Re: http-unsafe-host.nse - Script to check if host is known for distributing malware or being used in phishing attacks

[Paulino Calderon <paulino () calderonpale com>]

On 07/04/2011 01:05 AM, Paulino Calderon wrote:
> Hi nmap-dev,
>
> I'm attaching 'http-unsafe-host.nse', feedback is welcomed. You can 
> try it against some malware infected sites from 
> http://www.malwareblacklist.com/showMDL.php
>
> description = [[
> http-unsafe-host checks if hosts are on Google's blacklist of 
> suspected malware and phishing servers. These lists are constantly 
> updated and are part of Google's Safe Browsing service.
>
> To use this script you need to have your own API key to access 
> Google's Safe Browsing Lookup services. Sign up for yours at 
> http://code.google.com/apis/safebrowsing/key_signup.html
>
> * To learn more about Google's Safe Browsing:
> http://code.google.com/apis/safebrowsing/
>
> * To register and get your personal API key:
> http://code.google.com/apis/safebrowsing/key_signup.html
> ]]
> ---
> -- @usage
> -- nmap -p80 --script http-unsafe-host <host>
> --
> -- @output
> -- PORT   STATE SERVICE
> -- 80/tcp open  http
> -- |_http-unsafe-host.nse: Host is known for distributing malware.
> --
> -- @args http-unsafe-host.url URL to check. Default: 
> <code>http/https</code>://<code>host</code>
> ---
>
> Cheers.
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
I've added an argument to pass the api key from command line and 
commited this script as 'http-google-malware' r24749.

--
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon

Attachment: http-google-malware.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/