File stuxnet-detect
Script types:
hostrule
Categories:
discovery, intrusive
Download: http://nmap.org/svn/scripts/stuxnet-detect.nse
User Summary
Detects whether a host is infected with the Stuxnet worm (http://en.wikipedia.org/wiki/Stuxnet).
An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line.
Script Arguments
stuxnet-detect.save
Path to save Stuxnet executable under, with
%h replaced by the host's IP address, and %v
replaced by the version of Stuxnet.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.Example Usage
nmap --script stuxnet-detect -p 445 <host>
Script Output
PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack Host script results: |_stuxnet-detect: INFECTED (version 4c:04:00:00:01:00:00:00)
Requires
Author: Mak Kolybabi
License: Same as Nmap--See http://nmap.org/book/man-legal.html