ZmbScap - Zombie Scapper

Stop DDoS programs.

The zombie scapper is an automated perl tool for detecting and stopping distributed
denial of service programs. The tool automatically searches and scans the desired target
for programs by looking for the ports that are used by the zombie masters. It stops the zombie
masters by sending a kill/stop trigger. Detects/Kills the following programs

Stacheldhart Version 1
Stacheldhart Version 2
Wintrinoo
Mstream
Tribal Flood Network
Trinoo
Shaft
Trinitinty
Entitee

Requires Net::RawIP and Net::Ping (optional) perl modules


zmbscap -  Zombie Scapper v0.1.
Copyright (C) Metaeye Security Group - http://zmbscap.sourceforge.net.
http://www.metaeye.org

usage: zmbscap.pl -h <target> [-i <interface>] [-n <hits>] [-t <timeout>]
          <target> : ip address or hostname to scan.
          <interface> : interface to use for sending packets, default eth0.
          <hits> : no of times to send kill packets, default 1.
          <timeout> : communication timeout in seconds, default 3 seconds.

example:

$ perl zmbscap.pl -h 172.31.1.3 -i eth0 -n 2 -t 3
zmbscap -  Zombie Scapper v0.1.
Copyright (C) Metaeye Security Group - http://zmbscap.sourceforge.net.
http://www.metaeye.org

[+] Pinging host 172.31.1.3.
[+] Host is up.

[+] Scanning host 172.31.1.3 using interface eth0.

[+] Detected possible infection: Trinoo.
[+] Trying to kill Trinoo.
[+] Kill packet sent 2 time(s).

[+] Detected possible infection: Shaft.
[+] Trying to kill Shaft.
[+] Kill packet sent 2 time(s).

zmbscap is licensed under GPLv2.
Current version of zmbscap is 0.1. zmbscap releases can be downloaded here.