PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-11 02:09:03 +00:00
Code Issues Projects Releases Wiki Activity

latest version from Arturo Busleiman

Browse Source
This commit is contained in:
fyodor
2007-05-17 02:48:44 +00:00
parent 1a4d120fcb
commit ce2c7f7208
1 changed files with 41 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
scripts/SMTP_openrelay_test.nse
View File

@@ -1,17 +1,21 @@
-- Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> / www.buanzo.com.ar / linux-consulting.buanzo.com.ar -- Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> / www.buanzo.com.ar / linux-consulting.buanzo.com.ar
-- See Nmap'ss COPYING file for licence details -- See Nmap's COPYING file for licence details
-- This is version 20060927. -- This is version 20070516.
-- Changelog: + Added some strings to return in different places. -- Changelog: + Added some strings to return in different places.
-- * Changed "HELO www.insecure.org" to "EHLO insecure.org". -- * Changed "HELO www.insecure.org" to "EHLO insecure.org".
-- * Fixed some API differences
-- * The "ourdomain" variable's contents are used instead of hardcoded "insecure.org". Settable by the user.
-- * Fixed tags -> categories (reported by Jason DePriest to nmap-dev)
id="Open Relay SMTP" id="Open Relay SMTP"
description="Checks to see if a SMTP server is an open relay" description="Checks to see if a SMTP server is an open relay"
tags = {"intrusive"} categories = {"intrusive"}
ourdomain="insecure.org"
portrule = function(host, port) portrule = function(host, port)
if (port.number == 25 if (port.number == 25
or port.service == "smtp") or port.service == "smtp")
and port.state == "open"
and port.protocol == "tcp" and port.protocol == "tcp"
then then
return true return true
@@ -29,19 +33,19 @@ action = function(host, port)
local tor = {} local tor = {}
local i local i
local catch = function() socket:set_timeout(10000);
socket:connect(host.ip, port.number, port.protocol)
status, result = socket:receive_lines(1)
if (result == "TIMEOUT") then
socket:close() socket:close()
return "Timeout. Try incresing settimeout, or enhance this."
end end
local try = nmap.new_try(catch)
try(socket:connect(host.ip, port.number, port.protocol))
result = try(socket:receive_lines(1))
-- Introduce ourselves... -- Introduce ourselves...
try(socket:send("EHLO insecure.org\n")) socket:send("EHLO "..ourdomain.."\r\n")
result = try(socket:receive_lines(1)) status, result = socket:receive_lines(1)
-- close socket and return if there's an smtp status code != 250 -- close socket and return if there's an smtp status code != 250
if not string.match(result, "^250") then if not string.match(result, "^250") then
@@ -61,22 +65,22 @@ action = function(host, port)
end end
-- Now that we have the mailservername, fill in the tor table -- Now that we have the mailservername, fill in the tor table
tor[0] = {f = "MAIL FROM:<spamtest@insecure.org>",t="RCPT TO:<relaytest@insecure.org>"} tor[0] = {f = "MAIL FROM:<spamtest@"..ourdomain..">",t="RCPT TO:<relaytest@"..ourdomain..">"}
tor[1] = {f = "MAIL FROM:<>",t="RCPT TO:<relaytest@insecure.org>"} tor[1] = {f = "MAIL FROM:<>",t="RCPT TO:<relaytest@"..ourdomain..">"}
tor[2] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest@insecure.org>"} tor[2] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest@"..ourdomain..">"}
tor[3] = {f = "MAIL FROM:<spamtest@" .. mailservername .. ">",t="RCPT TO:<relaytest@insecure.org>"} tor[3] = {f = "MAIL FROM:<spamtest@" .. mailservername .. ">",t="RCPT TO:<relaytest@"..ourdomain..">"}
tor[4] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest%insecure.org@[" .. host.ip .. "]>"} tor[4] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest%"..ourdomain.."@[" .. host.ip .. "]>"}
tor[5] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest%insecure.org@" .. mailservername .. ">"} tor[5] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest%"..ourdomain.."@" .. mailservername .. ">"}
tor[6] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<\"relaytest@insecure.org\">"} tor[6] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<\"relaytest@"..ourdomain.."\">"}
tor[7] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<\"relaytest%insecure.org\">"} tor[7] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<\"relaytest%"..ourdomain.."\">"}
tor[8] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest@insecure.org@[" .. host.ip .. "]>"} tor[8] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest@"..ourdomain.."@[" .. host.ip .. "]>"}
tor[9] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<\"relaytest@insecure.org\"@[" .. host.ip .. "]>"} tor[9] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<\"relaytest@"..ourdomain.."\"@[" .. host.ip .. "]>"}
tor[10] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest@insecure.org@" .. mailservername .. ">"} tor[10] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<relaytest@"..ourdomain.."@" .. mailservername .. ">"}
tor[11] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<@[" .. host.ip .. "]:relaytest@insecure.org>"} tor[11] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<@[" .. host.ip .. "]:relaytest@"..ourdomain..">"}
tor[12] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<@" .. mailservername .. ":relaytest@insecure.org>"} tor[12] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<@" .. mailservername .. ":relaytest@"..ourdomain..">"}
tor[13] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<insecure.org!relaytest>"} tor[13] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<"..ourdomain.."!relaytest>"}
tor[14] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<insecure.org!relaytest@[" .. host.ip .. "]>"} tor[14] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<"..ourdomain.."!relaytest@[" .. host.ip .. "]>"}
tor[15] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<insecure.org!relaytest@" .. mailservername .. ">"} tor[15] = {f = "MAIL FROM:<spamtest@[" .. host.ip .. "]>",t="RCPT TO:<"..ourdomain.."!relaytest@" .. mailservername .. ">"}
i = -1 i = -1
@@ -88,20 +92,20 @@ action = function(host, port)
-- print (tor[i]["f"] .. " -> " .. tor[i]["t"]) -- print (tor[i]["f"] .. " -> " .. tor[i]["t"])
-- first, issue a RSET -- first, issue a RSET
try(socket:send("RSET\n")) socket:send("RSET\r\n")
result = try(socket:receive_lines(1)) status, result = socket:receive_lines(1)
if not string.match(result, "^250") then if not string.match(result, "^250") then
socket:close() socket:close()
return "RSET with errors. Enable --script-trace to see what is happening." return
end end
-- send MAIL FROM.... -- send MAIL FROM....
try(socket:send(tor[i]["f"].."\n")) socket:send(tor[i]["f"].."\r\n")
result = try(socket:receive_lines(1)) status, result = socket:receive_lines(1)
if string.match(result, "^250") then if string.match(result, "^250") then
-- if we get a 250, then continue with RCPT TO: -- if we get a 250, then continue with RCPT TO:
try(socket:send(tor[i]["t"].."\n")) socket:send(tor[i]["t"].."\r\n")
result = try(socket:receive_lines(1)) status, result = socket:receive_lines(1)
if string.match(result, "^250") then if string.match(result, "^250") then
socket:close() socket:close()
return "OPEN RELAY found." return "OPEN RELAY found."
@@ -110,5 +114,5 @@ action = function(host, port)
end end
socket:close() socket:close()
return "Relaying denied." return
end end