Back to course

Nmap: Service Version Detection

Cyber Security Mastery: From Zero to Hero

Enumerating Specific Software

Simply knowing port 80 is open is not enough. We need to know what is running on port 80 (e.g., Apache, Nginx, IIS) and the exact version number.

The Service Detection Switch (-sV)

The -sV switch probes the open ports identified by the scan and tries to determine the precise application name and version by analyzing the service's banner or response protocols.

bash nmap -sV 192.168.1.100

Output Example:

PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 80/tcp open http Apache httpd 2.2.8 ((Ubuntu))

Relevance: Once you have the exact version (vsftpd 2.3.4), you can search exploit databases (like Exploit-DB) for specific vulnerabilities tied to that version, moving closer to the exploitation phase.