by Paul Asadoorian
It has been a few weeks since the release of patches (and exploits) for MS08-067. We all should have had plenty of time to deploy patches to our systems and reboot for them to take effect.
How about we make sure?
Don’t have one of those expensive scanning tools? How about Nessus? Sure, Nessus is great, but how about something more lean and mean?
Nmap to the rescue!
Note: You must use the current svn version to make this work, so go get it with the following command:

svn co --username guest --password "" svn://svn.insecure.org/nmap/

sonarscreen.jpgOk, now let’s make Nmap work for us! We’ll tell Nmap to output the results to a file named for our subnet (in all 3 file formats no less), perform a SYN Scan on port 445, and execute the SMB vulnerability checking NSE script against the discovered hosts on the 192.168.1.0/24 network:

nmap -oA 192168-filename -sS -p445 --script smb-check-vulns.nse 192.168.1.0/24

Now we can take these results and verify which Windows hosts on our network require a little extra attention in the patch department.
You want fast? Fyodor will give you fast! In a live network, Nmap was able to perform the scan in just over a minute:

Nmap done: 256 IP addresses (156 hosts up) scanned in 83.53 seconds

[Editors note: Paul, what a great use of a free, simple to use tool. I'm really liking the focus on NSE expansion for Nmap! -Larry]

About the author