File: README

package info (click to toggle)
amap 0.95-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 140 kB
  • ctags: 130
  • sloc: ansic: 1,041; makefile: 74; sh: 33
file content (80 lines) | stat: -rw-r--r-- 2,110 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
AMAP v0.95 NGST (Next Generation Scanning Tool)


Introduction.
-------------

This is the first public beta release of Amap, v0.95. Amap is a 
next-generation scanning tool for pentesters. It attempts to identify
applications even if they are running on a different port than normal. 
It also identifies non-ascii based applications. It does this by sending
trigger packets, and looking up the responses in a list of response strings. 

Without filled databases containing triggers and responses, the tool is
worthless, so I ask you to help us fill the database. How to do this? Well,
whenever a client application connects to a server, some kind of handshake
is exchanged (at least, usually. Syslogd for instance won't say nothing, and
snmpd without the right community string neither). Anyway, amap takes the
first packet sent back and compares it to a list of signature responses. Really
simple, actually. And in reality, it turns out really to be that simple,
at least, for most protocols.

So now, with amap, you can identify that SSL server running on port 3442, 
as well as that Oracle listener on port 23. 

Installing.
-----------

Type:

make install

The triggers and responses.
---------------------------

Take a look at the supplied appdefs.trig and appdefs.resp files. Much will
become clear. 

Essentials.
-----------

Amap takes nmap -m output files as input. You can specify a single IP
address and port on the command line, but usually, you'd run it from a nmap
file, thusly:

amap -i results.nmap -o results.amap

or:

amap -d -sT 127.0.0.1 443

Other switches and options can be seen by typing:

amap -h

Contributing.
-------------

Send us the initial packets (sent and received) in tcpdump format for all
wacko, proprietary and obscure applications. Send them to:
amap-defs@tink.org. Please include application name and version. A
web-enabled interface with uploader will become available soon for your
convenience. 

Bugs.
-----

Probably many. Send bugreports to amap-bugs@tink.org. 

To do.
------

see the TODO file


TNX.
----

T1nk, van Hauser, Guido van Rooij, Unicorn, Arhab