PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
bb8be37ecea8d11f5093e085bd637afbe7029cc3
nmap/scripts/auth-spoof.nse
fyodor c73dfd173a o Renamed irc-zombie.nse to auth-spoof and improved its description 
and output a bit. [Fyodor]
2008-11-06 21:58:29 +00:00

31 lines
705 B
Lua
Raw Blame History

description = [[
Checks for an identd (auth) server which is spoofing its replies.
Tests whether an identd (auth) server responds with an answer before
we even send the query. This sort of identd spoofing can be a sign of
malware infection though it can also be used for legitimate privacy
reasons.
]]
author = "Diman Todorov <diman.todorov@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"malware"}
require "comm"
require "shortport"
portrule = shortport.port_or_service(113, "auth")
action = function(host, port)
local status, owner = comm.get_banner(host, port, {lines=1})
if not status then
return
end
return "Spoofed reply: " .. owner
end
Reference in New Issue View Git Blame Copy Permalink