Script `http-google-malware`

Script types: portrule
Categories: malware, discovery, safe, external
Download: https://svn.nmap.org/nmap/scripts/http-google-malware.nse

Script Summary

Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.

To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html

To learn more about Google's Safe Browsing:

http://code.google.com/apis/safebrowsing/

To register and get your personal API key:

http://code.google.com/apis/safebrowsing/key_signup.html

Script Arguments

http-google-malware.url: URL to check. Default: http/https://host
http-google-malware.api: API key for Google's Safe Browsing Lookup service
slaxml.debug: See the documentation for the slaxml library.
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent: See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername: See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-google-malware <host>

Script Output

PORT   STATE SERVICE
80/tcp open  http
|_http-google-malware.nse: Host is known for distributing malware.

Requires

Author:

Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

host
port

Script http-google-malware