Nmap Development mailing list archives
Re: [NSE] Stuxnet detection
From: Mak Kolybabi <mak () kolybabi com>
Date: Sat, 11 Dec 2010 01:03:50 -0600
On 2010-12-06 20:39, Mak Kolybabi wrote:
Future versions of this script will include the ability to detect the exact version of a Stuxnet infection, and offer the option to download a copy of the executable.
Here's the final -- assuming nobody has problems -- version of the script, submitted for (hopefully) inclusion into Nmap. It includes the version number of Stuxnet (a 64-bit value rendered in hex), and the ability to download the remote host's Stuxnet executable (disabled by default). Comments, concerns, criticism, and testing are appreciated. -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions
Attachment:
stuxnet-detect.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Anybody doing Stuxnet detection? Ron (Nov 17)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)
- Re: Anybody doing Stuxnet detection? Ron (Nov 18)
- [NSE] Stuxnet detection Mak Kolybabi (Dec 06)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection David Fifield (Dec 12)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)