Skip to content

ovpn-to/ftpmap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
db
db
 
 
src
src
 
 
tools
tools
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
COPYING
COPYING
 
 
ChangeLog
ChangeLog
 
 
INSTALL
INSTALL
 
 
Makefile.am
Makefile.am
 
 
Makefile.in
Makefile.in
 
 
NEWS
NEWS
 
 
README
README
 
 
THANKS
THANKS
 
 
aclocal.m4
aclocal.m4
 
 
compile
compile
 
 
config.guess
config.guess
 
 
config.sub
config.sub
 
 
configure
configure
 
 
configure.ac
configure.ac
 
 
depcomp
depcomp
 
 
install-sh
install-sh
 
 
missing
missing
 
 

Repository files navigation

                               .:. FTPMAP .:.



           ------------------------ BLURB ------------------------
           

Ftpmap scans remote FTP servers to indentify what software and what versions
they are running. It uses program-specific fingerprints to discover the name
of the software even when banners have been changed or removed, or when some
features have been disabled. also FTP-Map can detect Vulnerables by the  FTP 
software/version.


        ------------------------ COMPILATION ------------------------


./configure
make
make install


           ------------------------ USAGE ------------------------


Using ftpmap is trivial, and the built-in help is self-explanatory :


Examples :

ftpmap -s ftp.c9x.org

ftpmap -P 2121 -s 127.0.0.1

ftpmap -u joe -p joepass -s ftp3.c9x.org


If a named host has several IP addresses, they are all sequentially scanned.
During the scan, ftpmap displays a list of numbers : this is the
"fingerprint" of the server. If the server software isn't properly
recognized, and you know what it is, please send the fingerprint and the
name of the software to hypsurus@mail.ru.

Another indication that can be displayed if login was successful is the FTP
PORT sequence prediction. If the difficulty is too low, it means that anyone
can steal your files and change their content, even without knowing your
password or sniffing your network.

There are very few known fingerprints yet, but submissions are welcome.

  ------------------------ Obfuscating FTP servers ------------------------


This software was written as a proof of concept that security through
obscurity doesn't work. Many system administrators think that hidding or
changing banners and messages in their server software can improve security.

Don't trust this. Script kiddies are just ignoring banners. If they read
that "XYZ FTP software has a vulnerability", they will try the exploit on
all FTP servers they will find, whatever software they are running. The same
thing goes for free and commercial vulnerability scanners. They are probing
exploits to find potential holes, and they just discard banners and messages.

On the other hand, removing software name and version is confusing for the
system administrator, who has no way to quickly check what's installed on his
servers.

If you want to sleep quietly, the best thing to do is to keep your systems
up to date : subscribe to mailing lists and apply vendor patches.


    ------------------------ Downloading Ftpmap ------------------------

                git clone git://github.com/Hypsurus/ftpmap 



        -------------------- Notes ----------------------------

All of this Document Written by Frank DENIS <j@pureftpd.org>. The Original Author of FTP-map.
FTP-Map Maintainer: Hypsurus <hypsurus@mail.ru.
You can see the diff 0.4-0.5 be Review in github.

About

FTP scanner in C

Resources

Readme

License

GPL-2.0 license
Activity

Stars

3 stars

Watchers

3 watching

Forks

66 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages