Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

script to utilize ZTDNS (zeustracker DNS)

From: mikael keri <info () prowling nu>
Date: Sun, 28 Aug 2011 00:26:01 +0200
Hi list,
Attached is a script that uses the DNS service @ zeustracker.abuse.ch (ZTDNS) to check if scanned IP-range is part of a Zeus bot net.
Similar Zeustracker lookups has been done before with different NSE scripts, not sure however if it has been done using the ZTDNS service.
Roman Huessy was kind to give his OK to use his DNS service in this manner, *use* but not abuse. 


description = [[
 Check if your IP-range is part of a Zeus botnet!
 Information supplied by ZTDNS @ abuse.ch!

Please review the following information before you start to scan
 https://zeustracker.abuse.ch/ztdns.php
 ]]

---
-- @usage
-- nmap --script=zeustracker.nse <target IP/IP-range>
-- @output
-- Host script results:
-- | zeustracker:
-- |   IP: 208.87.242.18 : SBL: Not listed : ASN: 40676  Country: US
-- |_ Status: unknown Level: Unknown Files_online: 0 Dateadded: 2010-12-28 


Hopefully some one else will find it useful.

If you have any comments, please let me know.


Regards
Mikael Keri

Attachment: zeustracker.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: