Nmap Development mailing list archives

[NSE] malicious-ip script

From: Hani Benhabiles <kroosec () gmail com>
Date: Mon, 4 Jul 2011 00:40:14 +0100

Hello list,

Attached is a script that searches for the host ip address on known
malicious ip addresses databases like ZeusTracker. It's inspired by ArcOSI
tool. [1]

Example of use:
---
-- @usage
-- nmap --script=malicious-ip.nse <target>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http
--|_malicious-ip: IP indexed as malicious

In debug mode, it tells in which databases the IP address is found.
NSE: x.x.x.x found in
https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

I'm thinking about adding domain searching either in the same script or in a
separate one. Comments are much welcome.

#Hani

[1] http://code.google.com/p/arcosi/

-- 
M. Hani Benhabiles
Twitter: @kroosec

Attachment: malicious-ip.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] malicious-ip script Hani Benhabiles (Jul 03)
- Re: [NSE] malicious-ip script Paulino Calderon (Jul 03)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 03)
  - Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
    - Re: [NSE] malicious-ip script Hani Benhabiles (Jul 14)
    - Re: [NSE] malicious-ip script Djalal Harouni (Jul 14)
    - Re: [NSE] malicious-ip script Hani Benhabiles (Aug 02)
  - Re: [NSE] malicious-ip script Fyodor (Jul 06)
    - Re: [NSE] malicious-ip script Toni Ruottu (Jul 06)