Re: Fwd: Re: NSE: Need advice on pulling SSL cert used for TLS connection over SMTP port 25

[David Fifield <david () bamsoftware com>]

On Sun, Oct 11, 2009 at 08:21:24AM -0500, Tom Sellers wrote:
> I  have tested this script further with more targets and from both
> Windows and Linux. Could it be reviewed for inclusion? Both the patch
> and full file are attached.

I would like the SMTP-specific code to be factored out into a separate
function. Especially as I can see this same mechanism being used to
handle HTTPS over port 80 using the Upgrade header field.

> -local LIKELY_SSL_PORTS = { 443, 465, 989, 990, 992, 993, 994, 995, 587, 8443 }
> +local LIKELY_SSL_PORTS = { 25, 443, 465, 587, 989, 990, 992, 993, 994, 995, 587, 8443 }

I think this is misleading to put ports 25 and 587 in a table called
LIKELY_SSL_PORTS. Maybe you can break them into a separate table called
OTHER_PORTS or something. The idea being that if the port is in
LIKELY_SSL_PORTS, or if the service_tunnel is "ssl", you immediately try
an SSL connection. If it's in OTHER_PORTS, there would have to exist
some protocol-specific handling like STARTTLS. The portrule would be
modified to run if the port number is in either port table.

I think the script is fine to go in as it is, and you can make these
changes under revision control.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org