o [NSE] Added the script imap-brute that performs brute force password

auditing against IMAP servers. [Patrik] o [NSE] Updated IMAP library to support authentication using both plain-text and the SASL library. [Patrik]
2025-12-15 20:29:03 +00:00 · 2011-07-21 06:14:02 +00:00
parent 222e8b9e42
commit 0453f89779
4 changed files with 283 additions and 39 deletions
--- a/scripts/imap-capabilities.nse
+++ b/scripts/imap-capabilities.nse
@@ -24,7 +24,14 @@ require 'stdnse'
 portrule = shortport.port_or_service({143}, "imap")

 action = function(host, port)
-  local capa, err = imap.capabilities(host, port)
+  local helper = imap.Helper:new(host, port)
+  local status = helper:connect()
+  if ( not(status) ) then return "\n  ERROR: Failed to connect to server" end
+
+  local status, capa = helper:capabilities(host, port)
+  if( not(status) ) then return "\n  ERROR: Failed to retrieve capabilities" end
+  helper:close()
+
  if type(capa) == "table" then
     -- Convert the capabilities table into an array of strings.
     local capstrings = {}
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -92,6 +92,7 @@ Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", }
 Entry { filename = "http-vmware-path-vuln.nse", categories = { "default", "safe", "vuln", } }
 Entry { filename = "http-wp-plugins.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "iax2-version.nse", categories = { "version", } }
+Entry { filename = "imap-brute.nse", categories = { "brute", "intrusive", } }
 Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } }
 Entry { filename = "informix-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "informix-query.nse", categories = { "auth", "intrusive", } }