mirror of
https://github.com/nmap/nmap.git
synced 2025-12-07 13:11:28 +00:00
7c63ab6bcd
The imap-capabilities script is mostly feature-complete but I could see adding some analysis code to warn users of non-SSL'd IMAP servers that offer STARTTLS without NOLOGIN. The imap "library" is really a joke. It does the minimum required to support getting capabilities and nothing more. IMAP requires each command to use a unique identifier like 000, 001, 002, etc. Right now the identifier is hardcoded to a001. To make a real imap library that supports logging in, and other IMAP features a state variable will have to be maintained to change the command uid. It would be nice to see the library get updated so that IMAP brute-forcing could be supported.
43 lines
1.1 KiB
Lua
43 lines
1.1 KiB
Lua
description = [[
|
|
Retrieves IMAP email server capabilities.
|
|
|
|
IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command
|
|
allows a client to ask a server what commands it supports and possibly
|
|
any site-specific policy.
|
|
]]
|
|
|
|
---
|
|
-- @output
|
|
-- 143/tcp open imap
|
|
-- |_ imap-capabilities: LOGINDISABLED IDLE IMAP4 LITERAL+ STARTTLS NAMESPACE IMAP4rev1
|
|
|
|
|
|
author = "Brandon Enright <bmenrigh@ucsd.edu>"
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
|
|
categories = {"default"}
|
|
|
|
require 'imap'
|
|
require 'shortport'
|
|
require 'stdnse'
|
|
|
|
portrule = shortport.port_or_service({143}, "imap")
|
|
|
|
action = function(host, port)
|
|
local capa, err = imap.capabilities(host, port)
|
|
if type(capa) == "table" then
|
|
-- Convert the capabilities table into an array of strings.
|
|
local capstrings = {}
|
|
local cap, args
|
|
for cap, args in pairs(capa) do
|
|
table.insert(capstrings, cap)
|
|
end
|
|
return stdnse.strjoin(" ", capstrings)
|
|
elseif type(err) == "string" then
|
|
stdnse.print_debug(1, "%s: '%s' for %s", filename, err, host.ip)
|
|
return
|
|
else
|
|
return "server doesn't support CAPABILITIES"
|
|
end
|
|
end
|