Nmap Development mailing list archives
[NSE] Stuxnet detection
From: Mak Kolybabi <mak () kolybabi com>
Date: Mon, 6 Dec 2010 20:39:11 -0600
I've finished the first version of the script, and am submitting it for (hopefully) inclusion into Nmap. This version successfully detects infected hosts, or at least the one infected host I had access to. It also did not raise any false positives on any of the forty other hosts I tested against. Future versions of this script will include the ability to detect the exact version of a Stuxnet infection, and offer the option to download a copy of the executable. Comments, concerns, criticism, and testing are appreciated. -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions
Attachment:
stuxnet-detect.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Anybody doing Stuxnet detection? Ron (Nov 17)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)
- Re: Anybody doing Stuxnet detection? Ron (Nov 18)
- [NSE] Stuxnet detection Mak Kolybabi (Dec 06)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection David Fifield (Dec 12)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)