DEV Community: MrEchoFi The latest articles on DEV Community by MrEchoFi (@tanjib_isham_f10d7c4a7eb4). https://dev.to/tanjib_isham_f10d7c4a7eb4 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3060433%2Fa49d2a1c-ae22-4b7d-9aab-0bda3613922d.jpg DEV Community: MrEchoFi https://dev.to/tanjib_isham_f10d7c4a7eb4 en BannerGrapV2 — The Open-Source Network Recon Tool Built in Go That Security Professionals Actually Need MrEchoFi Fri, 26 Jun 2026 19:33:53 +0000 https://dev.to/tanjib_isham_f10d7c4a7eb4/bannergrapv2-the-open-source-network-recon-tool-built-in-go-that-security-professionals-actually-3j55 https://dev.to/tanjib_isham_f10d7c4a7eb4/bannergrapv2-the-open-source-network-recon-tool-built-in-go-that-security-professionals-actually-3j55 <h2> BannerGrapV2 — The Open-Source Network Recon Tool Built in Go That Security Professionals Actually Need </h2> <blockquote> <p><strong>TL;DR</strong> — BannerGrapV2 is a production-grade, multi-protocol network reconnaissance and vulnerability discovery tool written in Go. It replaces a fragmented toolchain of Nmap, custom scripts, and manual banner grabbers with a single binary capable of scanning 10,000 hosts concurrently across HTTP, HTTPS, SSH, FTP, SMTP, Telnet, and custom TCP protocols — all with structured JSON, CSV, or HTML output.</p> <p>🔗 <strong>GitHub:</strong> <a href="https://github.com/MrEchoFi/BannerGrapV2" rel="noopener noreferrer">github.com/MrEchoFi/BannerGrapV2</a><br> ⭐ <strong>If this saves you time, a star on GitHub keeps the project alive.</strong></p> </blockquote> <h2> The Problem With Your Current Recon Workflow </h2> <p>If you work in penetration testing, red team ops, bug bounty hunting, or security engineering, you already know what a typical recon session looks like. You fire up Nmap for port discovery, run a separate Python script for banner grabbing, manually check SSL certificate details, then spend twenty minutes stitching three different output formats together before you can actually do anything useful.</p> <p>This is the workflow that BannerGrapV2 was built to collapse into a single, reliable, fast tool.</p> <p>Built in <strong>Go</strong> — specifically for its native goroutine concurrency model — BannerGrapV2 handles the full recon-through-reporting pipeline without the performance ceiling you hit with Python-based tools or the dependency hell of multi-tool chains.</p> <h2> Who Should Keep Reading </h2> <p>This tool is relevant to you if you are:</p> <ul> <li>A <strong>penetration tester or red teamer</strong> who needs fast, structured reconnaissance output before moving to exploitation</li> <li>A <strong>bug bounty hunter</strong> working large scope targets with hundreds or thousands of in-scope hosts</li> <li>A <strong>SOC analyst or blue teamer</strong> running asset inventory or exposure monitoring on internal infrastructure</li> <li>A <strong>DevSecOps engineer</strong> looking to integrate automated service fingerprinting into a CI/CD pipeline</li> <li>A <strong>network or sysadmin</strong> who needs periodic LAN audits with exportable reports</li> </ul> <p>If none of that applies, this post probably isn't for you.</p> <h2> What BannerGrapV2 Does — Feature Breakdown </h2> <h3> Core Reconnaissance Engine </h3> <ul> <li> <strong>Multi-threaded banner grabbing</strong> — up to 10,000 concurrent hosts via Go goroutines</li> <li> <strong>Multi-protocol support</strong> — HTTP, HTTPS, FTP, SMTP, SSH, Telnet, raw TCP, and fully custom payloads</li> <li> <strong>Service fingerprinting</strong> across 1,000+ protocol signatures</li> <li> <strong>SSL/TLS certificate analysis</strong> — issuer, expiry, version, cipher grade</li> <li> <strong>HTTP header enumeration</strong> — server version, security headers, redirects</li> <li><strong>DNS resolution and information gathering</strong></li> <li> <strong>Nmap integration</strong> for deeper port-level data</li> </ul> <h3> Security Analysis </h3> <ul> <li>Vulnerability detection engine with CVE cross-referencing</li> <li>Weak credential detection (brute force via SecLists-compatible wordlists)</li> <li>Misconfiguration identification</li> <li>Exploit suggestion framework based on fingerprinted service versions</li> </ul> <h3> Performance Design </h3> <ul> <li> <strong>Concurrent scanning</strong> up to 10,000 hosts</li> <li>Adaptive rate limiting to respect scope and avoid unintentional DoS</li> <li>Smart timeout handling per-protocol</li> <li>Memory-efficient design — no swap abuse on large host lists</li> <li>Ability to resume failed or interrupted scans</li> </ul> <h3> Reporting </h3> <ul> <li> <strong>JSON, CSV, XML, HTML</strong> output — ready for SIEM ingestion, Excel analysis, or client reports</li> <li>Color-coded, readable terminal output</li> <li>Executive summary mode for client-facing reports</li> <li>Integration-ready API output format</li> </ul> <h2> Installation — Pick Your Method </h2> <h3> Option 1: Pre-built Binary (Fastest) </h3> <p>No Go installation required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Linux / macOS</span> curl <span class="nt">-L</span> https://github.com/MrEchoFi/BannerGrapV2/releases/latest/download/bannergrapv2-linux-amd64 <span class="nt">-o</span> bannergrapv2 <span class="nb">chmod</span> +x bannergrapv2 <span class="nb">sudo mv </span>bannergrapv2 /usr/local/bin/ <span class="c"># Verify</span> bannergrapv2 <span class="nt">-h</span> bannergrapv2 <span class="nt">--version</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Windows (PowerShell — run as Administrator)</span><span class="w"> </span><span class="n">Invoke-WebRequest</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">-Uri</span><span class="w"> </span><span class="s2">"https://github.com/MrEchoFi/BannerGrapV2/releases/latest/download/bannergrapv2-windows-amd64.exe"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">-OutFile</span><span class="w"> </span><span class="s2">"bannergrapv2.exe"</span><span class="w"> </span></code></pre> </div> <h3> Option 2: Build from Source (Go 1.21+) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/MrEchoFi/BannerGrapV2.git <span class="nb">cd </span>BannerGrapV2 go build <span class="nt">-o</span> bannergrapv2 <span class="nb">.</span> <span class="nb">sudo mv </span>bannergrapv2 /usr/local/bin/ </code></pre> </div> <h3> Option 3: Docker (Isolated Lab Environment) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/MrEchoFi/BannerGrapV2.git <span class="nb">cd </span>BannerGrapV2 docker build <span class="nt">-t</span> bannerv2 <span class="nb">.</span> <span class="c"># Run</span> docker run <span class="nt">--rm</span> bannerv2 <span class="c"># Or with volume mount for output files</span> docker run <span class="nt">--rm</span> <span class="nt">-v</span> <span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>/output:/output bannerv2 </code></pre> </div> <h3> Option 4: Kubernetes (Scale-Out Deployment) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Spin up a local cluster with Minikube</span> minikube start <span class="nt">--driver</span><span class="o">=</span>docker minikube addons <span class="nb">enable </span>default-storageclass <span class="c"># Deploy using the included manifests</span> <span class="nb">chmod</span> +x start_banner.sh ./start_banner.sh <span class="c"># Or deploy manually</span> kubectl apply <span class="nt">-f</span> bannerv2-deploy.yaml kubectl apply <span class="nt">-f</span> bannerv2-service.yaml kubectl apply <span class="nt">-f</span> bannerv2-job.yaml </code></pre> </div> <h2> Command Reference — Real-World Scenarios </h2> <p>This is the part most documentation misses. Here are commands mapped to actual situations you encounter in the field.</p> <h3> 🔹 Scenario 1: Pentest Engagement — Initial Recon on a /24 Network </h3> <p>You just received scope. Your first job is to understand what's listening on the network before you start probing.</p> <p><strong>Step 1 — Generate your target list:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate all IPs in a /24 subnet</span> <span class="k">for </span>i <span class="k">in</span> <span class="si">$(</span><span class="nb">seq </span>1 254<span class="si">)</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"192.168.1.</span><span class="nv">$i</span><span class="s2">"</span><span class="p">;</span> <span class="k">done</span> <span class="o">&gt;</span> targets.txt </code></pre> </div> <p><strong>Step 2 — Sweep the subnet across all major protocols with 50 threads:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="k">for </span>proto <span class="k">in </span>http https ftp ssh smtp<span class="p">;</span> <span class="k">do </span>go run bannerGrap.go <span class="nt">-f</span> targets.txt <span class="nt">-proto</span> <span class="nv">$proto</span> <span class="nt">-threads</span> 50 <span class="nt">-timeout</span> 2 <span class="nt">-o</span> scan_<span class="k">${</span><span class="nv">proto</span><span class="k">}</span>.json <span class="k">done</span> <span class="c"># Merge all protocol results into one file (requires jq)</span> jq <span class="nt">-s</span> <span class="s1">'add'</span> scan_<span class="k">*</span>.json <span class="o">&gt;</span> full_recon_combined.json </code></pre> </div> <p><strong>Step 3 — Generate an HTML report for the team:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="nt">-f</span> targets.txt <span class="nt">-proto</span> http <span class="nt">--report-html</span> recon_report.html <span class="nt">-threads</span> 50 </code></pre> </div> <h3> 🔹 Scenario 2: Bug Bounty — Mass HTTPS Scan on 10,000 In-Scope Domains </h3> <p>You're working a large program with thousands of in-scope subdomains. You need service fingerprints and banner data fast.</p> <p><strong>10,000-host HTTPS scan, 500 threads, 2s timeout, CSV output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> ten_thousand_domains.txt <span class="se">\</span> <span class="nt">-proto</span> https <span class="se">\</span> <span class="nt">-port</span> 443 <span class="se">\</span> <span class="nt">-payload</span> <span class="s2">"GET / HTTP/1.1</span><span class="se">\r\n</span><span class="s2">Host: %s</span><span class="se">\r\n</span><span class="s2">User-Agent: BannerGrapV2/2.0</span><span class="se">\r\n</span><span class="s2">Accept: */*</span><span class="se">\r\n\r\n</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-threads</span> 500 <span class="se">\</span> <span class="nt">-timeout</span> 2 <span class="se">\</span> <span class="nt">-o</span> bug_bounty_https_results.csv </code></pre> </div> <p><strong>Same scan, JSON output (for programmatic processing):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> ten_thousand_domains.txt <span class="se">\</span> <span class="nt">-proto</span> https <span class="se">\</span> <span class="nt">-port</span> 443 <span class="se">\</span> <span class="nt">-payload</span> <span class="s2">"GET / HTTP/1.1</span><span class="se">\r\n</span><span class="s2">Host: %s</span><span class="se">\r\n</span><span class="s2">User-Agent: BannerGrapV2/2.0</span><span class="se">\r\n</span><span class="s2">Accept: */*</span><span class="se">\r\n\r\n</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-threads</span> 500 <span class="se">\</span> <span class="nt">-timeout</span> 2 <span class="se">\</span> <span class="nt">-o</span> bug_bounty_https_results.json </code></pre> </div> <p><strong>Then grep for CVEs directly from the JSON output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-i</span> <span class="s2">"CVE-"</span> bug_bounty_https_results.json | <span class="nb">tee </span>critical_findings.txt </code></pre> </div> <h3> 🔹 Scenario 3: Red Team — Nmap + Masscan + BannerGrapV2 Combined Pipeline </h3> <p>Use Masscan for raw port discovery at speed, then hand off to BannerGrapV2 for deep fingerprinting.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Step 1 — Fast port discovery with Masscan</span> masscan 192.168.1.0/24 <span class="nt">-p1-65535</span> <span class="nt">--rate</span><span class="o">=</span>10000 <span class="nt">-oG</span> masscan.gnmap <span class="c"># Step 2 — Parse Masscan output to host:port format</span> <span class="nb">awk</span> <span class="s1">'/Ports:/{ split($0,a,"Ports: "); split(a[2],b,","); for(i in b) { split(b[i],c,"/"); print $2":"c[1] } }'</span> masscan.gnmap <span class="o">&gt;</span> masscan_targets.txt <span class="c"># Step 3 — Deep banner grab with BannerGrapV2</span> go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> masscan_targets.txt <span class="se">\</span> <span class="nt">-threads</span> 100 <span class="se">\</span> <span class="nt">-timeout</span> 2 <span class="se">\</span> <span class="nt">-o</span> masscan_bannergrap_results.json </code></pre> </div> <p>Alternatively, feed Nmap's live-host output directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nmap <span class="nt">-p-</span> <span class="nt">--open</span> <span class="nt">-oG</span> - 192.168.1.0/24 <span class="se">\</span> | <span class="nb">awk</span> <span class="s1">'/Up$/{ip=$2} /Ports:/{ split($0,a,"Ports: "); split(a[2],b,","); for(i in b) {split(b[i],c,"/"); print ip":"c[1]} }'</span> <span class="o">&gt;</span> all_open_targets.txt go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> all_open_targets.txt <span class="se">\</span> <span class="nt">-threads</span> 100 <span class="se">\</span> <span class="nt">-timeout</span> 2 <span class="se">\</span> <span class="nt">-o</span> full_aggressive_scan.json </code></pre> </div> <h3> 🔹 Scenario 4: SSH Brute Force with SecLists Wordlists </h3> <p>Once you have a list of SSH targets, check for weak credentials against a proper wordlist.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Using SecLists (recommended)</span> <span class="c"># usernames: SecLists/Usernames/top-usernames-shortlist.txt</span> <span class="c"># passwords: SecLists/Passwords/Common-Credentials/10k-most-common.txt</span> <span class="c"># or rockyou.txt for maximum coverage</span> go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> ssh_targets.txt <span class="se">\</span> <span class="nt">-proto</span> ssh <span class="se">\</span> <span class="nt">--brute-userlist</span> /path/to/SecLists/Usernames/top-usernames-shortlist.txt <span class="se">\</span> <span class="nt">--brute-passlist</span> /path/to/SecLists/Passwords/Common-Credentials/10k-most-common.txt <span class="se">\</span> <span class="nt">-threads</span> 50 <span class="se">\</span> <span class="nt">-timeout</span> 3 <span class="se">\</span> <span class="nt">-o</span> ssh_brute_results.json </code></pre> </div> <p><strong>Single-target SSH brute force for targeted testing:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">--brute-userlist</span> usernames.txt <span class="se">\</span> <span class="nt">--brute-passlist</span> passwords.txt <span class="se">\</span> <span class="nt">-proto</span> ssh <span class="se">\</span> 192.168.1.100 </code></pre> </div> <h3> 🔹 Scenario 5: Blue Team — Internal LAN Asset Inventory Audit </h3> <p>You need a regular audit of what's actually exposed on your internal network. Run this weekly or drop it into a cron job.</p> <p><strong>LAN HTTP sweep with 254 threads (one per host), 1s timeout:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> &lt;<span class="o">(</span><span class="k">for </span>i <span class="k">in</span> <span class="si">$(</span><span class="nb">seq </span>1 254<span class="si">)</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"192.168.1.</span><span class="nv">$i</span><span class="s2">"</span><span class="p">;</span> <span class="k">done</span><span class="o">)</span> <span class="se">\</span> <span class="nt">-proto</span> http <span class="se">\</span> <span class="nt">-port</span> 80 <span class="se">\</span> <span class="nt">-threads</span> 254 <span class="se">\</span> <span class="nt">-timeout</span> 1 <span class="se">\</span> <span class="nt">-o</span> lan_http_audit.csv </code></pre> </div> <p><strong>Full multi-protocol internal audit:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="nt">-f</span> internal_targets.txt <span class="nt">-proto</span> http <span class="nt">-threads</span> 50 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> internal_http.json go run bannerGrap.go <span class="nt">-f</span> internal_targets.txt <span class="nt">-proto</span> https <span class="nt">-threads</span> 50 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> internal_https.json go run bannerGrap.go <span class="nt">-f</span> internal_targets.txt <span class="nt">-proto</span> ssh <span class="nt">-threads</span> 50 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> internal_ssh.json go run bannerGrap.go <span class="nt">-f</span> internal_targets.txt <span class="nt">-proto</span> ftp <span class="nt">-threads</span> 50 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> internal_ftp.json go run bannerGrap.go <span class="nt">-f</span> internal_targets.txt <span class="nt">-proto</span> smtp <span class="nt">-threads</span> 50 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> internal_smtp.json <span class="c"># Merge everything</span> jq <span class="nt">-s</span> <span class="s1">'add'</span> internal_<span class="k">*</span>.json <span class="o">&gt;</span> full_internal_audit.json </code></pre> </div> <p><strong>Schedule it as a daily cron job at 2:00 AM:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add to crontab: crontab -e</span> 0 2 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> /usr/bin/go run /opt/bannergrapv2/bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> /opt/scan/targets.txt <span class="se">\</span> <span class="nt">-proto</span> https <span class="se">\</span> <span class="nt">-threads</span> 20 <span class="se">\</span> <span class="nt">-o</span> /opt/scan/reports/daily_<span class="si">$(</span><span class="nb">date</span> +<span class="se">\%</span>Y-<span class="se">\%</span>m-<span class="se">\%</span>d<span class="si">)</span>.json </code></pre> </div> <p><strong>Pipe CVE alerts directly to email:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="nt">-f</span> targets.txt <span class="nt">-proto</span> http <span class="nt">-threads</span> 30 <span class="nt">-o</span> temp_scan.json <span class="nb">grep</span> <span class="nt">-i</span> <span class="s2">"CVE-"</span> temp_scan.json | mail <span class="nt">-s</span> <span class="s2">"[ALERT] Critical Vulnerabilities Detected"</span> security-team@yourorg.com </code></pre> </div> <h3> 🔹 Scenario 6: DevSecOps — CI/CD Pipeline Integration (GitHub Actions) </h3> <p>Scan your staging or production environment after every deployment.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/workflows/security-scan.yml</span> <span class="na">name</span><span class="pi">:</span> <span class="s">BannerGrapV2 Security Scan</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">main</span><span class="pi">,</span> <span class="nv">staging</span><span class="pi">]</span> <span class="na">schedule</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">cron</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*'</span> <span class="c1"># Daily at 2 AM UTC</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">recon-scan</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Download BannerGrapV2</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">curl -L https://github.com/MrEchoFi/BannerGrapV2/releases/latest/download/bannergrapv2-linux-amd64 -o bannergrapv2</span> <span class="s">chmod +x bannergrapv2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Security Scan</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">./bannergrapv2 \</span> <span class="s">-f production_hosts.txt \</span> <span class="s">-proto https \</span> <span class="s">-threads 100 \</span> <span class="s">-timeout 5 \</span> <span class="s">-o scan_results.json</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Check for Critical CVEs</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">if grep -qi "CVE-" scan_results.json; then</span> <span class="s">echo "::error::Critical vulnerabilities detected!"</span> <span class="s">grep -i "CVE-" scan_results.json</span> <span class="s">exit 1</span> <span class="s">fi</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload Scan Results</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">security-scan-results</span> <span class="na">path</span><span class="pi">:</span> <span class="s">scan_results.json</span> </code></pre> </div> <h3> 🔹 Scenario 7: Protocol-Specific Fingerprinting </h3> <p><strong>SMTP banner harvesting (check for old, vulnerable mail server versions):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> mail_servers.txt <span class="se">\</span> <span class="nt">-proto</span> smtp <span class="se">\</span> <span class="nt">-port</span> 25 <span class="se">\</span> <span class="nt">-threads</span> 100 <span class="se">\</span> <span class="nt">-timeout</span> 5 <span class="se">\</span> <span class="nt">-o</span> smtp_banners.json <span class="c"># Also probe with VRFY and EXPN commands for user enumeration</span> go run bannerGrap.go <span class="nt">-proto</span> smtp <span class="nt">-payload</span> <span class="s2">"VRFY postmaster</span><span class="se">\r\n</span><span class="s2">"</span> mail.target.com go run bannerGrap.go <span class="nt">-proto</span> smtp <span class="nt">-payload</span> <span class="s2">"EXPN postmaster</span><span class="se">\r\n</span><span class="s2">"</span> mail.target.com </code></pre> </div> <p><strong>FTP anonymous access check across a server fleet:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> ftp_servers.txt <span class="se">\</span> <span class="nt">-proto</span> ftp <span class="se">\</span> <span class="nt">-port</span> 21 <span class="se">\</span> <span class="nt">-threads</span> 150 <span class="se">\</span> <span class="nt">-timeout</span> 4 <span class="se">\</span> <span class="nt">-o</span> ftp_anon_check.csv <span class="c"># Or test anonymous login directly</span> go run bannerGrap.go <span class="nt">-proto</span> ftp <span class="nt">-payload</span> <span class="s2">"USER anonymous</span><span class="se">\r\n</span><span class="s2">"</span> ftp.target.com </code></pre> </div> <p><strong>SSH version fingerprinting at scale:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> ssh_hosts.txt <span class="se">\</span> <span class="nt">-proto</span> ssh <span class="se">\</span> <span class="nt">-port</span> 22 <span class="se">\</span> <span class="nt">-threads</span> 300 <span class="se">\</span> <span class="nt">-timeout</span> 3 <span class="se">\</span> <span class="nt">-v</span> </code></pre> </div> <p><strong>Telnet service fingerprinting on mixed IPv4/IPv6 targets:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> mixed_ipv4_ipv6_targets.txt <span class="se">\</span> <span class="nt">-proto</span> telnet <span class="se">\</span> <span class="nt">-port</span> 23 <span class="se">\</span> <span class="nt">-threads</span> 100 <span class="se">\</span> <span class="nt">-timeout</span> 5 <span class="se">\</span> <span class="nt">-o</span> telnet_fingerprints.json </code></pre> </div> <p><strong>Custom TCP payload — probe a proprietary daemon or non-standard service:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> custom_daemon_hosts.txt <span class="se">\</span> <span class="nt">-proto</span> custom <span class="se">\</span> <span class="nt">-port</span> 9000 <span class="se">\</span> <span class="nt">-payload</span> <span class="s2">"HELLO</span><span class="se">\n</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-threads</span> 50 <span class="se">\</span> <span class="nt">-timeout</span> 6 <span class="se">\</span> <span class="nt">-o</span> daemon_responses.csv </code></pre> </div> <p><strong>Protocol fuzzing — test admin endpoints with custom HTTP headers:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> targets.txt <span class="se">\</span> <span class="nt">-proto</span> http <span class="se">\</span> <span class="nt">--payload</span> <span class="s2">"GET /admin HTTP/1.1</span><span class="se">\r\n</span><span class="s2">Host: %s</span><span class="se">\r\n</span><span class="s2">User-Agent: Mozilla/5.0</span><span class="se">\r\n\r\n</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-threads</span> 20 </code></pre> </div> <h3> 🔹 Scenario 8: Parallel Execution with GNU Parallel </h3> <p>For maximum throughput when you have a machine with many cores:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Run 20 parallel instances, one per host</span> <span class="nb">cat </span>targets.txt | parallel <span class="nt">-j</span> 20 <span class="s2">"go run bannerGrap.go {} -proto http -timeout 2"</span> <span class="c"># Run 50 parallel instances</span> <span class="nb">cat </span>targets.txt | parallel <span class="nt">-j</span> 50 <span class="s2">"go run bannerGrap.go {} -proto http -timeout 2"</span> </code></pre> </div> <h3> 🔹 Scenario 9: All-Ports Scan on a Single Critical Host </h3> <p>When you need a complete picture of every port on a single high-value target:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate all 65535 ports as targets</span> <span class="k">for </span>p <span class="k">in</span> <span class="o">{</span>1..65535<span class="o">}</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"192.168.1.100:</span><span class="nv">$p</span><span class="s2">"</span><span class="p">;</span> <span class="k">done</span> <span class="o">&gt;</span> all_ports.txt <span class="c"># Scan everything, 200 threads, 1s timeout</span> go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> all_ports.txt <span class="se">\</span> <span class="nt">-threads</span> 200 <span class="se">\</span> <span class="nt">-timeout</span> 1 <span class="se">\</span> <span class="nt">-o</span> all_ports_scan.json </code></pre> </div> <h3> 🔹 Scenario 10: The "Nuclear" All-In-One Sweep </h3> <p>Five protocols, 250 threads each, chained with <code>&amp;&amp;</code> so they run sequentially and each output goes to its own file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># HTTP</span> go run bannerGrap.go <span class="nt">-f</span> vip_targets.txt <span class="nt">-threads</span> 250 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> http_sweep.json <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="c"># HTTPS</span> go run bannerGrap.go <span class="nt">-f</span> vip_targets.txt <span class="nt">-proto</span> https <span class="nt">-threads</span> 250 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> https_sweep.json <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="c"># SMTP</span> go run bannerGrap.go <span class="nt">-f</span> vip_targets.txt <span class="nt">-proto</span> smtp <span class="nt">-threads</span> 250 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> smtp_sweep.json <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="c"># SSH</span> go run bannerGrap.go <span class="nt">-f</span> vip_targets.txt <span class="nt">-proto</span> ssh <span class="nt">-threads</span> 250 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> ssh_sweep.json <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="c"># FTP</span> go run bannerGrap.go <span class="nt">-f</span> vip_targets.txt <span class="nt">-proto</span> ftp <span class="nt">-threads</span> 250 <span class="nt">-timeout</span> 3 <span class="nt">-o</span> ftp_sweep.json <span class="c"># Then merge everything</span> jq <span class="nt">-s</span> <span class="s1">'add'</span> <span class="k">*</span>_sweep.json <span class="o">&gt;</span> FULL_SWEEP_REPORT.json </code></pre> </div> <p>And generate the final HTML report:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go run bannerGrap.go <span class="nt">-f</span> vip_targets.txt <span class="nt">-proto</span> http <span class="nt">--report-html</span> FULL_SWEEP_REPORT.html <span class="nt">-threads</span> 50 </code></pre> </div> <h3> 🔹 Scenario 11: Export for SIEM Integration </h3> <p>BannerGrapV2's JSON output is structured and SIEM-ready. Pipe it straight into your log aggregator:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Output structured JSON for Splunk / Elastic / Sentinel ingestion</span> go run bannerGrap.go <span class="se">\</span> <span class="nt">-f</span> targets.txt <span class="se">\</span> <span class="nt">-proto</span> http <span class="se">\</span> <span class="nt">-threads</span> 100 <span class="se">\</span> <span class="nt">-o</span> siem_feed_<span class="si">$(</span><span class="nb">date</span> +%Y%m%d_%H%M%S<span class="si">)</span>.json </code></pre> </div> <h2> Configuration File — For Persistent Scan Profiles </h2> <p>Instead of typing flags every time, save your scan profile in <code>config.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># BannerGrapV2 Configuration — config.yaml</span> <span class="na">general</span><span class="pi">:</span> <span class="na">threads</span><span class="pi">:</span> <span class="m">100</span> <span class="na">timeout</span><span class="pi">:</span> <span class="m">10</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">verbose</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">scan</span><span class="pi">:</span> <span class="na">common_ports</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">port_range</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1-10000"</span> <span class="na">service_detection</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">ssl_analysis</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">vulnerability</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">cve_database</span><span class="pi">:</span> <span class="s2">"</span><span class="s">online"</span> <span class="na">min_severity</span><span class="pi">:</span> <span class="s2">"</span><span class="s">medium"</span> <span class="na">output</span><span class="pi">:</span> <span class="na">format</span><span class="pi">:</span> <span class="s2">"</span><span class="s">json"</span> <span class="na">directory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">./reports"</span> <span class="na">timestamp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">brute_force</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">username_list</span><span class="pi">:</span> <span class="s2">"</span><span class="s">usernames.txt"</span> <span class="na">password_list</span><span class="pi">:</span> <span class="s2">"</span><span class="s">passwords.txt"</span> </code></pre> </div> <p>Run with config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bannergrapv2 <span class="nt">-config</span> config.yaml <span class="nt">-target</span> 192.168.1.1 </code></pre> </div> <h2> Post-Processing Tips — Working With the Output </h2> <p>BannerGrapV2 produces clean, structured output. Here are a few useful commands for working with it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Filter only hosts with open port 443</span> <span class="nb">cat </span>results.json | jq <span class="s1">'.[] | select(.port == 443)'</span> <span class="c"># Count unique services detected</span> <span class="nb">cat </span>results.json | jq <span class="s1">'[.[].service] | group_by(.) | map({service: .[0], count: length}) | sort_by(-.count)'</span> <span class="c"># Export CSV to Excel-friendly format</span> <span class="nb">cat </span>results.csv | column <span class="nt">-t</span> <span class="nt">-s</span> <span class="s1">','</span> <span class="c"># Alert on specific vulnerabilities</span> <span class="nb">grep</span> <span class="nt">-iE</span> <span class="s2">"CVE-[0-9]+-[0-9]+"</span> results.json | <span class="nb">sort</span> <span class="nt">-u</span> <span class="c"># Combine multiple scan output files</span> jq <span class="nt">-s</span> <span class="s1">'add'</span> scan_http.json scan_https.json scan_ssh.json <span class="o">&gt;</span> combined.json </code></pre> </div> <h2> How to Contribute </h2> <p>BannerGrapV2 is MIT-licensed and actively looking for contributors. The codebase is Go (91.5%) with Shell scripts — if you've worked with Go networking libraries, goroutines, or security tooling, there's meaningful work here.</p> <p><strong>Current contribution areas:</strong></p> <ul> <li>Adding new protocol handlers and service fingerprints</li> <li>Expanding the CVE detection engine and signature database</li> <li>Writing tests (unit and integration)</li> <li>Improving documentation and usage examples</li> <li>Building out the plugin system</li> <li>Metasploit and Nmap integration work</li> </ul> <p><strong>How to submit a PR:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Fork the repo on GitHub, then:</span> git clone https://github.com/YOUR_USERNAME/BannerGrapV2.git <span class="nb">cd </span>BannerGrapV2 git checkout <span class="nt">-b</span> feature/your-feature-name <span class="c"># Make your changes</span> git add <span class="nb">.</span> git commit <span class="nt">-m</span> <span class="s2">"feat: description of your change"</span> git push origin feature/your-feature-name <span class="c"># Then open a Pull Request on GitHub</span> </code></pre> </div> <p>Full guidelines: <a href="https://github.com/MrEchoFi/BannerGrapV2/blob/master/CONTRIBUTING.md" rel="noopener noreferrer">CONTRIBUTING.md</a></p> <p>For bug reports and feature requests, open an issue on <a href="https://github.com/MrEchoFi/BannerGrapV2/issues" rel="noopener noreferrer">GitHub Issues</a>.</p> <h2> Project Roadmap </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Status</th> <th>Feature</th> </tr> </thead> <tbody> <tr> <td>✅ Done</td> <td>Core multi-protocol banner grabbing</td> </tr> <tr> <td>✅ Done</td> <td>Multi-threaded concurrent scanning</td> </tr> <tr> <td>✅ Done</td> <td>Vulnerability detection engine</td> </tr> <tr> <td>✅ Done</td> <td>JSON / CSV / HTML / XML output</td> </tr> <tr> <td>✅ Done</td> <td>Brute force with custom wordlists</td> </tr> <tr> <td>✅ Done</td> <td>Docker support</td> </tr> <tr> <td>✅ Done</td> <td>Kubernetes deployment manifests</td> </tr> <tr> <td>🔄 In Progress</td> <td>Plugin system for custom scanners</td> </tr> <tr> <td>📋 Planned</td> <td>Full Metasploit &amp; Nmap integration</td> </tr> <tr> <td>📋 Planned</td> <td>Kubernetes operator</td> </tr> <tr> <td>📋 Planned</td> <td>Web dashboard for scan results</td> </tr> </tbody> </table></div> <h2> Responsible Use Disclaimer </h2> <p>BannerGrapV2 is built for <strong>authorized security testing only.</strong> Only use it on systems you own or have explicit, written permission to test. This includes bug bounty programs with defined scope, internal networks you administer, and environments you have contractual authorization to assess.</p> <p>Unauthorized network scanning violates computer crime laws in most jurisdictions. The developer and contributors bear no responsibility for misuse.</p> <h2> About the Developer </h2> <p><strong>MrEchoFi</strong> (Md. Abu Naser Nayeem / Tanjib Isham) is a Cybersecurity Researcher, Certified Red Team CredOps Infiltrator (CRT-COI). His work spans DevSecOps, hardware penetration testing, IoT security, and open-source security tooling.</p> <ul> <li>🌐 Portfolio: <a href="https://echo-fi-portfolio-node-js.vercel.app" rel="noopener noreferrer">echo-fi-portfolio-node-js.vercel.app</a> </li> <li>💼 LinkedIn: <a href="https://www.linkedin.com/in/md-abu-naser-nayeem-mrechofi-b29496332" rel="noopener noreferrer">md-abu-naser-nayeem-mrechofi</a> </li> <li>🐙 GitHub: <a href="https://github.com/MrEchoFi" rel="noopener noreferrer">github.com/MrEchoFi</a> </li> </ul> <h2> Final Words </h2> <p>The security tooling ecosystem benefits from open, well-documented, actively maintained tools. BannerGrapV2 is built to serve real workflows — not just demos.</p> <p>If it helps you work faster, find what you'd otherwise miss, or simplify a step in your process, the best thing you can do is:</p> <ol> <li>⭐ <strong>Star the repo</strong> — <a href="https://github.com/MrEchoFi/BannerGrapV2" rel="noopener noreferrer">github.com/MrEchoFi/BannerGrapV2</a> </li> <li>🔀 <strong>Fork it and contribute</strong> — even documentation PRs matter</li> <li>📣 <strong>Share it</strong> with your team, your bug bounty group, or your security community</li> </ol> <p>Questions, feedback, or edge cases you want covered? Leave a comment below or open a GitHub Issue.</p> <p><strong>Happy HackNight. 🌙</strong></p> <p><em>Built with Go. Maintained by the community. MIT Licensed.</em></p> <p><em>Tags: #cybersecurity #go #golang #opensource #penetrationtesting #bugbounty #redteam #blueteam #devsecops #networksecurity #bannergrabbing #infosec #ethicalhacking</em></p> cybersecurity go opensourcesecurity devops