Re: script to utilize ZTDNS (zeustracker DNS)

[Patrik Karlsson <patrik () cqure net>]

On Sun, Aug 28, 2011 at 12:26 AM, mikael keri <info () prowling nu> wrote:

> Hi list,
>
> Attached is a script that uses the DNS service @ zeustracker.abuse.ch(ZTDNS) to check if scanned IP-range is part of 
> a Zeus bot net.
>
> Similar Zeustracker lookups has been done before with different NSE
> scripts, not sure however if it has been done using the ZTDNS service.
>
> Roman Huessy was kind to give his OK to use his DNS service in this
> manner, *use* but not abuse.
>
>
> description = [[
>  Check if your IP-range is part of a Zeus botnet!
>  Information supplied by ZTDNS @ abuse.ch!
>
> Please review the following information before you start to scan
>  https://zeustracker.abuse.ch/**ztdns.php<https://zeustracker.abuse.ch/ztdns.php>
>  ]]
>
> ---
> -- @usage
> -- nmap --script=zeustracker.nse <target IP/IP-range>
> -- @output
> -- Host script results:
> -- | zeustracker:
> -- |   IP: 208.87.242.18 : SBL: Not listed : ASN: 40676  Country: US
> -- |_  Status: unknown  Level: Unknown Files_online: 0  Dateadded:
> 2010-12-28
>
>
> Hopefully some one else will find it useful.
>
> If you have any comments, please let me know.
>
>
> Regards
> Mikael Keri
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

Hi all,

I've been working with Mikael off-list to get this committed.
We've made some changes to logic and formatting and finally committed it as
r26964.
Thanks Mikael for your valuable contribution to Nmap and sorry for the
delay!

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/