`

echo "Running netcat on ${ip}:${PORT}"

result=$(echo -e "\n" | nc -v "${ip}" -w 1 "${PORT}" 2> /dev/null)

5 if [[ -n "${result}" ]]; then

echo "==================="

echo "+ IP Address: ${ip}"

echo "+ Banner: ${result}"

echo "==================="

fi

done < "${FILE}"

Listing 4-14

Banner grabbing using Netcat

This script accepts two parameters on the command line: FILE

and PORT. We use an if condition to check whether two arguments

were indeed passed on the command line 1; if not, we exit with a

status code of 1 (fail) and print a usage message indicating how to

run the script. We then use another if condition to check whether

the file provided by the user actually exists on disk using the -f test

2.

At 3, we check that the port provided by the user is a number.

Anything other than a number will fail. Then we read the host file

line by line and run the nc (netcat) command on the given port for

each 4. Another if condition to check whether the command result

is not empty 5, meaning a port was found open, and prints the IP

address and data that returned from the server.

You can download the script at https://github.com/dolevf/Black-

Hat-Bash/blob/master/ch04/netcat_banner_grab.sh.

Detecting HTTP Responses with cURL

You’ll often find the popular cURL HTTP client on production

systems. When we need to perform banner grabbing on HTTP

responses, we could use cURL to send an HTTP request using the

HEAD method. The HEAD method allows us to read response

headers without fetching the entire response payload from the web

server.

Web servers often advertise themselves by setting the Server

HTTP response header to their name. Sometimes, you may also

encounter the running version advertised there. The following

command sends an HTTP HEAD request using cURL to the IP

address 172.16.10.10:8081 (p-web-01):

$ curl –head 172.16.10.10:8081

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks