Nmap dns-zeustracker NSE Script
This page contains detailed information about how to use the dns-zeustracker NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/dns-zeustracker.nse
Script categories: safe, discovery, external, malware
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Script Description
The dns-zeustracker.nse script checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch. Please review the following information before you start to scan:
Dns-zeustracker NSE Script Arguments
The dns-zeustracker.nse script does not have any arguments.
Dns-zeustracker NSE Script Example Usage
Here's an example of how to use the dns-zeustracker.nse script:
nmap -sn -PN --script=dns-zeustracker <ip>
Dns-zeustracker NSE Script Example Output
Here's a sample output from the dns-zeustracker.nse script:
Host script results:
| dns-zeustracker:
| Name IP SBL ASN Country Status Level Files Online Date added
| foo.example.com 1.2.3.4 SBL123456 1234 CN online Bulletproof hosted 0 2011-06-17
|_ bar.example.com 1.2.3.5 SBL123456 1234 CN online Bulletproof hosted 0 2011-06-15
Dns-zeustracker NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Mikael Keri
References
- https://nmap.org/nsedoc/scripts/dns-zeustracker.html
- https://github.com/nmap/nmap/tree/master/scripts/dns-zeustracker.nse
- https://zeustracker.abuse.ch/ztdns.php
See Also
Related NSE scripts to the dns-zeustracker.nse script:
- dns-blacklist.nse
- dns-brute.nse
- dns-cache-snoop.nse
- dns-check-zone.nse
- dns-client-subnet-scan.nse
- dns-fuzz.nse
- dns-ip6-arpa-scan.nse
- dns-nsec3-enum.nse
- dns-nsec-enum.nse
- dns-nsid.nse
- dns-random-srcport.nse
- dns-random-txid.nse
- dns-recursion.nse
- dns-service-discovery.nse
- dns-srv-enum.nse
- dns-update.nse
- dns-zone-transfer.nse
Visit Nmap NSE Library for more scripts.
The dns-zeustracker.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
DNS Query failed
Here is a relevant code snippet related to the "DNS Query failed" error message:
43: local status, result = dns.query(dname, {dtype='TXT', retAll=true} )
44:
45: if ( not(status) and result == "No Such Name" ) then
46: return
47: elseif ( not(status) ) then
48: return stdnse.format_output(false, "DNS Query failed")
49: end
50:
51: local output = tab.new(9)
52: tab.addrow(output, "Name", "IP", "SBL", "ASN", "Country", "Status", "Level",
53: "Files Online", "Date added")
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
