How can we use it with Nmap ?

[neginsadeghi]

Can you please tell me if it's possible to give nmap xml report to this tool and this project try to recognize the services ?

[mkienow-r7]

@neginsadeghi There is no existing tooling for the direct processing of an nmap XML report. You could extract the banner strings and process those using the ./bin/recog_match tool.

[neginsadeghi]

Can you please tell me which tool you would use for banner grabbing except nmap ?

Is there any banner grabber in chain with Recog what I could automate the process ?

[mkienow-r7]

@neginsadeghi I'm not aware of any banner grabbing tool that has integrated the recog framework. While it doesn't address your immediate need, this sort of tool is on the recog roadmap!

If one were comfortable with the command line, or possibly some light scripting, using banner data from nmap output shouldn't be too difficult. I have not looked at doing that yet, however, I have done a few experiments with zgrab2. Let's say I'm interested in fingerprinting HTTP server headers. In one terminal, I start a simple HTTP server for the demonstration using python python3 -m http.server. Then, in another terminal I use zgrab2 to query the service on port 8000, extract the banner value from the JSON output using jq and pipe it through the recog_match tool to fingerprint the value.

$ echo "127.0.0.1" | ./zgrab2 http --port=8000 2> /dev/null | jq -r '.data.http.result.response.headers.server[0]' | ./bin/recog_match xml/http_servers.xml
MATCH: {"matched"=>"SimpleHTTPRequestHandler Python class is a simple HTTP request handler.", "service.vendor"=>"Python Software Foundation", "service.product"=>"SimpleHTTP", "service.family"=>"Python", "service.version"=>"0.6", "python.version"=>"3.10.4", "service.protocol"=>"http", "fingerprint_db"=>"http_header.server", "data"=>"SimpleHTTP/0.6 Python/3.10.4"}