Scan com Nmap com detector de Conficker

nmap -v --script=smb-check-vulns --script-args=unsafe=1 ip_a_ser_scaneado

ou mais simples

nmap -v --script=smb-check-vulns ip_a_ser_scaneado

Abaixo exemplo de uma saída do comando acima para uma máquina infectada:

Starting Nmap 5.00 ( http://nmap.org ) at 2010-05-05 11:37 BRT
NSE: Loaded 1 scripts for scanning.
Initiating Ping Scan at 11:37
Scanning 192.168.0.86 [2 ports]
Completed Ping Scan at 11:37, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:37
Completed Parallel DNS resolution of 1 host. at 11:38, 6.51s elapsed
Initiating Connect Scan at 11:38
Scanning cpl01.seinfra.net (192.168.0.86) [1000 ports]
Discovered open port 80/tcp on 192.168.0.86
Discovered open port 443/tcp on 192.168.0.86
Discovered open port 135/tcp on 192.168.0.86
Discovered open port 445/tcp on 192.168.0.86
Discovered open port 139/tcp on 192.168.0.86
Completed Connect Scan at 11:38, 1.17s elapsed (1000 total ports)
NSE: Script scanning 192.168.0.86.
NSE: Starting runlevel 2 scan
Initiating NSE at 11:38
Completed NSE at 11:38, 10.23s elapsed
NSE: Script Scanning completed.
Host cpl01.seinfra.net (192.168.0.86) is up (0.00077s latency).
Interesting ports on cpl01.seinfra.net (192.168.0.86):
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds

Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely CLEAN
|_ regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 17.98 seconds