Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.

amap integrates seamlessly with our Vulnerability Management platform Faraday.

Last updated on Feb 10th 2020. Version 5.4

SHA2SUM: a75ea58de75034de6b10b0de0065ec88e32f9e9af11c7d69edbffc4da9a5b059

  • Amap was innovative - the first tool to perform application protocol detection. Then a better approach was implemented into nmap, this and the large user base of nmap made amap pretty much obsolete. So today, I recommend to rather use nmap -sV for application fingerprinting rather than amap (although in some circumstances amap will yield better results, but these are rare). Still, after 5 years there is an update to amap. The reason for this is IPv6. nmap still does not have a good IPv6 support, e.g. UDP port scanning is not possible. Hence for this v5.4 release in April 2011 that enhances amap to perform better UDP IPv6 support (before only application fingerprinting did work here, now the port scanning feature works too).