Banner Grabbing

Telnet Banner Grab

telnet 10.10.182.147 80
GET / HTTP/1.0
host: telnet

GET / HTTP/1.1
host: telnet

NetCat Banner Grab

nc 10.10.182.147
GET / HTTP/1.1
host: netcat

When Nmap -sV truncates or omits banner detail: Connect manually with nc and capture with tcpdump. The full banner often arrives in a PSH-ACK segment (Flags [P.]) that Nmap may not display.

# Terminal 1: capture traffic between you and target
sudo tcpdump -i eth0 host 10.10.14.2 and 10.129.2.28

# Terminal 2: connect to the service
nc -nv 10.129.2.28 25

In the tcpdump output, look for the Flags [P.] (PSH-ACK) line — it contains the full banner, e.g. 220 inlane ESMTP Postfix (Ubuntu).

GET / HTTP/1.0
host: netcat

NetCat FTP Banner Grab

Openssl banner grab

Used when https is open on the host

openssl s_client -connect domain.com:443 
GET / HTTP/1.0

HTTP Header Grabbing (curl)

# HTTP headers only (no body)
curl -I http://TARGET
curl -I https://TARGET

# Follow redirects
curl -IL http://TARGET

Look for:

Server: - Web server software/version
X-Powered-By: - Backend technology (PHP, Express, etc.)
X-Redirect-By: - CMS (e.g., WordPress)

PreviousPentesting Redis NextPentesting Rsync

Last updated 27 days ago

hashtagTelnet Banner Grab

hashtagNetCat Banner Grab

hashtagNetCat FTP Banner Grab

hashtagOpenssl banner grab

hashtagHTTP Header Grabbing (curl)

Telnet Banner Grab

NetCat Banner Grab

NetCat FTP Banner Grab

Openssl banner grab

HTTP Header Grabbing (curl)