Nmap Development mailing list archives
Running Malware Scripts
From: "Rathbun, Dan" <Dan.Rathbun () aecom com>
Date: Wed, 24 Dec 2008 13:06:44 -0800
Greetings all, I bought the 'NMAP Network Scanning' book from Amazon the other day and it's a GREAT read! I have already learned many new tricks about how to leverage NMAP more fully, and I am fast at work thinking up new uses for it in our environment. Right now I am trying now to learn how best to use the '-script=malware' option to scan our substantial network for infected machines. But I am finding that the resulting XML files are too large to review manually (over 50,000 hosts). So I am looking for some guidance as far as what things to search the output file for. I was originally thinking of IRC ports or SMTP ports, but that is not proving very fruitful. Has anyone developed a productive routine to accomplish this task? If not can you suggest some ideas about how I could begin to develop one for our organization? Dan Rathbun Information Security Director CISSP, GSLC, GSEC, GLEG and G7799 Certified D 978.930.5656 dan.rathbun () aecom com AECOM 515 South Flower Street, 4th Floor Los Angeles, CA 90071-2201 http://www.aecom.com <http://www.aecom.com/> This communication is intended for the sole use of the person(s) to whom it is addressed and may contain information that is privileged, confidential or subject to copyright. Any unauthorized use, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately. Any communication received in error should be deleted and all copies destroyed. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Running Malware Scripts Rathbun, Dan (Dec 24)
- Re: Running Malware Scripts Brandon Enright (Dec 24)
- Message not available
- Message not available
- Message not available
- How I scan large networks (was Re: Running Malware Scripts) Brandon Enright (Dec 31)
- Message not available
- Re: Running Malware Scripts Brandon Enright (Dec 24)