{"id":2143,"date":"2015-03-03T15:38:09","date_gmt":"2015-03-03T15:38:09","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=2143"},"modified":"2015-03-03T15:38:09","modified_gmt":"2015-03-03T15:38:09","slug":"using-nmap-to-identify-applications","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=2143","title":{"rendered":"Using nMap to Identify Applications"},"content":{"rendered":"<p>nMap uses a list of &#8220;default&#8221; applications in the nmap services file, used to list services running on scanned open ports.\u00a0 To see the &#8220;real&#8221; application execute nMap using the &#8220;-sV&#8221; option. <!--more--><\/p>\n<p><strong>nmap -T4 -F 195.88.229.107<\/strong><br \/>\nStarting Nmap 6.47 ( http:\/\/nmap.org ) at 2015-03-03 15:14 GMT Standard Time<br \/>\nNmap scan report for x.x.x.x<br \/>\nHost is up (0.016s latency).<br \/>\nNot shown: 90 closed ports<br \/>\nPORT\u00a0\u00a0\u00a0\u00a0 STATE SERVICE<br \/>\n25\/tcp\u00a0\u00a0 open\u00a0 smtp<br \/>\n135\/tcp\u00a0 open\u00a0 msrpc<br \/>\n139\/tcp\u00a0 open\u00a0 netbios-ssn<br \/>\n389\/tcp\u00a0 open\u00a0 ldap<br \/>\n443\/tcp\u00a0 open\u00a0 https<br \/>\n445\/tcp\u00a0 open\u00a0 microsoft-ds<br \/>\n995\/tcp\u00a0 open\u00a0 pop3s<br \/>\n1027\/tcp open\u00a0 IIS<br \/>\n1028\/tcp open\u00a0 unknown<br \/>\n8081\/tcp open\u00a0 blackice-icecap<br \/>\nNmap done: 1 IP address (1 host up) scanned in 112.14 seconds<\/p>\n<p><strong>nmap -sV -F 195.88.229.107<\/strong><br \/>\nStarting Nmap 6.47 ( http:\/\/nmap.org ) at 2015-03-03 15:24 GMT Standard Time<br \/>\nNmap scan report for 195.88.229.107<br \/>\nHost is up (0.015s latency).<br \/>\nNot shown: 90 closed ports<br \/>\nPORT\u00a0\u00a0\u00a0\u00a0 STATE SERVICE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 VERSION<br \/>\n25\/tcp\u00a0\u00a0 open\u00a0 smtp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Lotus Domino smtpd 8.5.2FP3<br \/>\n135\/tcp\u00a0 open\u00a0 msrpc\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Microsoft Windows RPC<br \/>\n139\/tcp\u00a0 open\u00a0 netbios-ssn<br \/>\n389\/tcp\u00a0 open\u00a0 ldap\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (Anonymous bind OK)<br \/>\n443\/tcp\u00a0 open\u00a0 ssl\/http\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Lotus Domino httpd<br \/>\n445\/tcp\u00a0 open\u00a0 microsoft-ds\u00a0\u00a0\u00a0\u00a0 Microsoft Windows 2003 or 2008 microsoft-ds<br \/>\n995\/tcp\u00a0 open\u00a0 ssl\/pop3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Lotus Domino POP3 server 8.5.2FP3<br \/>\n1027\/tcp open\u00a0 IIS?<br \/>\n1028\/tcp open\u00a0 unknown<br \/>\n8081\/tcp open\u00a0 blackice-icecap?<br \/>\n1 service unrecognized despite returning data. If you know the service\/version, please submit the following fingerprint at http:\/\/www.insecure.org\/cgi-bin\/servicefp-submit.cgi :<br \/>\nSF-Port8081-TCP:V=6.47%I=7%D=3\/3%Time=54F5D2B8%P=i686-pc-windows-windows%r<br \/>\nSF:(GetRequest,55,&#8221;HTTP\/1\\.1\\x20403\\x20Forbidden\\r\\nContent-Type:\\x20text\/<br \/>\nSF:plain\\r\\nContent-Length:\\x2013\\r\\n\\r\\n403\\x20Forbidden&#8221;)%r(FourOhFourRe<br \/>\nSF:quest,55,&#8221;HTTP\/1\\.1\\x20403\\x20Forbidden\\r\\nContent-Type:\\x20text\/plain\\<br \/>\nSF:r\\nContent-Length:\\x2013\\r\\n\\r\\n403\\x20Forbidden&#8221;)%r(HTTPOptions,55,&#8221;HT<br \/>\nSF:TP\/1\\.1\\x20404\\x20Not\\x20Found\\r\\nContent-Type:\\x20text\/plain\\r\\nConten<br \/>\nSF:t-Length:\\x2013\\r\\n\\r\\n404\\x20Not\\x20Found&#8221;);<br \/>\nService Info: Host: mobile.darenmatthews.com; OS: Windows; CPE: cpe:\/o:microsoft:windows<br \/>\nService detection performed. Please report any incorrect results at http:\/\/nmap.org\/submit\/ .<\/p>\n<p>Nmap done: 1 IP address (1 host up) scanned in 140.66 seconds<\/p>\n","protected":false},"excerpt":{"rendered":"<p>nMap uses a list of &#8220;default&#8221; applications in the nmap services file, used to list services running on scanned open ports.\u00a0 To see the &#8220;real&#8221; application execute nMap using the &#8220;-sV&#8221; option.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[84,18,53,13],"tags":[79],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2143"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2143"}],"version-history":[{"count":1,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2143\/revisions"}],"predecessor-version":[{"id":2144,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2143\/revisions\/2144"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2143"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}