Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
HercBeetle
Result Serialization
"========"
begin RC4 encrypted block
0x11111111[FILETIME timestamp][null-terminated configuration string]
The following is repeated for each scan target
[DWORD address][BYTE protocol{7..4}/state{3..0}]...
if protocol is IP: [WORD port][WORD scan script id](if scan scrip id !=0 and state is success or fail)[WORD banner len][(banner len)BYTEs banner]
if protocol is ICMPInternet Control Message Protocol and state is SUCCESS: [BYTE ttl][WORD rtt]