Nmap Development mailing list archives
Re: [update proposal] irc-info.nse, default botnets chan names report
From: David Fifield <david () bamsoftware com>
Date: Tue, 8 Nov 2011 17:54:15 -0800
On Tue, Nov 08, 2011 at 05:42:01PM -0800, David Fifield wrote:
On Sat, Jun 04, 2011 at 09:14:55AM +0200, Ange Gutek wrote:Here attached is an update for irc-info.nse. It adds a LIST command in order to report some default botnets chan names. If any, the output has a new line : -- @output -- 6665/tcp open irc -- | irc-info: Server: target.example.org -- | Version: hyperion-1.0.2b(381). target.example.org -- | Lservers/Lusers: 0/4204 -- | Uptime: 106 days, 2:46:30 -- | Source host: source.example.org -- | Source ident: OK n=nmap -- |_ Possible BotNets: #loic, #RxBotI think this didn't belong in irc-info, so I made a new script irc-botnet-channels. You can also give it a list of your own channel names.
I should mention that this script worked for me against irc.freenode.net (when I supplied a list of my own channel names), but it didn't work against irc.oftc.net. oftc seems to give me an empty list whenever the LIST command contains more than one channel. Sometimes it also gives an empty list when the LIST command contains only one channel. And sometimes it says :larich.oftc.net 263 nick :Server load is temporarily too heavy. Please wait a while and try again. (This last response only happened when I was testing manually with Ncat.) Is there perhaps a more reliable way to do this test? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [update proposal] irc-info.nse, default botnets chan names report David Fifield (Nov 08)
- Re: [update proposal] irc-info.nse, default botnets chan names report David Fifield (Nov 08)