Read Me

zmbscap  - Zombie Scapper v0.1
           http://zmbscap.sourceforge.net
           
Copyright (C) Metaeye Security Group (contact@metaeye.org)
                 http://www.metaeye.org
                                  
The zombie scapper is an automated perl tool for detecting and stopping
distributed denial of service programs. The tool automatically searches
and scans the desired target for programs by looking for the ports that
are used by the zombie masters. It stops the zombie masters by
sending a kill/stop trigger. Detects/Kills the following programs


1. Stacheldhart Version 1
2. Stacheldhart Version 2
3. Wintrinoo
4. Tribal Flood Network
5. Trinoo
6. Shaft
7. Mstream
8. Trinitinty
9. Entitee

Requires Net::RawIP and Net::Ping (optional) perl modules.

usage: zmbscap.pl -h <target> [-i <interface>] [-n <hits>] [-t <timeout>]
          <target> : ip address or hostname to scan.
          <interface> : interface to use for sending packets, default eth0.
          <hits> : no of times to send kill packets, default 1.
          <timeout> : communication timeout in seconds, default 3 seconds.


example:

$ perl zmbscap.pl -h 172.31.1.3 -i eth0 -n 2 -t 3

[+] Pinging host 172.31.1.3.
[+] Host is up.

[+] Scanning host 172.31.1.3 using interface eth0.

[+] Detected possible infection: Trinoo.
[+] Trying to kill Trinoo.
[+] Kill packet sent 2 time(s).

[+] Detected possible infection: Shaft.
[+] Trying to kill Shaft.
[+] Kill packet sent 2 time(s).

Send bugs, suggestions, flames to contact@metaeye.org.