Nmap Development mailing list archives
Re: Last call for smtp-open-relay.nse - help needed
From: Duarte Silva <duartejcsilva () gmail com>
Date: Sun, 31 Jan 2010 10:02:47 +0000
Hi, It has been more than 4 months, and since the script hasn't been dropped from the SVN tree, I''m checking if it will be included or not? Regards, Duarte On Sun, Sep 20, 2009 at 7:56 PM, Duarte Silva <duartejcsilva () gmail com> wrote:
Hi, This is the ready for revision version of the script, NSEDoc and all the changes needed. By the way, comm.tryssl works fine, I don't. Funny thing about all this is that, while I was testing the script, I ended up finding out that my college students/teachers mail server is an open relay. How about that uh? Best regards, Duarte On Fri, Sep 18, 2009 at 7:16 PM, Joao Correa <joao () livewire com br> wrote:Considering the log, the error message was not triggered from inside the comm.tryssl, but from the script itself while calling comm.tryssl. If you have required comm library in the beginning of the script and also didn't overwrite comm or comm.tryssl, I don't know what is triggering the error. The error line on the log is: "C:\Program Files\Nmap\scripts\smtp-open-relay.nse:66: attempt to call field 'tryssl' (a nil value)" I've applied the patch directly to trunk's smtp-open-relay.nse and after correcting test[...] to tests[...] on the line mentioned some e-mails ago, the script (with the first patch) worked fine here. Except for the documentation, all the changes requested by Fyodor seem to be made and ok. On Fri, Sep 18, 2009 at 2:00 PM, Duarte Silva <duartejcsilva () gmail com> wrote:LOL this would actually have some meaning if I actually added the patch in the attachments dohh. On Fri, Sep 18, 2009 at 5:56 PM, Duarte Silva <duartejcsilva () gmail com> wrote:Hi, Just noticed that, was about to send the corrected version. And yes, will send the log of using comm.tryssl to you /off-list. Thanks, Duarte On Fri, Sep 18, 2009 at 5:31 PM, Joao Correa <joao () livewire com br> wrote:Hi Duarte, I've made a fast try with your first patch. The only error I got was related to using an undeclared variable on line 98. After changing the variable name from test to tests, it worked fine. I didn't get the errors you mentioned about comm.tryssl. If the problem is a bug on comm.tryssl, I really would like more information to fix it. Would you mind sending me (off list) the outputs you got while running the first version of the script? Thanks, João. On Fri, Sep 18, 2009 at 1:02 PM, Duarte Silva <duartejcsilva () gmail com> wrote:Hi, Just fixed the problem with comm.tryssl by not using it :P The script is now able to detect if the SMTP server requires authentication. Give it a go, and if it is accepted I will make the documentation (too lazy/busy). Patch in attachments. Best regards, Duarte On Fri, Sep 18, 2009 at 1:03 AM, Duarte Silva <duartejcsilva () gmail com> wrote:Hi, I decided to try it out. I'm having troubles in the call comm.tryssl, it reports that I'm using a nil value but I checked all the values and they aren't nil (print & debuglevel > 1 = r0x). Don't be evil, this is the first time I develop in LUA and I don't know if the tests *array* can be declared like that :P. I didn't made the documentation yet. Anyway, the patch is attached, best regards Duarte On Thu, Sep 17, 2009 at 10:00 PM, Fyodor <fyodor () insecure org> wrote:Hi all. It has been two years since we changed smtp-open-relay to the demo category because it was using legitimate domains (e.g. insecure.org -- current version uses scanme.org) to check for open relays. The hope was that someone would find a way to avoid doing that, but it hasn't happened. However, we do now have the external category for scripts which do this sort of thing. So I think we should either clean it up and put it in real categories, or remove the script. So this is a call for anyone who wants to "adopt" this script and clean it up. The things I see right away that it needs are: o If there is a way to avoid using a real domain, that would be best. If not, I suppose "nmap.scanme.org" is OK. In that case, the script should be added to the "external" category. Also, there should be a script argument for changing "ourdomain". You shouldn't have to edit the script. o It should be removed from the "demo" category and added to whatever other categories are appropriate. Maybe "discovery" and "intrusive". Perhaps "vuln" is appropriate too, as an open relay is a vulnerability IMHO. Though if we use that category here, we should probably do the same for http-open-proxy and socks-open-proxy. Let's not put it in "default" at this time, though it might be worth consideration later. o It needs to be updated to look like a current script. In particular, it needs decent NSEDoc comments, license and author fields, etc. Take a look at one of Ron's recent scripts, as he does a good job at this. o I think the "spamtest" strings should probably be changed to "antispam" to make it more clear that we're trying to prevent spam. This script definitely has value and so I hope someone will take this one. Otherwise I'll have to remove the script in a week or so. Two years is long enough to carry this around as the final remaining "demo" script. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Jan 31)
- Re: Last call for smtp-open-relay.nse - help needed Arturo 'Buanzo' Busleiman (Jan 31)
- Re: Last call for smtp-open-relay.nse - help needed Fyodor (Jan 31)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Feb 01)
- Re: Last call for smtp-open-relay.nse - help needed David Fifield (Feb 17)
- Re: Last call for smtp-open-relay.nse - help needed Arturo 'Buanzo' Busleiman (Feb 17)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Feb 18)
- Re: Last call for smtp-open-relay.nse - help needed David Fifield (Feb 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Feb 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Feb 20)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Feb 21)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Feb 01)