stuxnet-detect
脚本使用类型:
hostrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/stuxnet-detect.nse
Detects whether a host is infected with the Stuxnet worm (http://en.wikipedia.org/wiki/Stuxnet).
An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line.
Path to save Stuxnet executable under, with
%h
replaced by the host's IP address, and %v
replaced by the version of Stuxnet.
执行格式
nmap --script stuxnet-detect -p 445 <host>
PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack Host script results: |_stuxnet-detect: INFECTED (version 4c:04:00:00:01:00:00:00)
Author: Mak Kolybabi
License: VER007 整理 http://www.ver007.com