After identifying live systems on the target range and enumerating open ports on those systems, it is important to start gathering information about them and services that are associated with the open ports. In this chapter, we will discuss different techniques used to fingerprint systems and services with Kali Linux. These techniques will include banner grabbing, service probe identification, operating system identification, SNMP information gathering, and Firewall identification. Specific recipes in this chapter include the following:
Banner grabbing with Netcat
Banner grabbing with Python sockets
Banner grabbing with Dmitry
Banner grabbing with Nmap NSE
Banner grabbing with Amap
Service identification with Nmap
Service identification with Amap
Operating system identification with Scapy
Operating system identification with Nmap
Operating system identification with xProbe2
Passive operating system identification with p0f
SNMP analysis with Onesixtyone
SNMP analysis with SNMPwalk...