Script `dns-zeustracker`

Script types: hostrule
Categories: safe, discovery, external, malware
Download: https://svn.nmap.org/nmap/scripts/dns-zeustracker.nse

Script Summary

Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch. Please review the following information before you start to scan:

https://zeustracker.abuse.ch/ztdns.php

Example Usage

nmap -sn -PN --script=dns-zeustracker <ip>

Script Output

Host script results:
| dns-zeustracker:
|   Name                IP        SBL         ASN    Country  Status   Level               Files Online  Date added
|   foo.example.com     1.2.3.4   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-17
|_  bar.example.com     1.2.3.5   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-15

Requires

dns
ipOps
stdnse
stringaux
tab
table

Author:

Mikael Keri

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Script dns-zeustracker

Script Summary

Example Usage

Script Output

Requires

Script `dns-zeustracker`