Scanning for Conficker using Nmap under Gentoo Linux

Ewald — Mon, 18 May 2009 20:53:08 +0000

Well, that was what I wanted. I know, Conficker was hot months ago. But hey, I’m not often around Windows machines and I thought that while I was, I might just as well scan my parents’s network.

So there I was with my little netbook, most recent Nmap (nmap-4.85_beta8) loaded, ready to go. A quick Google search taught me the right command.

But it failed.

nmap: unrecognized option '--script' [snip: followed by regular nmap --help output]

Eh?

As my thinking was suspended, I went for Google to find me the culprit responsible for this error. No results. What? Ah, well, this is just why I wanted my own blog: to enhance Google with yet unknown knowledge (or knowledge previously only available in obscure languages). Now only to find the solution…

Turns out it was actually rather simple: compile Nmap with the lua USE flag. Yes, that’s all.

OPEN PACKAGE.USE
nano /etc/portage/package.use
AND INSERT
net-analyzer/nmap lua
OR ON A TERMINAL ENTER
echo "net-analyzer/nmap lua" >> /etc/portage/package.use

After this you’re good to go.

While I’m at it, let’s leave you with the recommended scan options at the moment of writing:

#Source: Nmap changelog o Recommended command for a fast Conficker scan (combine into 1 line): nmap -p139,445 --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args checkconficker=1,safe=1 -T4 [target networks] o Recommended command for a more comprehensive (but slower) scan: nmap --script p2p-conficker,smb-os-discovery,smb-check-vulns -p- --script-args checkall=1,safe=1 -T4 [target networks]

ewald.tienkamp.nl » Mobile

Scanning for Conficker using Nmap under Gentoo Linux