Identifying Services Through Banner Grabbing

Introduction to banner grabbing

A vulnerability scanner can identify vulnerable applications by looking them up in a tool such as the National Vulnerability Database (NVD). The NVD is a free, publicly available repository of information on all publicly-reported vulnerabilities.

However, looking up an application in the NVD requires knowledge of the application’s name and version number. The ability to determine this is the secret sauce that makes vulnerability scanners valuable.

In some cases, identifying an application is as simple as starting to communicate with it. Some protocols are designed to have a banner message, which is sent by the server when a client connects to it. This banner can contain information about the server software. Banner grabbing is the practice of connecting to a service and collecting this information.

TFTP banner grabbing

TFTP is one of these protocols that provides banner information. In the terminal below, enter the telnet 127.0.0.1 21 command to connect to the local TFTP server.