Nmap Development mailing list archives
Re: [NSE] malicious-ip script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 4 Jul 2011 09:59:20 +0300
I like the idea. However, typically we would want multiple scripts rather than one. This script should probably be split into one for each database. That way the user can choose to run just the ones he prefers. The names should be of form ip-malicious-<database name>. So for Zeustracker you might want to use ip-malicious-zeustracker. The user can then choose to run all ip scripts by stating ip-* on the command line. The user can also choose all ip based maliciousness checks by stating ip-malicious-*. We just had a similar case with ip-geolocation-*. On Mon, Jul 4, 2011 at 2:40 AM, Hani Benhabiles <kroosec () gmail com> wrote:
Hello list, Attached is a script that searches for the host ip address on known malicious ip addresses databases like ZeusTracker. It's inspired by ArcOSI tool. [1] Example of use: --- -- @usage -- nmap --script=malicious-ip.nse <target> -- -- @output -- PORT STATE SERVICE -- 80/tcp open http --|_malicious-ip: IP indexed as malicious In debug mode, it tells in which databases the IP address is found. NSE: x.x.x.x found in https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist I'm thinking about adding domain searching either in the same script or in a separate one. Comments are much welcome. #Hani [1] http://code.google.com/p/arcosi/ -- M. Hani Benhabiles Twitter: @kroosec _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] malicious-ip script Hani Benhabiles (Jul 03)
- Re: [NSE] malicious-ip script Paulino Calderon (Jul 03)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 03)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 14)
- Re: [NSE] malicious-ip script Djalal Harouni (Jul 14)
- Re: [NSE] malicious-ip script Hani Benhabiles (Aug 02)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
- Re: [NSE] malicious-ip script Fyodor (Jul 06)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 06)