mirror of
https://github.com/nmap/nmap.git
synced 2025-12-26 01:19:03 +00:00
fea1ab7c39
discussion on nmap-dev about how best to handle these. I also updated the docs and am about to regenerate script.db. See this thread for more info: http://seclists.org/nmap-dev/2009/q3/1008.html
30 lines
735 B
Lua
30 lines
735 B
Lua
description = [[
|
|
Checks if SMTP is running on a non-standard port.
|
|
|
|
This may indicate that crackers or script kiddies have set up a backdoor on the
|
|
system to send spam or control the machine.
|
|
]]
|
|
|
|
---
|
|
-- @output
|
|
-- 22/tcp open smtp
|
|
-- |_ smtp-strangeport: Mail server on unusual port: possible malware
|
|
|
|
author = "Diman Todorov <diman.todorov@gmail.com>"
|
|
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
|
|
categories = {"malware", "safe"}
|
|
|
|
portrule = function(host, port)
|
|
return port.service == "smtp" and
|
|
port.number ~= 25 and port.number ~= 465 and port.number ~= 587
|
|
and port.protocol == "tcp"
|
|
and port.state == "open"
|
|
end
|
|
|
|
action = function()
|
|
return "Mail server on unusual port: possible malware"
|
|
end
|
|
|