Nmap Development mailing list archives
Re: [NSE] Stuxnet detection
From: Mak Kolybabi <mak () kolybabi com>
Date: Sat, 11 Dec 2010 01:09:21 -0600
On 2010-12-11 01:03, Mak Kolybabi wrote:
Here's the final -- assuming nobody has problems -- version of the script, submitted for (hopefully) inclusion into Nmap. It includes the version number of Stuxnet (a 64-bit value rendered in hex), and the ability to download the remote host's Stuxnet executable (disabled by default).
One thing I forgot to mention is that for this script to function, msrpc.call_function() needs to have the 'local' keyword removed from its definition. -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Anybody doing Stuxnet detection? Ron (Nov 17)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)
- Re: Anybody doing Stuxnet detection? Ron (Nov 18)
- [NSE] Stuxnet detection Mak Kolybabi (Dec 06)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection David Fifield (Dec 12)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)