Service identification with Amap
Amap is a cousin of Nmap, and was designed specifically for the purpose of identifying network services. In this specific recipe, we will explain how to use Amap to perform service identification.
Getting ready
To use Amap to perform service identification, you will need to have a remote system running network services that can be probed and inspected. In the examples provided, an instance of Metasploitable2 is used to perform this task. For more information on setting up Metasploitable2, please refer to the Installing Metasploitable2 recipe in Chapter 1, Getting Started.
How to do it…
To perform service identification on a single port, run Amap with the IP address and port number specifications:
root@KaliLinux:~# amap 172.16.36.135 80 amap v5.4 (www.thc.org/thc-amap) started at 2013-12-19 05:26:13 - APPLICATION MAPPING mode Protocol on 172.16.36.135:80/tcp matches http Protocol on 172.16.36.135:80/tcp matches http-apache-2 Unidentified ports: none. amap v5...
