Nmap Development mailing list archives

Re: issue with script header in SMTP_openrelay_test.nse

From: Fyodor <fyodor () insecure org>
Date: Tue, 22 May 2007 00:50:32 -0700

On Thu, May 17, 2007 at 09:23:10AM -0300, Arturo 'Buanzo' Busleiman wrote:

Thanks Jason, for the report, and Arturo for the patch.


My pleasure. Did you finally use open relay / open proxy nse scripts at your talk?


Yes, James and I did use your open proxy script during our Nmap
classes before CanSecWest.

I have applied the patch to SVN, but I have concerns about the way it uses

[...] Or maybe you have another idea?

Yes, make the domain/user configurable. The open relay test usually depends on what one wants to
accomplish. I used insecure.org so you'd notice it someday, so we start discussing it.


Do you have ideas as to how we can keep the functionality of this
script without hardcoding in real domains?  Do you think the script
would still work with things like example.org?  Do you think you could
check what other scanners such as Nessus or special purpose SMTP relay
checkers do?  While it is great to provide the option, I'm afraid we
can't count on most users configuring any of this themselves.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

issue with script header in SMTP_openrelay_test.nse DePriest, Jason R. (May 16)
- Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 16)
  - Re: issue with script header in SMTP_openrelay_test.nse Fyodor (May 16)
    - Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 17)
    - Re: issue with script header in SMTP_openrelay_test.nse Fyodor (May 22)
    - Re: issue with script header in SMTP_openrelay_test.nse Arturo 'Buanzo' Busleiman (May 23)