amap v4.0 / new THC release

Hi folks!

When our tool amap was voted into the top-75 list by the nmap users (www.insecure.org/tools/tools.html), SANS wrote an introduction (http://www.sans.org/resources/idfaq/amap.php), and the overwhelming response from users - and all that just after amaps first year - we got motivated to enhance our tool.

What does amap do? It was designed for penetration tester who have to identify services on unusual ports. So imagine someone would be running a portmapper on port 300 with an SSL front-end. Amap would report:   Protocol on 10.0.0.10:300/tcp over SSL matches rpc-rpcbind-v2 Today, it can identify all common protocols like ftp, smtp, dns, http, but also oracle listeners, micro$oft stuff, SAP R/3, any many, many more.

In this new release (v4.0), amap was rewritten from scratch, beta tested for two months and optimized as good as possible - and contains 208 application identifications.

Available from our website at http://www.thc.org

Ciao...

        van Hauser / THC

Changelog:

v4.0	July 2003 (THC public release)
	! This is the first public release of amap after its complete rewrite !
	! If you would like to be an amap beta tester, subscribe yourself to
	  our amap mailing list! send an email to: amap-subscribe@thc.org
	! What is new from the last public version (2.7):

	  + TCP connection reuse for RPC identification

	  + Banner grab mode, Portscan mode (-B, -P)


	  + for response identification (appdefs.resp):


		  * response strings are now real perl regular expressions
		  * can hit only on a defined trigger if wished so
		  * can have a minimum and maximum length set on the reply data
		  * can require the ip protocol (tcp or udp)


	  + Put as many ports on the command line as you like and ranges are


	    supported too! :-)

	  + much faster

	  + more reliable

	  + bug fixes, better platform support

	  + more application responses (of course)


	  + added -q (uiet) switch which will not report any closed ports,


	    and wont mark them as unidentified.
	! What changed from the last public version (2.7):
	  - switched the meaning of the -u and -U options
	  - Renamed -C options (number of parallel connections) to -c ...
	  - -C now specifies the number of retries on connection timeouts
	  - file formats for appdefs.* changed
	  - output changed a bit (it is much better now)
	  - README, man page, etc. are all up to date now
	! Finally: thanks a lot to Skyper for the pcre library hint and all
	  the beta testers who helped to make amap stable, reliable and
	  bugfree :-) - and of course added many, many application ids.
	! Have fun !


Ciao...
		van Hauser / THC - [The Hacker's Choice]

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Visit our web page at http://www.thc.org

Type Bits/KeyID Date User ID
pub 2048/CDD6A571 1998/04/27 van Hauser / THC <vh@reptile.rug.ac.be>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD /3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN 1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ 2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/ Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw==
=MdzX
-----END PGP PUBLIC KEY BLOCK----- Received on Tue Jul 22 19:24:03 2003