Ftpmap scans remote FTP servers to indentify what software and what versions they are running. It uses program-specific fingerprints to discover the name of the software even when banners have been changed or removed, or when some features have been disabled. also FTP-Map can detect Vulnerables by the FTP software/version.
./configure make make install
Using ftpmap is trivial, and the built-in help is self-explanatory :
ftpmap -s ftp.c9x.org ftpmap -P 2121 -s 127.0.0.1 ftpmap -u joe -p joepass -s ftp3.c9x.org
If a named host has several IP addresses, they are all sequentially scanned. During the scan, ftpmap displays a list of numbers : this is the "fingerprint" of the server.
Another indication that can be displayed if login was successful is the FTP PORT sequence prediction. If the difficulty is too low, it means that anyone can steal your files and change their content, even without knowing your password or sniffing your network.
There are very few known fingerprints yet, but submissions are welcome.
Obfuscating FTP servers
This software was written as a proof of concept that security through obscurity doesn't work. Many system administrators think that hidding or changing banners and messages in their server software can improve security.
Don't trust this. Script kiddies are just ignoring banners. If they read that "XYZ FTP software has a vulnerability", they will try the exploit on all FTP servers they will find, whatever software they are running. The same thing goes for free and commercial vulnerability scanners. They are probing exploits to find potential holes, and they just discard banners and messages.
On the other hand, removing software name and version is confusing for the system administrator, who has no way to quickly check what's installed on his servers.
If you want to sleep quietly, the best thing to do is to keep your systems up to date : subscribe to mailing lists and apply vendor patches.
git clone git://github.com/Hypsurus/ftpmap