Sec-Art: Banner Grabbing with Python

In the previous post we saw the basics of banner grabbing techniques. Now we are trying to grab banners with some python scripts. In python we are going to use socket module to connect to target services. The socket module exposes the low-level C API for communicating over a network using the BSD socket interface.
It includes the socket class, for handling the actual data channel, and functions for network-related tasks such as converting a server’s name to an address and formatting data to be sent across the network. Now lets start,

 #!/usr/bin/python

 import socket
 socket.setdefaulttimeout(2)
 s = socket.socket()
 target = raw_input('Target Web Server : ')
 tport = 80
 s.connect((target, tport))
 s.send('HEAD / HEAD/1.1\nHost: ' + target + '\n\n')
 print s.recv(1024)
 s.close()

The above script is used to grab the banner of HTTP services.

Code Explanation :

 #!/usr/bin/python

The above line indicates the path of python interpreter.

 import socket

with the above line we are importing socket module from library.

 socket.setdefaulttimeout(2)

above code will set the default timeout to 2 second.

 s = socket.socket()

Creating a socket object s

 target = raw_input('Target Web Server : ')

Setting up prompt to input the target host address and storing it on variable target

 tport = 80

setting tprot variable to port 80 for http service

 s.connect((target, tport))

connect to the target host at port 80

 s.send('HEAD / HEAD/1.1\nHost: ' + target + '\n\n')

after connection, send the HEAD request to the target service.

 print s.recv(1024)

print the first 1024 bytes of response data.

 s.close()

Close the socket. Now lets run the above code :

 $ ./http_grab.py 
 Target Web Server : pentesterlab.com
 HTTP/1.1 301 Moved Permanently
 Date: Fri, 23 Feb 2018 06:24:29 GMT
 Server: Apache
 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
 Referrer-Policy: no-referrer
 Location: https://pentesterlab.com/
 Vary: Accept-Encoding
 Connection: close
 Content-Type: text/html; charset=iso-8859-1

You can also try it with local Web server

 $ ./http_grab.py 
 Target Web Server : 192.168.56.102
 HTTP/1.1 302 Found
 Date: Fri, 23 Feb 2018 06:29:10 GMT
 Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
 X-Powered-By: PHP/5.4.31
 Location: http://192.168.56.102/index.html
 Connection: close
 Content-Type: text/html

Now to grab banners of other services like SSH,we don't need to send the HEAD requests. Instead we can grab banner by just connecting to the target host. The below script will grab the SSHD banner of target host :

 #!/usr/bin/python

 import socket
 s = socket.socket()
 target = raw_input('Target Host: ')
 tport = 22
 s.connect((target, tport))
 print s.recv(1024)
 s.close()

Now lets run the above

 ajay@Test:~/CTFs/python$ ./grab.py 
 Target Host: 192.168.0.120
 SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u3

Conclusion :

Banner Grabbing can provide us some useful information about the target system, although, sometimes its not 100 percent accurate. But it is very useful technique to gather information about your target.