The NMAP command you can use scan for the Conficker virus on your LAN

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
This was posted on reddit. replace with the IP's you want to check.

By: cowholio4
2009-03-31 15:15:17

What Others Think

it looks like missing something in the command. target specification?
alperyilmaz · 583 weeks and 3 days ago
How could one have a copy of the smb-check-vulns scripts ? My local nmap installation (version 4.68) does not come with one bundled.
andrelop · 583 weeks and 3 days ago
@alperyilmaz thanks i added that...
cowholio4 · 583 weeks and 3 days ago
@andrelop You can download it or build from source
cowholio4 · 583 weeks and 3 days ago
If you get this: SCRIPT ENGINE: error while initializing script rules: No such category, file or directory: 'smb-check-vulns' You need this:
hm2k · 583 weeks and 2 days ago
You MUST get nmap-4.85BETA5 because earlier versions won't scan for Conficker. Install info: bzip2 -cd nmap-4.85BETA6.tar.bz2 | tar xvf - cd nmap-4.85BETA6 ./configure make su root make install
messo · 583 weeks and 2 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: