THC-Amap

 Amap is a next-generation tool for assistingnetwork penetration testing.
 It performs fast and reliable application protocol detection, independant
 on the TCP/UDP port they are being bound to.
 amap-5.4.tar.gz

 You can download the current trigger, response and rpc detection information
 here (if you have amap 5.0 or newer, "amap -W" does an automatic Online Web
 Update of these files):
   appdefs.trig
   appdefs.resp
   appdefs.rpc

 Last update 2006-01-23 (note that database updates are not counted)


 [0x00] News and Changelog

	CHANGELOG for 5.2:
        ! THIS IS A THC TAX ANNIVERSARY SPECIAL RELEASE ! HAVE FUN !
        * Included patch from ka0ttic@gentoo.org for cleaner gcc compile
        * Added SSL_Pending() to prevent rare locking on SSL ports,
          thanks to michel(at)arboi.fr.eu.org for reporting
        * Added lots of fingerprints, most from Johnny Cyberpunk / THC -THANKS!

	Have fun!


 [0x01] Introduction

	Welcome to the mini website of the THC Amap project.

	Amap is a next-generation scanning tool for pentesters.
	It attempts to identify applications even if they are running on a
	different port than normal.
	It also identifies non-ascii based applications. This is achieved
	by sending trigger packets, and looking up the responses in a list
	of response strings.

	Currently there are two tools for this purpose: amap (you are looking
	at it), and nmap (www.insecure.org/nmap).
	Both have their strength and weaknesses, as they deploy different techniques.
	We recommend to use both tools for reliabe identification.


 [0x02] Disclaimer

	1. This tool is for legal purposes only!
	2. If this tool is used as part of a commercial service (e.g. pentest),
	   name, version and web address of this tool must be mentioned in the report.
	3. If this tool is incorporated into a commercial tool (means: it costs
	   money, has license costs or upgrade fees, etc.) or called by it,
	   the name, version and web address of this tool must be mentioned in the
	   report output of the tool. Addtionally, a commercial version, key file,
	   etc. must be made available to the authors free of charge.
	4. Beside 1. to 3. above, the GPL 2.0 applies.


 [0x03] Documentation 
 
	Amap comes with a rather long README file that describes the
	details about the usage and special options.


 [0x04] Development & Contributions

	Your contributions are more than welcomed!
	
	If you find bugs, or write coded enhancements please send them to:
		vh (at) thc (dot) org

	Without filled databases containing triggers and responses, the tool is
	worthless, so everyone please help us to fill the fingerprint database.
	Collect responses and identify triggers and send them to:
		amap-dev (at) thc (dot) org

 
 [0x05] The Art of Downloading: Source and Binaries
 
	For your pleasure, Amap comes as source and binary release.

	1. The source code of Amap: amap-5.2.tar.gz
	   (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux and PalmOS)

	2. The Win32/Cywin binary release: amap-5.2-win.zip
	   (everything you need to run amap on win32 platforms is in this zip file)


 Comments and suggestions are welcome.

 Yours sincerly,

 van Hauser
 The Hackers Choice
 http://www.thc.org