Conflicker + Network Scanner?

marley1

Supreme [H]ardness
Joined
Jul 18, 2000
Messages
5,447
Anyone got one? I see a few python ones, I just want a EXE to run or something.

Anyone know of any?

All of my clients are ESET 2.7, 3, or 4.
 
sorry didn't even look up there, already ran this, thanks =)
 
links on doxpara on how to do an svn update on nmap installed from source, they've built it in.
 
My Method:

1. Get Nmap/Zenmap - http://nmap.org/download.html

2. Run the following sweep across your network, replacing "192.168.1.0 /24" with your network information:
  • nmap -p 445 -d --script smb-check-vulns --script-args safe=1 192.168.1.0 /24

3. Results are as follows:
  • Host script results:
    | smb-check-vulns:
    | MS08-067: NOT RUN
    | Conficker: Likely INFECTED
    |_ regsvc DoS: NOT RUN (add –script-args=unsafe=1 to run)
    –
    Alternatively, it might say “Likely CLEAN”.

4. Give props to those writing code to help us all out.


Hope this helps you guys out, as we all prep for what may come.
 
@ blk95civicex

How did you parse the output from nmap? It gives great output, but I'd like to compile a list of unpatched systems, I just want:

Host: Hostname
Host script results:
| MS08-067: NOT RUN

instead of :

Host hostname.domain.com (172.17.8.42) appears to be up ... good.

Scanned at 2009-03-30 20:11:57 Canada Central Standard Time for 5s

Interesting ports on hostname.domain.com (172.17.8.42):

PORT STATE SERVICE REASON

445/tcp open microsoft-ds syn-ack

MAC Address: XX:XX:XX:XX:XX:XX (Dell)



Host script results:

| smb-check-vulns:

| MS08-067: NOT RUN

| Conficker: Likely CLEAN

|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

Final times for host: srtt: 0 rttvar: 3750 to: 100000




across 300+ systems, it's a big log...
 
I have a couple subnets, so I did them one at a time, and just tossed the results into a text file and did a find on "Likely INFECTED". It's a pretty dirty search, but it worked for what I wanted to find.
 
I have a couple subnets, so I did them one at a time, and just tossed the results into a text file and did a find on "Likely INFECTED". It's a pretty dirty search, but it worked for what I wanted to find.

Yea, I've just been asked to enumerate which hosts need the patch applied, so I wanted an easy way to quickly reference and make myself a to-do list to hand to the helpdesk guys. I imported the nmap generated xml file into excel but it leaves out the information i need, I should probably look into why if does that, but I figured someone might have a good idea I haven't thought of yet :)

For now I've got it open in notepad++ with the requisite information highlighted, that might just have to do :)
 
Back
Top