Nmap Development mailing list archives
Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ?
From: "Watson, Patrick" <Patrick.Watson () ncr com>
Date: Mon, 23 Oct 2017 16:59:10 +0000
Combining the smtp-commands script with the normal version scanning, you can figure this out. Using gmail’s SMTP as an example below, I’ve highlighted in yellow the parts you want to pay attention to. Port 465 uses TLS from the start (aka SMTPS<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_SMTPS&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=gwDhD5Sj2cEksXHnUxUcPTqDTUkKgHr2to6fMDmBRAo&e=>). Port 587 uses STARTTLS to switch from plain text to TLS after connecting. # nmap -sV -Pn -p 465,587 --version-intensity 8 --script smtp-commands.nse smtp.gmail.com Starting Nmap 6.47 ( https://urldefense.proofpoint.com/v2/url?u=http-3A__nmap.org&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=koHmcMg6t6rsw7OJD0igv8yiCqZj7I1u1_Rc-fgcQnk&e= ) at 2017-10-23 16:49 UTC Nmap scan report for smtp.gmail.com (74.125.136.108) Host is up (0.012s latency). Other addresses for smtp.gmail.com (not scanned): 74.125.136.109 PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Google gsmtp | smtp-commands: smtp.gmail.com at your service, [73.237.100.36], SIZE 35882577, 8BITMIME, AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8, |_ 2.0.0 https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_search-3FbtnI-26q-3DRFC-2B5321&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=dbSIrkY8pshgQ9rYERZ-fUvUUu9NBSsDk72h39glAt8&e= j14sm454180ywg.74 - gsmtp 587/tcp open smtp Google gsmtp | smtp-commands: smtp.gmail.com at your service, [73.237.100.36], SIZE 35882577, 8BITMIME, STARTTLS, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8, |_ 2.0.0 https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_search-3FbtnI-26q-3DRFC-2B5321&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=dbSIrkY8pshgQ9rYERZ-fUvUUu9NBSsDk72h39glAt8&e= b129sm3894212ywe.99 - gsmtp Service Info: Host: smtp.gmail.com Service detection performed. Please report any incorrect results at https://urldefense.proofpoint.com/v2/url?u=http-3A__nmap.org_submit_&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=ViFzpl_Q0TYD_SrLJ_IgIZD9fgFjRZuwt1YcFv_H7g4&e= . Nmap done: 1 IP address (1 host up) scanned in 19.84 seconds -- Patrick From: dev <dev-bounces () nmap org> on behalf of Jasey DePriest <jrdepriest () gmail com> Date: Saturday, October 21, 2017 at 9:19 PM To: Ben Stover <bxstover () yahoo co uk> Cc: nmap MailList <dev () nmap org> Subject: Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? I don't have a good server to test with, but the EHLO command should tell you what the server offers. I'm not sure if it can tell the difference between STARTTL and just TLS. https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nsedoc_scripts_smtp-2Dcommands.html&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=PpUq1aWqruTgLF-V7d_H0_v3fckqtoAqZh4FsPKBDHs&e=<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nsedoc_scripts_smtp-2Dcommands.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=IaIyNh2kE1FGJI4st0J2siskCJ44Ok9qkWJ8ROghbNw&e=> PORT STATE SERVICE REASON VERSION 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.3790.3959 | smtp-commands: SMTP.domain.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__SMTP.domain.com&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=eUd5ECzZ5jySIWSEXsCOW1NjdqSUKSB6_KKprVrxFmc&e=> Hello [172.x.x.x], TURN, SIZE, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, X-EXPS GSSAPI NTLM LOGIN, X-EXPS=LOGIN, AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, X-LINK2STATE, XEXCH50, OK |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT VRFY Nmap Site Navigation Intro<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=VFnRboSCBenambFZ-UioIb1ZVoZoAH_YmdGcPYqjJ5w&e=> Reference Guide<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_man.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=-yUe9yjg-2lpQhAc5TNT6QUdNkx3gdqzjKd4UcYMaOU&e=> Book<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=yNlsznnfiqXaSjc-X-ljFq2bYz1A2VUvj2pizOsQLiA&e=> Install Guide<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_install.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=Ar9aalgEMe0o-Ih-55Ze7FgUZq2znROqp6gFy4Zjbqc&e=> Download<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_download.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=jwzQA6Z5AtzURks_GsdC00gOfHEyUPj8edTUoP6SCqI&e=> Changelog<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_changelog.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=JmR_6uC4IHXN-vYL6R72zK41Z6i7iooUOYlk39AWiZA&e=> Zenmap GUI<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_zenmap_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=UEY7FF6KdTIqi7aM27Lv9LWeu9bz3nuzf_aCF93q-Qo&e=> Docs<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_docs.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=iZv9SeTfdspiN9UXOw7835ncyXMWx3xO-kpnMhM3hy0&e=> Bug Reports<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_man-2Dbugs.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=5FVJjYOADUI-JigIxLFSJoUkZcbXpptPzJITsqJjtDo&e=> OS Detection<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_osdetect.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=xfqG8AHTDF7-OcBsmmw7yiHPACyzHlC5mBQYc1Rcal0&e=> Propaganda<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nmap-5Fpropaganda.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=02V40_wjmHJBTEfgY3C8SAG-nnGxEEcltnDlNVOBaU0&e=> Related Projects<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_projects.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=216Wm8a3AkYAw6M3C8KPLC2LYzj6TreC9GVMiA6yZYw&e=> In the Movies<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_movies_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=W1xY1ZikIzfjQ6xrRO3Vz-yJ1V5eAlBt8Z_Mr7hsTrg&e=> In the News<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nmap-5Finthenews.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=WaL8wc4FEfggsnmLBQohS0_z6LP-KWib434jaWoLRAM&e=> [ Nmap<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=VFnRboSCBenambFZ-UioIb1ZVoZoAH_YmdGcPYqjJ5w&e=> | Sec Tools<https://urldefense.proofpoint.com/v2/url?u=http-3A__sectools.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=x0hpayGvyqB0_8JzqZYcmRLbprxk_wGJluaCHTd8PxI&e=> | Mailing Lists<https://urldefense.proofpoint.com/v2/url?u=http-3A__seclists.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=6jwjTGvkVWwDq08uoplsLses1XMaf_Bd2F83ObkC1Ys&e=> | Site News<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=8P49Y-kkDFpSraKhyi3NoyRD8JxnjYjynjO70uVQaxo&e=> | About/Contact<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_fyodor_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=lwCaVFAm01Wozjyb_6o9J5a_f2U6hHT1fwFqMqFxJHA&e=> | Advertising<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_advertising.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=ftqVKlNj0kChpCrgkx_QOx2BF-yET2Rb4KPXK1k80DI&e=> | Privacy<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_privacy.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=SSvLkiy8ovUFa0DsXWueINvkOf-1DKT7fKg2gbq8Ggg&e=> ] On Sat, Oct 21, 2017 at 1:17 AM, Ben Stover via dev <dev () nmap org<mailto:dev () nmap org>> wrote: Assume a (remote) smtp mailserver smtp.foobar.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__smtp.foobar.com&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=HJApyWHVdx39svGcVDE3rPkGqFKpqCCRhLFR43_Mvic&e=> listens either on port 465 or port 587. How can I find out (with nmap/netcat) if this smtp mailserver supports STARTTLS protocol or (only) SSL/TLS? Or both ? Thank you Ben _______________________________________________ Sent through the dev mailing list https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_mailman_listinfo_dev&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=GyN45_TGtl2nnUUrfgBSmg5SDlPN5BAz1V0lgHY-bBo&e=<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_mailman_listinfo_dev&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=BsRTYNQNgJfnHjTeENV1Z5IfqRwPG2rNYlCwK7nGadg&e=> Archived at https://urldefense.proofpoint.com/v2/url?u=http-3A__seclists.org_nmap-2Ddev_&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=X3U9odVSLdM3Sukn7V5tKAO9irMxHTLF19_SgOKtwDI&e=<https://urldefense.proofpoint.com/v2/url?u=http-3A__seclists.org_nmap-2Ddev_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=tXYXdBmT3NvWsEyeg5Q8W1IbTKs1FASRIMcIAejribA&e=>
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Ben Stover via dev (Oct 20)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Jasey DePriest (Oct 21)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Watson, Patrick (Oct 23)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Dave Horsfall (Oct 29)
- <Possible follow-ups>
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Ben Stover via dev (Oct 25)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Watson, Patrick (Oct 26)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Jasey DePriest (Oct 26)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Watson, Patrick (Oct 26)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Jasey DePriest (Oct 21)