Jump to navigation Jump to search
THC AMAP is a scanner that identifies (fingerprinting) applications/services installed on a remote machine. Its database is not as complete as the Nmap's one but results sometimes defer. The tool can be used to confirm or complete a Nmap analysis.
$ cd /data/src/ $ wget http://freeworld.thc.org/releases/amap-5.2.tar.gz $ tar xzvf amap-5.2.tar.gz $ cd amap-5.2/
At this stage, it is necessary to apply following patch:
$ wget http://dl.dropbox.com/u/10761700/amap.h.patch $ patch -p0 < amap.h.patch
This patch enables to update the URL in amap.h and that is used by the updater. Unless you patch it, you won't be able to use the online updater. Indeed, the URL is incorrect (redirect) and the updater is unable to complete its process.
$ ./configure $ make $ sudo make install
make install may output an error related to the creation of a symbolic link. Although, it is not blocking the installation.
$ amap [-A|-B|-P|-W] [-1buSRHUdqv] [[-m] -o <file>] [-D <file>] [-t/-T sec] [-c cons] [-C retries] [-p proto] [-i <file>] [target port [port] ...]
- Map applications: send triggers and analyse responses (default)
- Just grab banners, do not send triggers
- No banner or application stuff - be a (full connect) port scanner
- Web Update - online update the application fingerprint database!
If you haven't applied the patch (see installation section), you won't be able to use the updater since the URL has not been updated.
Please notice that the updater needs root privileges since amap is installed in /usr/local/bin. Try sudo amap -W.
- Only send triggers to a port until 1st identification. Speeeeed!
- Use IPv6 instead of IPv4
- Print ascii banner of responses
- -i <file>
- Nmap machine readable outputfile to read ports from
- Ports specified on commandline are UDP (default is TCP)
- Do NOT dump unrecognised responses (better for scripting)
- Dump all responses
- Verbose mode, use twice (or more!) for debug (not recommended :-)
- Do not report closed ports, and do not print them as unidentified
- -o FILE [-m]
- Write output to file FILE
- -m creates machine readable output
- -p <proto>
- Only send triggers for this protocol (e.g. ftp)
- Do NOT identify RPC / SSL services
- -c <connections>
- Amount of parallel connections to make (default 32, max 256)
- -C <retries>
- Number of reconnects on connect timeouts (see -T) (default 3)
- -T <sec>
- Connect timeout on connection attempts in seconds (default 5)
- -t <sec>
- Response wait timeout in seconds (default 5)
- Do NOT send application triggers marked as potentially harmful
$ amap -bqv 192.168.100.1 22 Using trigger file ./appdefs.trig ... loaded 30 triggers Using response file ./appdefs.resp ... loaded 346 responses Using trigger file ./appdefs.rpc ... loaded 450 triggers amap v5.2 (freeworld.thc.org/thc-amap) started at 2010-12-06 06:52:35 - MAPPING mode Total amount of tasks to perform in plain connect mode: 23 Waiting for timeout on 23 connections ... Protocol on 192.168.100.1:22/tcp (by trigger http) matches ssh - banner: SSH-2.0-OpenSSH_5.1p1 Debian-5\r\n Protocol on 192.168.100.1:22/tcp (by trigger http) matches ssh-openssh - banner: SSH-2.0-OpenSSH_5.1p1 Debian-5\r\n amap v5.2 finished at 2010-12-06 06:52:41