Script http-google-malware

Script types: portrule
Categories: malware, discovery, safe, external
Download: https://svn.nmap.org/nmap/scripts/http-google-malware.nse

Script Summary

Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.

To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html

  • To learn more about Google's Safe Browsing:
http://code.google.com/apis/safebrowsing/

  • To register and get your personal API key:
http://code.google.com/apis/safebrowsing/key_signup.html

Script Arguments

http-google-malware.url

URL to check. Default: http/https://host

http-google-malware.api

API key for Google's Safe Browsing Lookup service

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-google-malware <host>

Script Output

PORT   STATE SERVICE
80/tcp open  http
|_http-google-malware.nse: Host is known for distributing malware.

Requires


Author:

  • Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

host
 
port