File `stuxnet-detect`

脚本使用类型: hostrule
脚本所属分类: discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/stuxnet-detect.nse

User Summary

Detects whether a host is infected with the Stuxnet worm (http://en.wikipedia.org/wiki/Stuxnet).

An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line.

Script Arguments

stuxnet-detect.save

Path to save Stuxnet executable under, with %h replaced by the host's IP address, and %v replaced by the version of Stuxnet.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

执行格式

nmap --script stuxnet-detect -p 445 <host>

Script Output

PORT    STATE SERVICE      REASON
445/tcp open  microsoft-ds syn-ack

Host script results:
|_stuxnet-detect: INFECTED (version 4c:04:00:00:01:00:00:00)

Requires

Author: Mak Kolybabi

License: VER007 整理 http://www.ver007.com

File stuxnet-detect