File http-google-malware
Script types:
portrule
Categories:
malware, discovery, safe, external
Download: http://nmap.org/svn/scripts/http-google-malware.nse
User Summary
Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.
To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html
- To learn more about Google's Safe Browsing:
- To register and get your personal API key:
Script Arguments
http-google-malware.url
URL to check. Default: http/https://host
http-google-malware.api
API key for Google's Safe Browsing Lookup service
http-max-cache-size, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap -p80 --script http-google-malware <host>
Script Output
PORT STATE SERVICE 80/tcp open http |_http-google-malware.nse: Host is known for distributing malware.
Requires
Author: Paulino Calderon
License: Same as Nmap--See http://nmap.org/book/man-legal.html
