Nmap Development mailing list archives

Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ?

From: "Watson, Patrick" <Patrick.Watson () ncr com>
Date: Mon, 23 Oct 2017 16:59:10 +0000

Combining the smtp-commands script with the normal version scanning, you can figure this out.

Using gmail’s SMTP as an example below, I’ve highlighted in yellow the parts you want to pay attention to. Port 465 
uses TLS from the start (aka 
SMTPS<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_SMTPS&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=gwDhD5Sj2cEksXHnUxUcPTqDTUkKgHr2to6fMDmBRAo&e=>).
 Port 587 uses STARTTLS to switch from plain text to TLS after connecting.

# nmap -sV -Pn -p 465,587 --version-intensity 8 --script smtp-commands.nse smtp.gmail.com

Starting Nmap 6.47 ( 
https://urldefense.proofpoint.com/v2/url?u=http-3A__nmap.org&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=koHmcMg6t6rsw7OJD0igv8yiCqZj7I1u1_Rc-fgcQnk&e=
 ) at 2017-10-23 16:49 UTC
Nmap scan report for smtp.gmail.com (74.125.136.108)
Host is up (0.012s latency).
Other addresses for smtp.gmail.com (not scanned): 74.125.136.109
PORT    STATE SERVICE  VERSION
465/tcp open  ssl/smtp Google gsmtp
| smtp-commands: smtp.gmail.com at your service, [73.237.100.36], SIZE 35882577, 8BITMIME, AUTH LOGIN PLAIN XOAUTH2 
PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH, ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
|_ 2.0.0 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_search-3FbtnI-26q-3DRFC-2B5321&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=dbSIrkY8pshgQ9rYERZ-fUvUUu9NBSsDk72h39glAt8&e=
 j14sm454180ywg.74 - gsmtp
587/tcp open  smtp     Google gsmtp
| smtp-commands: smtp.gmail.com at your service, [73.237.100.36], SIZE 35882577, 8BITMIME, STARTTLS, 
ENHANCEDSTATUSCODES, PIPELINING, CHUNKING, SMTPUTF8,
|_ 2.0.0 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_search-3FbtnI-26q-3DRFC-2B5321&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=dbSIrkY8pshgQ9rYERZ-fUvUUu9NBSsDk72h39glAt8&e=
 b129sm3894212ywe.99 - gsmtp
Service Info: Host: smtp.gmail.com

Service detection performed. Please report any incorrect results at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__nmap.org_submit_&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=ViFzpl_Q0TYD_SrLJ_IgIZD9fgFjRZuwt1YcFv_H7g4&e=
 .
Nmap done: 1 IP address (1 host up) scanned in 19.84 seconds


-- Patrick

From: dev <dev-bounces () nmap org> on behalf of Jasey DePriest <jrdepriest () gmail com>
Date: Saturday, October 21, 2017 at 9:19 PM
To: Ben Stover <bxstover () yahoo co uk>
Cc: nmap MailList <dev () nmap org>
Subject: Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ?

I don't have a good server to test with, but the EHLO command should tell you what the server offers. I'm not sure if 
it can tell the difference between STARTTL and just TLS.

https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nsedoc_scripts_smtp-2Dcommands.html&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=PpUq1aWqruTgLF-V7d_H0_v3fckqtoAqZh4FsPKBDHs&e=<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nsedoc_scripts_smtp-2Dcommands.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=IaIyNh2kE1FGJI4st0J2siskCJ44Ok9qkWJ8ROghbNw&e=>


PORT   STATE SERVICE REASON  VERSION

25/tcp open  smtp    syn-ack Microsoft ESMTP 6.0.3790.3959

| smtp-commands: 
SMTP.domain.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__SMTP.domain.com&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=eUd5ECzZ5jySIWSEXsCOW1NjdqSUKSB6_KKprVrxFmc&e=>
 Hello [172.x.x.x], TURN, SIZE, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, 
X-EXPS GSSAPI NTLM LOGIN, X-EXPS=LOGIN, AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, X-LINK2STATE, XEXCH50, OK

|_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT 
VRFY

Nmap Site Navigation
Intro<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=VFnRboSCBenambFZ-UioIb1ZVoZoAH_YmdGcPYqjJ5w&e=>

Reference 
Guide<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_man.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=-yUe9yjg-2lpQhAc5TNT6QUdNkx3gdqzjKd4UcYMaOU&e=>

Book<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=yNlsznnfiqXaSjc-X-ljFq2bYz1A2VUvj2pizOsQLiA&e=>

Install 
Guide<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_install.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=Ar9aalgEMe0o-Ih-55Ze7FgUZq2znROqp6gFy4Zjbqc&e=>

Download<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_download.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=jwzQA6Z5AtzURks_GsdC00gOfHEyUPj8edTUoP6SCqI&e=>

Changelog<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_changelog.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=JmR_6uC4IHXN-vYL6R72zK41Z6i7iooUOYlk39AWiZA&e=>

Zenmap 
GUI<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_zenmap_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=UEY7FF6KdTIqi7aM27Lv9LWeu9bz3nuzf_aCF93q-Qo&e=>

Docs<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_docs.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=iZv9SeTfdspiN9UXOw7835ncyXMWx3xO-kpnMhM3hy0&e=>

Bug 
Reports<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_man-2Dbugs.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=5FVJjYOADUI-JigIxLFSJoUkZcbXpptPzJITsqJjtDo&e=>

OS 
Detection<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_book_osdetect.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=xfqG8AHTDF7-OcBsmmw7yiHPACyzHlC5mBQYc1Rcal0&e=>

Propaganda<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nmap-5Fpropaganda.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=02V40_wjmHJBTEfgY3C8SAG-nnGxEEcltnDlNVOBaU0&e=>

Related 
Projects<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_projects.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=216Wm8a3AkYAw6M3C8KPLC2LYzj6TreC9GVMiA6yZYw&e=>

In the 
Movies<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_movies_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=W1xY1ZikIzfjQ6xrRO3Vz-yJ1V5eAlBt8Z_Mr7hsTrg&e=>

In the 
News<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_nmap-5Finthenews.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=WaL8wc4FEfggsnmLBQohS0_z6LP-KWib434jaWoLRAM&e=>


[ 
Nmap<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=VFnRboSCBenambFZ-UioIb1ZVoZoAH_YmdGcPYqjJ5w&e=>
 | Sec 
Tools<https://urldefense.proofpoint.com/v2/url?u=http-3A__sectools.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=x0hpayGvyqB0_8JzqZYcmRLbprxk_wGJluaCHTd8PxI&e=>
 | Mailing 
Lists<https://urldefense.proofpoint.com/v2/url?u=http-3A__seclists.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=6jwjTGvkVWwDq08uoplsLses1XMaf_Bd2F83ObkC1Ys&e=>
 | Site 
News<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=8P49Y-kkDFpSraKhyi3NoyRD8JxnjYjynjO70uVQaxo&e=>
 | 
About/Contact<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_fyodor_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=lwCaVFAm01Wozjyb_6o9J5a_f2U6hHT1fwFqMqFxJHA&e=>
 | 
Advertising<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_advertising.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=ftqVKlNj0kChpCrgkx_QOx2BF-yET2Rb4KPXK1k80DI&e=>
 | 
Privacy<https://urldefense.proofpoint.com/v2/url?u=http-3A__insecure.org_privacy.html&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=SSvLkiy8ovUFa0DsXWueINvkOf-1DKT7fKg2gbq8Ggg&e=>
 ]





On Sat, Oct 21, 2017 at 1:17 AM, Ben Stover via dev <dev () nmap org<mailto:dev () nmap org>> wrote:
Assume a (remote) smtp mailserver 
smtp.foobar.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__smtp.foobar.com&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=HJApyWHVdx39svGcVDE3rPkGqFKpqCCRhLFR43_Mvic&e=>
 listens either on port 465 or port 587.

How can I find out (with nmap/netcat) if this smtp mailserver supports STARTTLS protocol or (only) SSL/TLS?

Or both ?

Thank you
Ben








_______________________________________________
Sent through the dev mailing list
https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_mailman_listinfo_dev&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=GyN45_TGtl2nnUUrfgBSmg5SDlPN5BAz1V0lgHY-bBo&e=<https://urldefense.proofpoint.com/v2/url?u=https-3A__nmap.org_mailman_listinfo_dev&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=BsRTYNQNgJfnHjTeENV1Z5IfqRwPG2rNYlCwK7nGadg&e=>
Archived at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__seclists.org_nmap-2Ddev_&d=DwIGaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=kb9QwPhIkTE-L66gFI1opw&m=vvDle7FkNLkJ5a2nwnC7kZPpeKGxwcSPznw6tOkWhDI&s=X3U9odVSLdM3Sukn7V5tKAO9irMxHTLF19_SgOKtwDI&e=<https://urldefense.proofpoint.com/v2/url?u=http-3A__seclists.org_nmap-2Ddev_&d=DwMFaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=-7fMavYSOXM0awrxpMpuj263ZzwL81Gh7WmLsFSUKIE&m=SmUppfcQzlQbJOcviUe-EXtiF3JBV9mpwejN1UCNsBE&s=tXYXdBmT3NvWsEyeg5Q8W1IbTKs1FASRIMcIAejribA&e=>

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Ben Stover via dev (Oct 20)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Jasey DePriest (Oct 21)
  - Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Watson, Patrick (Oct 23)
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Dave Horsfall (Oct 29)
- <Possible follow-ups>
- Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Ben Stover via dev (Oct 25)
  - Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Watson, Patrick (Oct 26)
    - Re: How to find out if SMTP mailserver supports STARTTLS or (only) SSL/TLS ? Jasey DePriest (Oct 26)