Nmap Development mailing list archives
Re: [NSE] Stuxnet detection
From: Bob Radvanovsky <rsradvan () unixworks net>
Date: Mon, 06 Dec 2010 20:48:53 -0600
Guys -- This is AWESOME! I have cross-posted this onto the SCADASEC mailing list to see if this can be useful to the SCADASEC community. In the meantime, since I don't repost attachments, I've taken Mr. Kolybabi's script and placed it on our web server here: http://www.infracritical.com/enum-scripts/stuxnet-detect.nse I'm working on a couple of NSE scripts for SCADA systems right now, and will be (hopefully soon) posting them on this mailing list... ;) Thanks! -r ----- Original Message ----- From: Mak Kolybabi [mailto:mak () kolybabi com] To: nmap-dev () insecure org Cc: Bob Radvanovsky [mailto:rsradvan () unixworks net], Ron Bowes [mailto:ron () skullsecurity net] Subject: [NSE] Stuxnet detection
I've finished the first version of the script, and am submitting it for (hopefully) inclusion into Nmap. This version successfully detects infected hosts, or at least the one infected host I had access to. It also did not raise any false positives on any of the forty other hosts I tested against. Future versions of this script will include the ability to detect the exact version of a Stuxnet infection, and offer the option to download a copy of the executable. Comments, concerns, criticism, and testing are appreciated. -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Stuxnet detection Bob Radvanovsky (Dec 06)