Contact Us Today 01642 716680

Banner Grabbing

Definition: Banner grabbing is a technique used in network security analysis to gather information about computer systems on a network and the services running on its open ports. This technique involves capturing the 'banner', which is the informational content that a service displays when initiating a connection or when probed.

The information obtained via banner grabbing can include details such as the type and version of operating system, as well as specific service and application names and versions. While banner grabbing can be used for legitimate purposes such as network inventory or verification, it is also a preliminary step for attackers to identify potential vulnerabilities in network services that can be exploited.

Protecting against malicious banner grabbing often involves configuring services to limit the information disclosed in banner messages, keeping software up to date to mitigate known vulnerabilities, and deploying intrusion detection and prevention systems to monitor and block suspicious network traffic.

What does banner grabbing look like?

Here is an example of banner grabbing for a HTTP service using the curl command.

curl command

curl --head -k

Example HTTP response showing the “Server” banner, which would constitute as banner grabbing

HTTP/1.1 200 OK
Date: Fri, 24 Nov 2023 16:13:32 GMT
Server: Apache/2.2.3 (Red Hat) < --- This is the banner
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Fri, 24 Nov 2023 18:13:32 GMT
Content-Type: text/html; charset=UTF-8

What about a different service? Like SSH?

Nmap command:

nmap -sV -p 22 redacted

Example showing the SSH banner, which also constitutes as an example of banner grabbing.


22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Key Characteristics:

  • Information Gathering: A method used to collect detailed information on systems and services.
  • Passive or Active Technique: Can be conducted through direct connection attempts or passive monitoring of network traffic.
  • Use in Reconnaissance: Often used by attackers as part of the reconnaissance phase of a cyber attack.
  • Security Hardening: Systems can often be hardened by minimizing the amount of useful information displayed in banners.


  • Real-World Example: Network administrators using tools like Nmap or Telnet to document the server software and versions running on their network for compliance purposes.
  • Hypothetical Scenario: An attacker employs banner grabbing to determine the version of a web server software that a company is using (as we have shown above), subsequently identifying a known exploitable vulnerability based on that version information.

Related Terms:

  • Reconnaissance: In the context of cybersecurity, this refers to the preparatory phase where attackers gather information about their target before launching an attack, which may involve banner grabbing.
  • Port Scanning: The act of systematically scanning a computer’s ports to identify active ports and their associated services, often preceding banner grabbing.
  • Vulnerability Scanning: A security technique used to identify security weaknesses in a computer system, which can use information obtained from banner grabbing.

Learn better by watching a video? Here is a YouTube video from Hackersploit explaining the concept of banner grabbing using NMAP.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.