Scanning for Confiker via nmap

[jsawyer at ufl.edu (John Sawyer)]

The Conficker check is in the latest SVN version of Nmap. It's in the  
smb-check-vulns.nse which now checks for Conficker, MS08-067 and a  
regsvc DoS.

nmap --script smb-check-vulns.nse -p445

For safety's sake, you might want to also run it with --script- 
args=unsafe=1 to prevent possible crashes from the regsvc check. That  
should not turn off the conficker check.

-jhs

On Mar 30, 2009, at 11:10 AM, Chris Merkel wrote:

> According to this:
> http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/
>
> A script should be released today to scan for conficker-infected
> machines over the wire.
>
> I looked at the NSE portal and haven't seen anything yet - would it
> show up there, or is there a development site or repository where this
> will first appear?
>
> I'd like to get a scan in before April 1st, when variant C drops.
>
> -- 
> - Chris Merkel
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090330/5302d697/attachment.htm