BannerGrapV2 — The Open-Source Network Recon Tool Built in Go That Security Professionals Actually Need
TL;DR — BannerGrapV2 is a production-grade, multi-protocol network reconnaissance and vulnerability discovery tool written in Go. It replaces a fragmented toolchain of Nmap, custom scripts, and manual banner grabbers with a single binary capable of scanning 10,000 hosts concurrently across HTTP, HTTPS, SSH, FTP, SMTP, Telnet, and custom TCP protocols — all with structured JSON, CSV, or HTML output.
🔗 GitHub: github.com/MrEchoFi/BannerGrapV2
⭐ If this saves you time, a star on GitHub keeps the project alive.
The Problem With Your Current Recon Workflow
If you work in penetration testing, red team ops, bug bounty hunting, or security engineering, you already know what a typical recon session looks like. You fire up Nmap for port discovery, run a separate Python script for banner grabbing, manually check SSL certificate details, then spend twenty minutes stitching three different output formats together before you can actually do anything useful.
This is the workflow that BannerGrapV2 was built to collapse into a single, reliable, fast tool.
Built in Go — specifically for its native goroutine concurrency model — BannerGrapV2 handles the full recon-through-reporting pipeline without the performance ceiling you hit with Python-based tools or the dependency hell of multi-tool chains.
Who Should Keep Reading
This tool is relevant to you if you are:
- A penetration tester or red teamer who needs fast, structured reconnaissance output before moving to exploitation
- A bug bounty hunter working large scope targets with hundreds or thousands of in-scope hosts
- A SOC analyst or blue teamer running asset inventory or exposure monitoring on internal infrastructure
- A DevSecOps engineer looking to integrate automated service fingerprinting into a CI/CD pipeline
- A network or sysadmin who needs periodic LAN audits with exportable reports
If none of that applies, this post probably isn't for you.
What BannerGrapV2 Does — Feature Breakdown
Core Reconnaissance Engine
- Multi-threaded banner grabbing — up to 10,000 concurrent hosts via Go goroutines
- Multi-protocol support — HTTP, HTTPS, FTP, SMTP, SSH, Telnet, raw TCP, and fully custom payloads
- Service fingerprinting across 1,000+ protocol signatures
- SSL/TLS certificate analysis — issuer, expiry, version, cipher grade
- HTTP header enumeration — server version, security headers, redirects
- DNS resolution and information gathering
- Nmap integration for deeper port-level data
Security Analysis
- Vulnerability detection engine with CVE cross-referencing
- Weak credential detection (brute force via SecLists-compatible wordlists)
- Misconfiguration identification
- Exploit suggestion framework based on fingerprinted service versions
Performance Design
- Concurrent scanning up to 10,000 hosts
- Adaptive rate limiting to respect scope and avoid unintentional DoS
- Smart timeout handling per-protocol
- Memory-efficient design — no swap abuse on large host lists
- Ability to resume failed or interrupted scans
Reporting
- JSON, CSV, XML, HTML output — ready for SIEM ingestion, Excel analysis, or client reports
- Color-coded, readable terminal output
- Executive summary mode for client-facing reports
- Integration-ready API output format
Installation — Pick Your Method
Option 1: Pre-built Binary (Fastest)
No Go installation required.
# Linux / macOS
curl -L https://github.com/MrEchoFi/BannerGrapV2/releases/latest/download/bannergrapv2-linux-amd64 -o bannergrapv2
chmod +x bannergrapv2
sudo mv bannergrapv2 /usr/local/bin/
# Verify
bannergrapv2 -h
bannergrapv2 --version
# Windows (PowerShell — run as Administrator)Invoke-WebRequest`
-Uri"https://github.com/MrEchoFi/BannerGrapV2/releases/latest/download/bannergrapv2-windows-amd64.exe"`
-OutFile"bannergrapv2.exe"Option 2: Build from Source (Go 1.21+)
git clone https://github.com/MrEchoFi/BannerGrapV2.git
cd BannerGrapV2
go build -o bannergrapv2 .
sudo mv bannergrapv2 /usr/local/bin/
Option 3: Docker (Isolated Lab Environment)
git clone https://github.com/MrEchoFi/BannerGrapV2.git
cd BannerGrapV2
docker build -t bannerv2 .
# Run
docker run --rm bannerv2
# Or with volume mount for output files
docker run --rm -v $(pwd)/output:/output bannerv2
Option 4: Kubernetes (Scale-Out Deployment)
# Spin up a local cluster with Minikube
minikube start --driver=docker
minikube addons enable default-storageclass
# Deploy using the included manifests
chmod +x start_banner.sh
./start_banner.sh
# Or deploy manually
kubectl apply -f bannerv2-deploy.yaml
kubectl apply -f bannerv2-service.yaml
kubectl apply -f bannerv2-job.yaml
Command Reference — Real-World Scenarios
This is the part most documentation misses. Here are commands mapped to actual situations you encounter in the field.
🔹 Scenario 1: Pentest Engagement — Initial Recon on a /24 Network
You just received scope. Your first job is to understand what's listening on the network before you start probing.
Step 1 — Generate your target list:
# Generate all IPs in a /24 subnet
for i in $(seq 1 254); do echo "192.168.1.$i"; done > targets.txt
Step 2 — Sweep the subnet across all major protocols with 50 threads:
for proto in http https ftp ssh smtp; do
go run bannerGrap.go -f targets.txt -proto $proto -threads 50 -timeout 2 -o scan_${proto}.json
done
# Merge all protocol results into one file (requires jq)
jq -s 'add' scan_*.json > full_recon_combined.json
Step 3 — Generate an HTML report for the team:
go run bannerGrap.go -f targets.txt -proto http --report-html recon_report.html -threads 50
🔹 Scenario 2: Bug Bounty — Mass HTTPS Scan on 10,000 In-Scope Domains
You're working a large program with thousands of in-scope subdomains. You need service fingerprints and banner data fast.
10,000-host HTTPS scan, 500 threads, 2s timeout, CSV output:
go run bannerGrap.go \
-f ten_thousand_domains.txt \
-proto https \
-port 443 \
-payload "GET / HTTP/1.1\r\nHost: %s\r\nUser-Agent: BannerGrapV2/2.0\r\nAccept: */*\r\n\r\n" \
-threads 500 \
-timeout 2 \
-o bug_bounty_https_results.csv
Same scan, JSON output (for programmatic processing):
go run bannerGrap.go \
-f ten_thousand_domains.txt \
-proto https \
-port 443 \
-payload "GET / HTTP/1.1\r\nHost: %s\r\nUser-Agent: BannerGrapV2/2.0\r\nAccept: */*\r\n\r\n" \
-threads 500 \
-timeout 2 \
-o bug_bounty_https_results.json
Then grep for CVEs directly from the JSON output:
grep -i "CVE-" bug_bounty_https_results.json | tee critical_findings.txt
🔹 Scenario 3: Red Team — Nmap + Masscan + BannerGrapV2 Combined Pipeline
Use Masscan for raw port discovery at speed, then hand off to BannerGrapV2 for deep fingerprinting.
# Step 1 — Fast port discovery with Masscan
masscan 192.168.1.0/24 -p1-65535 --rate=10000 -oG masscan.gnmap
# Step 2 — Parse Masscan output to host:port format
awk '/Ports:/{
split($0,a,"Ports: ");
split(a[2],b,",");
for(i in b) {
split(b[i],c,"/");
print $2":"c[1]
}
}' masscan.gnmap > masscan_targets.txt
# Step 3 — Deep banner grab with BannerGrapV2
go run bannerGrap.go \
-f masscan_targets.txt \
-threads 100 \
-timeout 2 \
-o masscan_bannergrap_results.json
Alternatively, feed Nmap's live-host output directly:
nmap -p- --open -oG - 192.168.1.0/24 \
| awk '/Up$/{ip=$2} /Ports:/{
split($0,a,"Ports: ");
split(a[2],b,",");
for(i in b) {split(b[i],c,"/"); print ip":"c[1]}
}' > all_open_targets.txt
go run bannerGrap.go \
-f all_open_targets.txt \
-threads 100 \
-timeout 2 \
-o full_aggressive_scan.json
🔹 Scenario 4: SSH Brute Force with SecLists Wordlists
Once you have a list of SSH targets, check for weak credentials against a proper wordlist.
# Using SecLists (recommended)
# usernames: SecLists/Usernames/top-usernames-shortlist.txt
# passwords: SecLists/Passwords/Common-Credentials/10k-most-common.txt
# or rockyou.txt for maximum coverage
go run bannerGrap.go \
-f ssh_targets.txt \
-proto ssh \
--brute-userlist /path/to/SecLists/Usernames/top-usernames-shortlist.txt \
--brute-passlist /path/to/SecLists/Passwords/Common-Credentials/10k-most-common.txt \
-threads 50 \
-timeout 3 \
-o ssh_brute_results.json
Single-target SSH brute force for targeted testing:
go run bannerGrap.go \
--brute-userlist usernames.txt \
--brute-passlist passwords.txt \
-proto ssh \
192.168.1.100
🔹 Scenario 5: Blue Team — Internal LAN Asset Inventory Audit
You need a regular audit of what's actually exposed on your internal network. Run this weekly or drop it into a cron job.
LAN HTTP sweep with 254 threads (one per host), 1s timeout:
go run bannerGrap.go \
-f <(for i in $(seq 1 254); do echo "192.168.1.$i"; done) \
-proto http \
-port 80 \
-threads 254 \
-timeout 1 \
-o lan_http_audit.csv
Full multi-protocol internal audit:
go run bannerGrap.go -f internal_targets.txt -proto http -threads 50 -timeout 3 -o internal_http.json
go run bannerGrap.go -f internal_targets.txt -proto https -threads 50 -timeout 3 -o internal_https.json
go run bannerGrap.go -f internal_targets.txt -proto ssh -threads 50 -timeout 3 -o internal_ssh.json
go run bannerGrap.go -f internal_targets.txt -proto ftp -threads 50 -timeout 3 -o internal_ftp.json
go run bannerGrap.go -f internal_targets.txt -proto smtp -threads 50 -timeout 3 -o internal_smtp.json
# Merge everything
jq -s 'add' internal_*.json > full_internal_audit.json
Schedule it as a daily cron job at 2:00 AM:
# Add to crontab: crontab -e
0 2 * * * /usr/bin/go run /opt/bannergrapv2/bannerGrap.go \
-f /opt/scan/targets.txt \
-proto https \
-threads 20 \
-o /opt/scan/reports/daily_$(date +\%Y-\%m-\%d).json
Pipe CVE alerts directly to email:
go run bannerGrap.go -f targets.txt -proto http -threads 30 -o temp_scan.json
grep -i "CVE-" temp_scan.json | mail -s "[ALERT] Critical Vulnerabilities Detected" security-team@yourorg.com
🔹 Scenario 6: DevSecOps — CI/CD Pipeline Integration (GitHub Actions)
Scan your staging or production environment after every deployment.
# .github/workflows/security-scan.yml
name: BannerGrapV2 Security Scan
on:
push:
branches: [main, staging]
schedule:
- cron: '02***' # Daily at 2 AM UTC
jobs:
recon-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download BannerGrapV2
run: |
curl -L https://github.com/MrEchoFi/BannerGrapV2/releases/latest/download/bannergrapv2-linux-amd64 -o bannergrapv2
chmod +x bannergrapv2
- name: Run Security Scan
run: |
./bannergrapv2 \
-f production_hosts.txt \
-proto https \
-threads 100 \
-timeout 5 \
-o scan_results.json
- name: Check for Critical CVEs
run: |
if grep -qi "CVE-" scan_results.json; then
echo "::error::Critical vulnerabilities detected!"
grep -i "CVE-" scan_results.json
exit 1
fi
- name: Upload Scan Results
uses: actions/upload-artifact@v3
with:
name: security-scan-results
path: scan_results.json
🔹 Scenario 7: Protocol-Specific Fingerprinting
SMTP banner harvesting (check for old, vulnerable mail server versions):
go run bannerGrap.go \
-f mail_servers.txt \
-proto smtp \
-port 25 \
-threads 100 \
-timeout 5 \
-o smtp_banners.json
# Also probe with VRFY and EXPN commands for user enumeration
go run bannerGrap.go -proto smtp -payload "VRFY postmaster\r\n" mail.target.com
go run bannerGrap.go -proto smtp -payload "EXPN postmaster\r\n" mail.target.com
FTP anonymous access check across a server fleet:
go run bannerGrap.go \
-f ftp_servers.txt \
-proto ftp \
-port 21 \
-threads 150 \
-timeout 4 \
-o ftp_anon_check.csv
# Or test anonymous login directly
go run bannerGrap.go -proto ftp -payload "USER anonymous\r\n" ftp.target.com
SSH version fingerprinting at scale:
go run bannerGrap.go \
-f ssh_hosts.txt \
-proto ssh \
-port 22 \
-threads 300 \
-timeout 3 \
-v
Telnet service fingerprinting on mixed IPv4/IPv6 targets:
go run bannerGrap.go \
-f mixed_ipv4_ipv6_targets.txt \
-proto telnet \
-port 23 \
-threads 100 \
-timeout 5 \
-o telnet_fingerprints.json
Custom TCP payload — probe a proprietary daemon or non-standard service:
go run bannerGrap.go \
-f custom_daemon_hosts.txt \
-proto custom \
-port 9000 \
-payload "HELLO\n" \
-threads 50 \
-timeout 6 \
-o daemon_responses.csv
Protocol fuzzing — test admin endpoints with custom HTTP headers:
go run bannerGrap.go \
-f targets.txt \
-proto http \
--payload "GET /admin HTTP/1.1\r\nHost: %s\r\nUser-Agent: Mozilla/5.0\r\n\r\n" \
-threads 20
🔹 Scenario 8: Parallel Execution with GNU Parallel
For maximum throughput when you have a machine with many cores:
# Run 20 parallel instances, one per host
cat targets.txt | parallel -j 20 "go run bannerGrap.go {} -proto http -timeout 2"
# Run 50 parallel instances
cat targets.txt | parallel -j 50 "go run bannerGrap.go {} -proto http -timeout 2"
🔹 Scenario 9: All-Ports Scan on a Single Critical Host
When you need a complete picture of every port on a single high-value target:
# Generate all 65535 ports as targets
for p in {1..65535}; do echo "192.168.1.100:$p"; done > all_ports.txt
# Scan everything, 200 threads, 1s timeout
go run bannerGrap.go \
-f all_ports.txt \
-threads 200 \
-timeout 1 \
-o all_ports_scan.json
🔹 Scenario 10: The "Nuclear" All-In-One Sweep
Five protocols, 250 threads each, chained with && so they run sequentially and each output goes to its own file:
# HTTP
go run bannerGrap.go -f vip_targets.txt -threads 250 -timeout 3 -o http_sweep.json && \
# HTTPS
go run bannerGrap.go -f vip_targets.txt -proto https -threads 250 -timeout 3 -o https_sweep.json && \
# SMTP
go run bannerGrap.go -f vip_targets.txt -proto smtp -threads 250 -timeout 3 -o smtp_sweep.json && \
# SSH
go run bannerGrap.go -f vip_targets.txt -proto ssh -threads 250 -timeout 3 -o ssh_sweep.json && \
# FTP
go run bannerGrap.go -f vip_targets.txt -proto ftp -threads 250 -timeout 3 -o ftp_sweep.json
# Then merge everything
jq -s 'add' *_sweep.json > FULL_SWEEP_REPORT.json
And generate the final HTML report:
go run bannerGrap.go -f vip_targets.txt -proto http --report-html FULL_SWEEP_REPORT.html -threads 50
🔹 Scenario 11: Export for SIEM Integration
BannerGrapV2's JSON output is structured and SIEM-ready. Pipe it straight into your log aggregator:
# Output structured JSON for Splunk / Elastic / Sentinel ingestion
go run bannerGrap.go \
-f targets.txt \
-proto http \
-threads 100 \
-o siem_feed_$(date +%Y%m%d_%H%M%S).json
Configuration File — For Persistent Scan Profiles
Instead of typing flags every time, save your scan profile in config.yaml:
# BannerGrapV2 Configuration — config.yaml
general:
threads: 100
timeout: 10
retries: 3
verbose: true
scan:
common_ports: true
port_range: "1-10000"
service_detection: true
ssl_analysis: true
vulnerability:
enabled: true
cve_database: "online"
min_severity: "medium"
output:
format: "json"
directory: "./reports"
timestamp: true
brute_force:
enabled: false
username_list: "usernames.txt"
password_list: "passwords.txt"
Run with config:
bannergrapv2 -config config.yaml -target 192.168.1.1
Post-Processing Tips — Working With the Output
BannerGrapV2 produces clean, structured output. Here are a few useful commands for working with it:
# Filter only hosts with open port 443
cat results.json | jq '.[] | select(.port == 443)'
# Count unique services detected
cat results.json | jq '[.[].service] | group_by(.) | map({service: .[0], count: length}) | sort_by(-.count)'
# Export CSV to Excel-friendly format
cat results.csv | column -t -s ','
# Alert on specific vulnerabilities
grep -iE "CVE-[0-9]+-[0-9]+" results.json | sort -u
# Combine multiple scan output files
jq -s 'add' scan_http.json scan_https.json scan_ssh.json > combined.json
How to Contribute
BannerGrapV2 is MIT-licensed and actively looking for contributors. The codebase is Go (91.5%) with Shell scripts — if you've worked with Go networking libraries, goroutines, or security tooling, there's meaningful work here.
Current contribution areas:
- Adding new protocol handlers and service fingerprints
- Expanding the CVE detection engine and signature database
- Writing tests (unit and integration)
- Improving documentation and usage examples
- Building out the plugin system
- Metasploit and Nmap integration work
How to submit a PR:
# Fork the repo on GitHub, then:
git clone https://github.com/YOUR_USERNAME/BannerGrapV2.git
cd BannerGrapV2
git checkout -b feature/your-feature-name
# Make your changes
git add .
git commit -m "feat: description of your change"
git push origin feature/your-feature-name
# Then open a Pull Request on GitHub
Full guidelines: CONTRIBUTING.md
For bug reports and feature requests, open an issue on GitHub Issues.
Project Roadmap
| Status | Feature |
|---|---|
| ✅ Done | Core multi-protocol banner grabbing |
| ✅ Done | Multi-threaded concurrent scanning |
| ✅ Done | Vulnerability detection engine |
| ✅ Done | JSON / CSV / HTML / XML output |
| ✅ Done | Brute force with custom wordlists |
| ✅ Done | Docker support |
| ✅ Done | Kubernetes deployment manifests |
| 🔄 In Progress | Plugin system for custom scanners |
| 📋 Planned | Full Metasploit & Nmap integration |
| 📋 Planned | Kubernetes operator |
| 📋 Planned | Web dashboard for scan results |
Responsible Use Disclaimer
BannerGrapV2 is built for authorized security testing only. Only use it on systems you own or have explicit, written permission to test. This includes bug bounty programs with defined scope, internal networks you administer, and environments you have contractual authorization to assess.
Unauthorized network scanning violates computer crime laws in most jurisdictions. The developer and contributors bear no responsibility for misuse.
About the Developer
MrEchoFi (Md. Abu Naser Nayeem / Tanjib Isham) is a Cybersecurity Researcher, Certified Red Team CredOps Infiltrator (CRT-COI). His work spans DevSecOps, hardware penetration testing, IoT security, and open-source security tooling.
- 🌐 Portfolio: echo-fi-portfolio-node-js.vercel.app
- 💼 LinkedIn: md-abu-naser-nayeem-mrechofi
- 🐙 GitHub: github.com/MrEchoFi
Final Words
The security tooling ecosystem benefits from open, well-documented, actively maintained tools. BannerGrapV2 is built to serve real workflows — not just demos.
If it helps you work faster, find what you'd otherwise miss, or simplify a step in your process, the best thing you can do is:
- ⭐ Star the repo — github.com/MrEchoFi/BannerGrapV2
- 🔀 Fork it and contribute — even documentation PRs matter
- 📣 Share it with your team, your bug bounty group, or your security community
Questions, feedback, or edge cases you want covered? Leave a comment below or open a GitHub Issue.
Happy HackNight. 🌙
Built with Go. Maintained by the community. MIT Licensed.
Tags: #cybersecurity #go #golang #opensource #penetrationtesting #bugbounty #redteam #blueteam #devsecops #networksecurity #bannergrabbing #infosec #ethicalhacking