Re: [update proposal] irc-info.nse, default botnets chan names report

[David Fifield <david () bamsoftware com>]

On Sat, Jun 04, 2011 at 09:14:55AM +0200, Ange Gutek wrote:
> Here attached is an update for irc-info.nse.
> It adds a LIST command in order to report some default botnets chan names.
> If any, the output has a new line :
> -- @output
> -- 6665/tcp open     irc
> -- |  irc-info: Server: target.example.org
> -- |  Version: hyperion-1.0.2b(381). target.example.org
> -- |  Lservers/Lusers: 0/4204
> -- |  Uptime: 106 days, 2:46:30
> -- |  Source host: source.example.org
> -- |  Source ident: OK n=nmap
> -- |_ Possible BotNets: #loic, #RxBot

I think this didn't belong in irc-info, so I made a new script
irc-botnet-channels. You can also give it a list of your own channel
names.

---
-- @usage
-- nmap -p 6667 --script=irc-botnet-channels <target>
-- @usage
-- nmap -p 6667 --script=irc-botnet-channels --script-args 'irc-botnet-channels.channels={chan1,chan2,chan3}' <target>
--
-- @output
-- | irc-botnet-channels:
-- |   #loic
-- |_  #RxBot

I copied the list of channel names from your patch. Could you document
what botnet uses each of these, if it's not obvious?

loic
Agobot
Slackbot
Mytob
Rbot
SdBot
poebot
IRCBot
VanBot
MPack
Storm
GTbot
Spybot
Phatbot
Wargbot
RxBot

Maybe the name of the script should be different, for as Ron suggested,
it may not be just about botnets?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/