Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.
To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html
- To learn more about Google's Safe Browsing:
- To register and get your personal API key:
URL to check. Default:
API key for Google's Safe Browsing Lookup service
slaxml.debugSee the documentation for the slaxml library.
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragentSee the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
nmap -p80 --script http-google-malware <host>
PORT STATE SERVICE 80/tcp open http |_http-google-malware.nse: Host is known for distributing malware.
License: Same as Nmap--See https://nmap.org/book/man-legal.html