Scripts
| auth-spoof |
Checks for an identd (auth) server which is spoofing its replies. |
| dns-zeustracker |
Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch. Please review the following information before you start to scan: |
| ftp-proftpd-backdoor |
Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID 69562. This script attempts to exploit the backdoor using the innocuous |
| ftp-vsftpd-backdoor |
Tests for the presence of the vsFTPd 2.3.4 backdoor reported on 2011-07-04
(CVE-2011-2523). This script attempts to exploit the backdoor using the
innocuous |
| http-google-malware |
Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service. |
| http-malware-host |
Looks for signature of known server compromises. |
| http-virustotal |
Checks whether a file has been determined as malware by Virustotal. Virustotal is a service that provides the capability to scan a file or check a checksum against a number of the major antivirus vendors. The script uses the public API which requires a valid API key and has a limit on 4 queries per minute. A key can be acquired by registering as a user on the virustotal web page: |
| irc-unrealircd-backdoor |
Checks if an IRC server is backdoored by running a time-based command (ping) and checking how long it takes to respond. |
| smtp-strangeport |
Checks if SMTP is running on a non-standard port. |