lots of fingerprints, most from Johnny Cyberpunk / THC -THANKS! Have fun! [0x01] Introduction Welcome to the mini website of the THC Amap project. Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings. Currently there are two tools for this purpose: amap (you are looking at it), and nmap (www.insecure.org/nmap). Both have their strength and weaknesses, as they deploy different techniques. We recommend to use both tools for reliabe identification. [0x02] Disclaimer 1. This tool is for legal purposes only! 2. If this tool is used as part of a commercial service (e.g. pentest), name, version and web address of this tool must be mentioned in the report. 3. If this tool is incorporated into a commercial tool (means: it costs money, has license costs or upgrade fees, etc.) or called by it, the name, version and web address of this tool must be mentioned in the report output of the tool. Addtionally, a commercial version, key file, etc. must be made available to the authors free of charge. 4. Beside 1. to 3. above, the GPL 2.0 applies. [0x03] Documentation Amap comes with a rather long README file that describes the details about the usage and special options. [0x04] Development & Contributions Your contributions are more than welcomed! If you find bugs, or write coded enhancements please send them to: vh (at) thc (dot) org Without filled databases containing triggers and responses, the tool is worthless, so everyone please help us to fill the fingerprint database. Collect responses and identify triggers and send them to: amap-dev (at) thc (dot) org [0x05] The Art of Downloading: Source and Binaries For your pleasure, Amap comes as source and binary release. 1. The source code of Amap: amap-5.2.tar.gz (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux and PalmOS) 2. The Win32/Cywin binary release: amap-5.2-win.zip (everything you need to run amap on win32 platforms is in this zip file) Comments and suggestions are welcome. Yours sincerly, van Hauser The Hackers Choice http://www.thc.org
THC-AMAP – fast and reliable application fingerprint mapper.