403Webshell
Server IP : 101.53.144.229  /  Your IP : 216.73.216.181
Web Server : Apache
System : Linux host.gdigitalindia.in 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : digitalshiksha ( 1179)
PHP Version : 5.6.40
Disable Function : eval,show_source,system,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,show_source,curl_multi_exechellcmd, ini_restore,apache_get_modules,get_cfg_var,passthru, exec ,proc_get_status,fpassthru,c999_buff_prepare,c999_sess_put,c99_buff_prepare,c99_sess_put,proc_close,ini_alter,dl,symlink,link,proc_close,ini_alter,dl,symlink,link,mail
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/nmap/scripts/dns-zeustracker.nse
local dns = require "dns"
local ipOps = require "ipOps"
local stdnse = require "stdnse"
local tab = require "tab"
local table = require "table"

description = [[
Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch.
Please review the following information before you start to scan:
* https://zeustracker.abuse.ch/ztdns.php
]]
 
---
-- @usage
-- nmap -sn -PN --script=dns-zeustracker <ip>
-- @output
-- Host script results:
-- | dns-zeustracker: 
-- |   Name                IP        SBL         ASN    Country  Status   Level               Files Online  Date added
-- |   foo.example.com     1.2.3.4   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-17
-- |_  bar.example.com     1.2.3.5   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-15
 
author = "Mikael Keri"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe", "discovery", "external", "malware"}
 


hostrule = function(host) return not(ipOps.isPrivate(host.ip)) end

action = function(host)

	local levels = {
		"Bulletproof hosted", 
		"Hacked webserver",
		"Free hosting service",
		"Unknown",
		"Hosted on a FastFlux botnet"
	}
	local dname = dns.reverse(host.ip)
	dname = dname:gsub ("%.in%-addr%.arpa",".ipbl.zeustracker.abuse.ch")
	local status, result = dns.query(dname, {dtype='TXT', retAll=true} )

	if ( not(status) and result == "No Such Name" ) then
		return
	elseif ( not(status) ) then
		return stdnse.format_output(false, "DNS Query failed")
	end

	local output = tab.new(9)
	tab.addrow(output, "Name", "IP", "SBL", "ASN", "Country", "Status", "Level",
		"Files Online", "Date added")
	for _, record in ipairs(result) do
		local name, ip, sbl, asn, country, status, level, files_online, 
			dateadded = table.unpack(stdnse.strsplit("| ", record))
		level = levels[tonumber(level)] or "Unknown"
		tab.addrow(output, name, ip, sbl, asn, country, status, level, files_online, dateadded)
	end
	return stdnse.format_output(true, tab.dump(output))
end

Youez - 2016 - github.com/yon3zu
LinuXploit