--banners doesn't work - Githubissues

I am unable to get --banners working using masscan versions from (a) Ubuntu 18 repo (b) Debian 10 repo (c) compiled from this repo

It works fine for port discovery, but never does the banner work nor shows the 'Banner on' messages. I am expecting to get tags as described in the documentation.</p> <pre><code># ./masscan 5.10.205.138 -p 80 --banners --hello-string[80] 'R0VUIC8gSFRUUC8xLjENCkhvc3Q6IGJsYWNraG9sZC5udXNlcGFzLmNvbQ0KDQo=' -vvvv pcap: failed to load: libpcap.so pcap: failed to load: libpcap.A.dylib pcap: failed to load: libpcap.dylib pcap: failed to load: libpcap.so.0.9.5 pcap: failed to load: libpcap.so.0.9.4 pcap: found library: libpcap.so.0.8 pfring: error: dlopen('libpfring.so'): No such file or directory if: initializing adapter interface if: route: ' ens5' dst=0.0.0.0 src=172.x.x.x gw=172.x.x.x priority=100 if: route: ' ens5' dst=172.x.x.x src=172.x.x.x gw=0.0.0.0 priority=0 if: route: ' ens5' dst=172.x.x.x src=172.x.x.x gw=0.0.0.0 priority=100 if: interface=ens5 if:ens5: adapter-ip=172.x.x.x if:ens5: type=ethernet(1) if:ens5: adapter-mac=02-xx-xx-xx-xx-xx if:ens5: pcap=libpcap version 1.8.1 if:ens5: opening... if:ens5: successfully opened if:ens5: not receiving transmits if:ens5: looking for default gateway if:ens5: router-ip=172.x.x.x if:ens5:arp: resolving IPv4 address if:ens5: router-mac=02-xx-xx-xx-xx-xx if:ens5: initialization done. Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-04-26 12:02:21 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [1 port/host] THREAD: status: starting thread THREAD: xmit: starting thread #0 0:00:00 remaining, found=0 THREAD: recv: starting thread #0 maxrate = 100.00 THREAD: xmit: starting main loop: [0..1] THREAD: xmit done, waiting for receive thread to realize this THREAD: recv: starting main loop Discovered open port 80/tcp on 5.10.205.138 THREAD: recv: stopping thread #0waiting 0-secs, found=1 THREAD: xmit: stopping thread #0 THREAD: status: stopping thread waiting 0-secs, found=1 </code></pre> <p>Tried various combinations:</p> <pre><code>masscan 5.10.205.138 -p 80 --banners --hello-string[80] 'R0VUIC8gSFRUUC8xLjENCkhvc3Q6IGJsYWNraG9sZC5udXNlcGFzLmNvbQ0KDQo=' --source-port 61000 masscan 5.10.205.138 -p 80 --banners --hello-string[80] 'R0VUIC8gSFRUUC8xLjENCkhvc3Q6IGJsYWNraG9sZC5udXNlcGFzLmNvbQ0KDQo=' --source-port 60000 masscan 5.10.205.138 -p 80 --banners masscan 5.10.205.0/24 -p 80 --banners masscan 5.10.205.0/24 -p 80 --banners --source-port 60000</code></pre> <p>Tried on different VPS from different VPS providers.</p> <p>None of them show banners for me. Is there any other parameter that should be added in order to get it working?</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/mzpqnxow"><img src="https://avatars.githubusercontent.com/u/8016228?v=4" />mzpqnxow</a> commented <strong> 4 years ago</strong> </div> <div class="markdown-body"> <p>Banners are not emitted to stdout. You will need to use an output file format that supports writing the banners. Try using <code>-oJ masscan.log</code> or <code>-oD masscan.log</code></p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/PvtSec"><img src="https://avatars.githubusercontent.com/u/49716700?v=4" />PvtSec</a> commented <strong> 3 years ago</strong> </div> <div class="markdown-body"> <p>Output file also doesn't have anything related to banners</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/mzpqnxow"><img src="https://avatars.githubusercontent.com/u/8016228?v=4" />mzpqnxow</a> commented <strong> 3 years ago</strong> </div> <div class="markdown-body"> <p>And you followed the documentation and told your TCP/IP stack to ignore traffic to your machine on the port you're specifying? I see you used <code>--source-port 60000</code>, so you should have used:</p> <pre><code>iptables -A INPUT -p TCP --dport 60000 -j DROP</code></pre> <p>Check with:</p> <pre><code>$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp dpt:61000 ...</code></pre> <p>I can't help much beyond this. There's not much else that can go wrong here unless you're using a file format that doesn't support it (use <code>-oJ</code>, <code>-oD</code>, or one of the other fuller formats over <code>-oG</code>)</p> <pre><code>$ masscan 5.10.205.0/24 --rate 5000 -p 80 --banners --source-port 61000 -oD out.ndjson Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-07-10 18:52:11 GMT Initiating SYN Stealth Scan Scanning 1 hosts [1 port/host] $ cat out.ndjson| jq '. | select(.rec_type == "banner") | .data.banner' -r Apache/2.2.22 (Debian) HTTP/1.1 200 OK Date: Sat, 10 Jul 2021 18:52:13 GMT Server: Apache/2.2.22 (Debian) Last-Modified: Mon, 06 Oct 2014 08:38:36 GMT ETag: "18084e-b1-504bd02365b00" Accept-Ranges: bytes Content-Length: 177 Vary: Accept-Encoding Connection: close Content-Type: text/html ...</code></pre> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>

robertdavidgraham / masscan

--banners doesn't work #485