Closed SuperMike96 closed 4 years ago
alexandreborges
commented
4 years ago Mike,
Good morning. How are you?
The Malwoverview tool does not scan IPs, but only presents them from reports. No doubts, nmap continue being the best tool for scanning.
Certainly, I won't include scanning capabilities into Malwoverview, but other options to gather additional information on IPs will be added.
I hope you have an excellent day, Mike.
Alexandre.
SuperMike96
commented
4 years ago Hey, Alexandre
Nice to talk to you.
The reason of scanning IPs is that I'd like to know how many websites define the IPs is malware or anything else. Not aim to scan the port states. In fact, my final goals is judging the IP whether C2 or not.
Have a good day MIke
alexandreborges
commented
4 years ago Mike,
I've understood your point. In this case, the proposal offered by Malwoverview comes to another side: the malware has been run inside a sandbox and, through a dynamic analysis, it was established a communication to the remote IP addresses.
Thus, if some IPs are being reported and logged, so there're a pretty good certain of being malicious and related to the malware's activities (C2 or something else). Eventually, it is not possible to exactly to distinguish between a real C2 or some else malicious communication, but they are all malicious communications.
Have an excellent day, Mike.
Alexandre.
I had a bunch of IP address which need to be scan. But I didn't found any command can do it. Am I missing the command or the script doesn't support it ?