amap
Identify applications and services on network ports
SYNOPSIS
amap [options] target
PARAMETERS
-h
Help: Display this help text.
-b
Banner grabbing mode.
-i file
Read targets from file.
-t timeout
Connection timeout in seconds.
-q
Quiet mode. Only display identified applications.
-v
Verbose mode. Show all probes and responses.
-d
Debug mode. Shows more detailed information.
-m
Try all prober modules on each target port.
-g
Try all SSL/TLS probes.
-H
Hostname to send.
-P protocol
use only certain protocol. TCP or UDP
target
The target host or network. Can be a hostname, IP address, or network range.
DESCRIPTION
amap is a powerful tool used for identifying network applications and services running on a target host. It goes beyond simple port scanning by actively probing identified ports with various protocol-specific requests to determine the application actually listening. This "application mapping" is crucial for accurate security assessments, penetration testing, and general network reconnaissance. Unlike tools that rely solely on port numbers or banners, amap attempts to determine the application by analyzing its responses to carefully crafted probes. It uses a database of known signatures to identify the service.
amap is highly configurable, allowing you to specify the target host, port ranges, probing techniques, and the level of verbosity. It can also be used to identify SSL/TLS enabled services. The results provide more reliable application identification than passive methods.
CAVEATS
amap can be noisy and potentially trigger intrusion detection systems. It is crucial to use it responsibly and with proper authorization. Accuracy depends on the quality of its signature database. Some applications may be misidentified or remain unidentified. The active probing can potentially destabilize poorly written services.
TARGET SPECIFICATION
The target can be a single hostname or IP address, or a network range specified in CIDR notation (e.g., 192.168.1.0/24). Multiple targets can be specified in a file using the -i option, one target per line.
HISTORY
amap was developed to provide a more accurate application identification tool than relying solely on port numbers or banner grabbing. It improves by actively attempting to identify the listening service using protocol specific interactions. It has been used widely in penetration testing and security audits since its initial release. It has been improved with new signatures and probes for many different applications