Banner Grabbing

For each protocol, the port scanner Zmap can identify if the default port is open. In addition, Zgrab2 can extract meta information, related to the service (e.g., banners).

For each protocol / port combination we run the following procedure:
Zmap is fed with the ip addresses generated by the ip aquisition step and the corresponding port. The output are all ip addresses with a positive response on this port. These ip addresses are used as input for zgrab2 and the corresponding protocol specific zgrab2 arguments (see zgrab2 -h).
The resulting json output is piped into the mongodb database.