Re: [update proposal] irc-info.nse, default botnets chan names report

[David Fifield <david () bamsoftware com>]

On Tue, Nov 08, 2011 at 05:42:01PM -0800, David Fifield wrote:
> On Sat, Jun 04, 2011 at 09:14:55AM +0200, Ange Gutek wrote:
> > Here attached is an update for irc-info.nse.
> > It adds a LIST command in order to report some default botnets chan names.
> > If any, the output has a new line :
> > -- @output
> > -- 6665/tcp open     irc
> > -- |  irc-info: Server: target.example.org
> > -- |  Version: hyperion-1.0.2b(381). target.example.org
> > -- |  Lservers/Lusers: 0/4204
> > -- |  Uptime: 106 days, 2:46:30
> > -- |  Source host: source.example.org
> > -- |  Source ident: OK n=nmap
> > -- |_ Possible BotNets: #loic, #RxBot
>
> I think this didn't belong in irc-info, so I made a new script
> irc-botnet-channels. You can also give it a list of your own channel
> names.

I should mention that this script worked for me against irc.freenode.net
(when I supplied a list of my own channel names), but it didn't work
against irc.oftc.net. oftc seems to give me an empty list whenever the
LIST command contains more than one channel. Sometimes it also gives an
empty list when the LIST command contains only one channel. And
sometimes it says

:larich.oftc.net 263 nick :Server load is temporarily too heavy. Please wait a while and try again.

(This last response only happened when I was testing manually with
Ncat.) Is there perhaps a more reliable way to do this test?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/