Nmap Development mailing list archives
[NSE] malicious-ip script
From: Hani Benhabiles <kroosec () gmail com>
Date: Mon, 4 Jul 2011 00:40:14 +0100
Hello list, Attached is a script that searches for the host ip address on known malicious ip addresses databases like ZeusTracker. It's inspired by ArcOSI tool. [1] Example of use: --- -- @usage -- nmap --script=malicious-ip.nse <target> -- -- @output -- PORT STATE SERVICE -- 80/tcp open http --|_malicious-ip: IP indexed as malicious In debug mode, it tells in which databases the IP address is found. NSE: x.x.x.x found in https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist I'm thinking about adding domain searching either in the same script or in a separate one. Comments are much welcome. #Hani [1] http://code.google.com/p/arcosi/ -- M. Hani Benhabiles Twitter: @kroosec
Attachment:
malicious-ip.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] malicious-ip script Hani Benhabiles (Jul 03)
- Re: [NSE] malicious-ip script Paulino Calderon (Jul 03)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 03)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 14)
- Re: [NSE] malicious-ip script Djalal Harouni (Jul 14)
- Re: [NSE] malicious-ip script Hani Benhabiles (Aug 02)
- Re: [NSE] malicious-ip script Hani Benhabiles (Jul 06)
- Re: [NSE] malicious-ip script Fyodor (Jul 06)
- Re: [NSE] malicious-ip script Toni Ruottu (Jul 06)