Nmap Development mailing list archives
Re: script to utilize ZTDNS (zeustracker DNS)
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 31 Oct 2011 19:14:15 +0100
On Sun, Aug 28, 2011 at 12:26 AM, mikael keri <info () prowling nu> wrote:
Hi list, Attached is a script that uses the DNS service @ zeustracker.abuse.ch(ZTDNS) to check if scanned IP-range is part of a Zeus bot net. Similar Zeustracker lookups has been done before with different NSE scripts, not sure however if it has been done using the ZTDNS service. Roman Huessy was kind to give his OK to use his DNS service in this manner, *use* but not abuse. description = [[ Check if your IP-range is part of a Zeus botnet! Information supplied by ZTDNS @ abuse.ch! Please review the following information before you start to scan https://zeustracker.abuse.ch/**ztdns.php<https://zeustracker.abuse.ch/ztdns.php> ]] --- -- @usage -- nmap --script=zeustracker.nse <target IP/IP-range> -- @output -- Host script results: -- | zeustracker: -- | IP: 208.87.242.18 : SBL: Not listed : ASN: 40676 Country: US -- |_ Status: unknown Level: Unknown Files_online: 0 Dateadded: 2010-12-28 Hopefully some one else will find it useful. If you have any comments, please let me know. Regards Mikael Keri _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi all, I've been working with Mikael off-list to get this committed. We've made some changes to logic and formatting and finally committed it as r26964. Thanks Mikael for your valuable contribution to Nmap and sorry for the delay! Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: script to utilize ZTDNS (zeustracker DNS) Patrik Karlsson (Oct 31)