Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.
Tool Source: https://www.thc.org/thc-amap/
- amapcrap – sends random data to a UDP, TCP or SSL’ed port to illicit a response
Video Tutorial: Coming Soon!