Re: conficker scan

[David Fifield <david () bamsoftware com>]

On Tue, Mar 31, 2009 at 06:47:25PM +0000, Joshua Kaplan wrote:
> I am trying to run the command line that Brandon specified on the "How
> to use NMap to scan very large networks" page.
>
> Firstly, it seems that Brandon is using *nix, since his command line
> begins with 'sudo', while I am running on XP. I don't know if that
> matters to the rest of the command line.
>
> Next, I am using the Zenmap GUI.
>
> I don't see any 'Host script results' section in the output.

You will want to use the same command line Brandon quoted, without the
"sudo" and optionally without the "-oA conficker_scan":

nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64

(The reason you don't need the "-oA conficker_scan" is that you can save
the scan results in Zenmap when the scan is finished, but if you use
"-oA" then Zenmap will write its file to the name you give.)

If you don't see "Host script results" then it means you left off the
"--script=smb-check-vulns --script-args=safe=1" options.

You could even enter the above command in the Zenmap profile editor and
save it as a profile. That will make it easy to run the same command
against several networks.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org