Felix Huber wrote:
> i just tried amap of thc - a application type detector.
> it seems to me that has an nice trigger collection (sap r3 etc)
>
> possible a resource for more nessus trigger? (license is also gpl)
> http://www.thehackerschoice.com/download.php?t=r&d=amap-1.2.1.tgz
> <http://www.thehackerschoice.com/download.php?t=r&d=amap-1.2.1.tgz>
I have just tried remotely detecting a CheckPonit Fw-1 (port 264, i.e.
securemote) and while the Securemote plugin (10617) does detect it amap
does not:
$ ./amap -sT XXXXXXXXXXX
Total amount of tasks to perform: 15
Amap v1.2.1b started at Tue Jan 14 11:49:06 2003, stand back and keep
the children away.
I received an unrecognized response from XXXXX tcp port 264. Please
send us this and the application name + version to amap-defs@tink.org
Response received from XXXXXX port 264 tcp (length 12 bytes):
0000: 4100 0000 0000 0004 7f00 0002
ASCII: "A"
Unidentified ports: 264:tcp (total 1).
Amap v1.2.1b ended at Tue Jan 14 11:49:45 2003
How active is this tool? Maybe a plugin could be considered (such as the
ones developed hydra's or nmap). However, I'm not sure it's worth it if
the current Nessus plugins (specially plugin 10330, i.e. find_services,
as well as others) already do the same. Maybe a review of which services
it does detect that Nessus doesn't (with current plugins) would be
appropiate. Can you do it?
Regards
Javi