18 lines
805 B
Text
18 lines
805 B
Text
|
rule hacktool_multi_masscan
|
||
|
{
|
||
|
meta:
|
||
|
description = "masscan is a performant port scanner, it produces results similar to nmap"
|
||
|
reference = "https://github.com/robertdavidgraham/masscan"
|
||
|
author = "@mimeframe"
|
||
|
strings:
|
||
|
$a1 = "EHLO masscan" fullword wide ascii
|
||
|
$a2 = "User-Agent: masscan/" wide ascii
|
||
|
$a3 = "/etc/masscan/masscan.conf" fullword wide ascii
|
||
|
$b1 = "nmap(%s): unsupported. This code will never do DNS lookups." wide ascii
|
||
|
$b2 = "nmap(%s): unsupported, we do timing WAY different than nmap" wide ascii
|
||
|
$b3 = "[hint] I've got some local priv escalation 0days that might work" wide ascii
|
||
|
$b4 = "[hint] VMware on Macintosh doesn't support masscan" wide ascii
|
||
|
condition:
|
||
|
all of ($a*) or any of ($b*)
|
||
|
}
|