Conflicker + Network Scanner?

marley1

Supreme [H]ardness
Joined
Jul 18, 2000
Messages
5,447
Anyone got one? I see a few python ones, I just want a EXE to run or something.

Anyone know of any?

All of my clients are ESET 2.7, 3, or 4.
 

marley1

Supreme [H]ardness
Joined
Jul 18, 2000
Messages
5,447
sorry didn't even look up there, already ran this, thanks =)
 

Berg0

[H]ard|Gawd
Joined
May 16, 2005
Messages
1,038
links on doxpara on how to do an svn update on nmap installed from source, they've built it in.
 

blk95civicex

Limp Gawd
Joined
Feb 10, 2003
Messages
170
My Method:

1. Get Nmap/Zenmap - http://nmap.org/download.html

2. Run the following sweep across your network, replacing "192.168.1.0 /24" with your network information:
  • nmap -p 445 -d --script smb-check-vulns --script-args safe=1 192.168.1.0 /24

3. Results are as follows:
  • Host script results:
    | smb-check-vulns:
    | MS08-067: NOT RUN
    | Conficker: Likely INFECTED
    |_ regsvc DoS: NOT RUN (add –script-args=unsafe=1 to run)
    –
    Alternatively, it might say “Likely CLEAN”.

4. Give props to those writing code to help us all out.


Hope this helps you guys out, as we all prep for what may come.
 

Berg0

[H]ard|Gawd
Joined
May 16, 2005
Messages
1,038
@ blk95civicex

How did you parse the output from nmap? It gives great output, but I'd like to compile a list of unpatched systems, I just want:

Host: Hostname
Host script results:
| MS08-067: NOT RUN

instead of :

Host hostname.domain.com (172.17.8.42) appears to be up ... good.

Scanned at 2009-03-30 20:11:57 Canada Central Standard Time for 5s

Interesting ports on hostname.domain.com (172.17.8.42):

PORT STATE SERVICE REASON

445/tcp open microsoft-ds syn-ack

MAC Address: XX:XX:XX:XX:XX:XX (Dell)



Host script results:

| smb-check-vulns:

| MS08-067: NOT RUN

| Conficker: Likely CLEAN

|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

Final times for host: srtt: 0 rttvar: 3750 to: 100000




across 300+ systems, it's a big log...
 

blk95civicex

Limp Gawd
Joined
Feb 10, 2003
Messages
170
I have a couple subnets, so I did them one at a time, and just tossed the results into a text file and did a find on "Likely INFECTED". It's a pretty dirty search, but it worked for what I wanted to find.
 

Berg0

[H]ard|Gawd
Joined
May 16, 2005
Messages
1,038
I have a couple subnets, so I did them one at a time, and just tossed the results into a text file and did a find on "Likely INFECTED". It's a pretty dirty search, but it worked for what I wanted to find.

Yea, I've just been asked to enumerate which hosts need the patch applied, so I wanted an easy way to quickly reference and make myself a to-do list to hand to the helpdesk guys. I imported the nmap generated xml file into excel but it leaves out the information i need, I should probably look into why if does that, but I figured someone might have a good idea I haven't thought of yet :)

For now I've got it open in notepad++ with the requisite information highlighted, that might just have to do :)
 
Top