Nmap Development mailing list archives
Re: [NSE] Stuxnet detection
From: David Fifield <david () bamsoftware com>
Date: Sun, 12 Dec 2010 14:41:46 -0800
On Sat, Dec 11, 2010 at 01:03:50AM -0600, Mak Kolybabi wrote:
On 2010-12-06 20:39, Mak Kolybabi wrote:Future versions of this script will include the ability to detect the exact version of a Stuxnet infection, and offer the option to download a copy of the executable.Here's the final -- assuming nobody has problems -- version of the script, submitted for (hopefully) inclusion into Nmap. It includes the version number of Stuxnet (a 64-bit value rendered in hex), and the ability to download the remote host's Stuxnet executable (disabled by default). Comments, concerns, criticism, and testing are appreciated.
It's committed now. Great work. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Anybody doing Stuxnet detection? Ron (Nov 17)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)
- Re: Anybody doing Stuxnet detection? Ron (Nov 18)
- [NSE] Stuxnet detection Mak Kolybabi (Dec 06)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection Mak Kolybabi (Dec 10)
- Re: [NSE] Stuxnet detection David Fifield (Dec 12)
- Re: Anybody doing Stuxnet detection? Mak Kolybabi (Nov 18)