Use Nmap to Detect Conficker

insecurelogo-eye-90x168I found this gem of an Nmap command yesterday. I was unable to write about this awesome command though because my site was offline. But I’m back now!

Important Notes:

You will need to download the latest version of nmap from insecure.org, or you can click here

The command:

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

Just remove [targetnetworks] and replace that value with the subnet you wish to scan. Since my gateway is 192.168.1.1, I altered the command to scan my network to look like the following:

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.1.*

Analyze the output:

A clean machine should report at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED”. For more advice, see this nmap-dev post by Brandon Enright.

  1. No comments yet.

  1. No trackbacks yet.

Unfortunately you don't have Adobe Flash-Player.... Klicken Sie hier fü kostenlosen Adobe Flash-Player.