Signature Detail

SCAN: THC-AMAP SAP-R3 on HTTP Scan

This signature detects the scanner tool AMAP, made by The Hacker's Choice (THC). Attackers can use THC-AMAP during their initial reconnaissance to determine services running on target hosts before launching other attacks.

Extended Description

An intruder could use the AMap tool to enumerate for services that are running on a targeted network. After enumerating for vulnerable services, an attacker could execute specific exploit attempts of known vulnerabilities against the services that were discovered.

References

• URL: http://dir.filewatcher.com/d/OpenBSD/3.7/i386/amap-4.5.tgz.41188.html
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln2201.html