const grabber = require('grab.js');
grabber.grab(ip, port)
  .run()
  .then(result => { /* process the result */ })
  .catch(err => { /* error handling */ })

Returns a Grab object. You need to call run method to execute it.

• ip: target ip
• port port number
• options (optional): An object contains initial settings for the Grab, supports tls and payload and both of them are optional.

Exeute the task, returns a Promise which yields a record. The record can have following fields:

• record.banner: the banner Buffer
• record.certificate: certificate information (only avaliable when TLS is enabled)

Enable TLS.

The Buffer to send when connection established. Payload file can be found under nmap/paylaods.

Escape buffer to printable chars.

Returns a promise that loads a parser function with given parser rule name. Rule names can be found under nmap/parsers.

Parse buffer to fingerprints. Fingerprint could have following fields:

• cpes: common platform enumeration
• os: operating system
• product: product name
• device: device type
• service: service name, same as the only arguments for grabber.parser
• version: software version

Notice that a Parser object instance is not exported. This is by design.

This project provides a cli tool for quick banner grab like zgrab

For example, scanning ftp banner on given CIDR:

sudo zmap -p 80 [cidr] | node cli.js -p 80 --payload=tcp/GetRequest --parse http > http.json

Leave cidr blank to scan 0.0.0.0/20

find nmap to checkout all avaliable parsers and payloads.

• -p, --port the port
• -s, --tls use tls (https, imaps, etc)
• --payload send a payload upon connection. ls -R nmap/payloads to see all supported parsers.
• --parser parse banner with nmap's rule. ls nmap/parsers to see all supported parsers.

Thanks to the marvellous nmap project who has collected so many rules for fingerprinting.

GPLv2