This week we are using Netcat for Banner Grabbing of website pages.

Download HD  |   Download MP4



Netcat 101: Using Netcat for Banner Grabbing

Banner grabbing is a little bit more complex than just chatting or transferring files on Netcat. This is something that you can find useful if you need to do a penetration test or a specific port, or find out what version or patch is running on a server. “Can’t you use Telnet for that, Shannon?” Well, yes, but alternatively, Netcat can be used, which WILL NOT alter the stream of data, unlike Telnet.

To do a banner grab, type nc 81. This opens Netcat, to our router’s IP address, on port 81. Then type: HTTP/1.1 200 . Since our server is running Apache, it won’t respond to anything until we give it a specific request.

Obviously, this may change a bit for your own setup. Port 81 for me, is an open port for this network, so I’m freely using it. This is not a very stealthy approach, so anything you send out will be logged on the server you’re sending it to.

You will receive some basic information about your server once it has replied.

I can also connect to our SSH server using: nc 222 (a different port, but same internal IP). Or Google! ncat 80. GET / HTTP/1.1.

Why would this be useful? What could I use this for as a systems admin? Here is a simple example:

We have several products running in our office using SSH, but I don’t know which ones have been updated. I know we have an SSH server running on 222, and a WiFi Pineapple running on port 22.

I can type nc 222, and the same for the Pineapple on port 22. If I look at these versions, I need to update the first one. That’s one quick and easy way to do some homework.

Do you use Netcat? Send me a comment below or email us at Here’s a quick tip! I found a printable card with all sorts of Netcat commands and relays that is available online for free! The link is available here.

And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to Trust Your Technolust.

Leave a Reply

Your email address will not be published. Required fields are marked *