Sneed-Reactivity/yara-mikesxrs/AirBnB/hacktool_multi_masscan.yara

18 lines
805 B
Text
Raw Normal View History

rule hacktool_multi_masscan
{
meta:
description = "masscan is a performant port scanner, it produces results similar to nmap"
reference = "https://github.com/robertdavidgraham/masscan"
author = "@mimeframe"
strings:
$a1 = "EHLO masscan" fullword wide ascii
$a2 = "User-Agent: masscan/" wide ascii
$a3 = "/etc/masscan/masscan.conf" fullword wide ascii
$b1 = "nmap(%s): unsupported. This code will never do DNS lookups." wide ascii
$b2 = "nmap(%s): unsupported, we do timing WAY different than nmap" wide ascii
$b3 = "[hint] I've got some local priv escalation 0days that might work" wide ascii
$b4 = "[hint] VMware on Macintosh doesn't support masscan" wide ascii
condition:
all of ($a*) or any of ($b*)
}