Wednesday, April 1, 2009

using NMAP to Scan your entire network for Conficker

Since a signature has been discovered that conficker worm leaves
on infected machines, you can now scan a machine and ask it ,if it is infected with the conficker worm,
beta5 version of NMAP provides this ability.

follow these quick steps to scan entire networks and give them a clean
bill of health from the conficker worm.
to download and install Nmap beta 5 do the following:

bzip2 -cd nmap-4.85BETA5.tar.bz2 | tar xvf -
cd nmap-4.85BETA5


su root
make install

to Scan for conficker type the following

nmap -PN T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [target network]

nmap -PN T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1

the scan will take a while depending on the size of your network.