Nmap Development mailing list archives
script to utilize ZTDNS (zeustracker DNS)
From: mikael keri <info () prowling nu>
Date: Sun, 28 Aug 2011 00:26:01 +0200
Hi list,Attached is a script that uses the DNS service @ zeustracker.abuse.ch (ZTDNS) to check if scanned IP-range is part of a Zeus bot net.
Similar Zeustracker lookups has been done before with different NSE scripts, not sure however if it has been done using the ZTDNS service.
Roman Huessy was kind to give his OK to use his DNS service in this manner, *use* but not abuse.
description = [[ Check if your IP-range is part of a Zeus botnet! Information supplied by ZTDNS @ abuse.ch! Please review the following information before you start to scan https://zeustracker.abuse.ch/ztdns.php ]] --- -- @usage -- nmap --script=zeustracker.nse <target IP/IP-range> -- @output -- Host script results: -- | zeustracker: -- | IP: 208.87.242.18 : SBL: Not listed : ASN: 40676 Country: US-- |_ Status: unknown Level: Unknown Files_online: 0 Dateadded: 2010-12-28
Hopefully some one else will find it useful. If you have any comments, please let me know. Regards Mikael Keri
Attachment:
zeustracker.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- script to utilize ZTDNS (zeustracker DNS) mikael keri (Aug 27)