403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/share/nmap/scripts/dns-zeustracker.nse
local dns = require "dns"
local ipOps = require "ipOps"
local stdnse = require "stdnse"
local stringaux = require "stringaux"
local tab = require "tab"
local table = require "table"

description = [[
Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch.
Please review the following information before you start to scan:
* https://zeustracker.abuse.ch/ztdns.php
]]

---
-- @usage
-- nmap -sn -PN --script=dns-zeustracker <ip>
-- @output
-- Host script results:
-- | dns-zeustracker:
-- |   Name                IP        SBL         ASN    Country  Status   Level               Files Online  Date added
-- |   foo.example.com     1.2.3.4   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-17
-- |_  bar.example.com     1.2.3.5   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-15

author = "Mikael Keri"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"safe", "discovery", "external", "malware"}



hostrule = function(host) return not(ipOps.isPrivate(host.ip)) end

action = function(host)

  local levels = {
    "Bulletproof hosted",
    "Hacked webserver",
    "Free hosting service",
    "Unknown",
    "Hosted on a FastFlux botnet"
  }
  local dname = dns.reverse(host.ip)
  dname = dname:gsub ("%.in%-addr%.arpa",".ipbl.zeustracker.abuse.ch")
  local status, result = dns.query(dname, {dtype='TXT', retAll=true} )

  if ( not(status) and result == "No Such Name" ) then
    return
  elseif ( not(status) ) then
    return stdnse.format_output(false, "DNS Query failed")
  end

  local output = tab.new(9)
  tab.addrow(output, "Name", "IP", "SBL", "ASN", "Country", "Status", "Level",
    "Files Online", "Date added")
  for _, record in ipairs(result) do
    local name, ip, sbl, asn, country, status, level, files_online,
      dateadded = table.unpack(stringaux.strsplit("| ", record))
    level = levels[tonumber(level)] or "Unknown"
    tab.addrow(output, name, ip, sbl, asn, country, status, level, files_online, dateadded)
  end
  return stdnse.format_output(true, tab.dump(output))
end

Youez - 2016 - github.com/yon3zu
LinuXploit