Nmap Development mailing list archives
Re: Last call for smtp-open-relay.nse - help needed
From: Duarte Silva <duartejcsilva () gmail com>
Date: Fri, 18 Sep 2009 01:03:26 +0100
Hi, I decided to try it out. I'm having troubles in the call comm.tryssl, it reports that I'm using a nil value but I checked all the values and they aren't nil (print & debuglevel > 1 = r0x). Don't be evil, this is the first time I develop in LUA and I don't know if the tests *array* can be declared like that :P. I didn't made the documentation yet. Anyway, the patch is attached, best regards Duarte On Thu, Sep 17, 2009 at 10:00 PM, Fyodor <fyodor () insecure org> wrote:
Hi all. It has been two years since we changed smtp-open-relay to the demo category because it was using legitimate domains (e.g. insecure.org -- current version uses scanme.org) to check for open relays. The hope was that someone would find a way to avoid doing that, but it hasn't happened. However, we do now have the external category for scripts which do this sort of thing. So I think we should either clean it up and put it in real categories, or remove the script. So this is a call for anyone who wants to "adopt" this script and clean it up. The things I see right away that it needs are: o If there is a way to avoid using a real domain, that would be best. If not, I suppose "nmap.scanme.org" is OK. In that case, the script should be added to the "external" category. Also, there should be a script argument for changing "ourdomain". You shouldn't have to edit the script. o It should be removed from the "demo" category and added to whatever other categories are appropriate. Maybe "discovery" and "intrusive". Perhaps "vuln" is appropriate too, as an open relay is a vulnerability IMHO. Though if we use that category here, we should probably do the same for http-open-proxy and socks-open-proxy. Let's not put it in "default" at this time, though it might be worth consideration later. o It needs to be updated to look like a current script. In particular, it needs decent NSEDoc comments, license and author fields, etc. Take a look at one of Ron's recent scripts, as he does a good job at this. o I think the "spamtest" strings should probably be changed to "antispam" to make it more clear that we're trying to prevent spam. This script definitely has value and so I hope someone will take this one. Otherwise I'll have to remove the script in a week or so. Two years is long enough to carry this around as the final remaining "demo" script. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Attachment:
smtp-open-relay.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Last call for smtp-open-relay.nse - help needed Fyodor (Sep 17)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 17)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Joao Correa (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Joao Correa (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 20)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 17)