Penetration Testing mailing list archives
RE: SMTP Survey
From: "Michael Burns" <mburns () sp-uk com>
Date: Thu, 9 Oct 2003 09:54:37 +0100
Re-sent as I accidentally sent to an individual :-s We've been working with Vigilante for a while now, the scan is very thorough, fast and importantly it is accurate. However, it is commercial and a tad on the expensive side, well that is, if you are looking for a free tool ;) I have used nmap and similar tools and find them excellent tools, especially considering the price :) You can do manual checks on the smtp service to check if you can relay or not, however, you can also use something like http://www.ordb.org/ which I have only really used the one. The downside to this is that if you are an open relay it does record and publicise the fact. Mike -----Original Message----- From: Michael Coulter [mailto:mjc () bitz ca] Sent: 07 October 2003 08:40 To: ajwhitaker () excite com Cc: pen-test () securityfocus com Subject: Re: SMTP Survey On Sat, Oct 04, 2003 at 12:03:25PM -0400, ajwhitaker () excite com wrote:
What tools / techniques / scripts do you use when testing against port
25?
Currently I just test for mail-relay, but I'm wondering what other
tests/tools
are used.
Others have already mentioned a few fingerprinting tools. However they have missed my two favourites thus far. thc-vmap available at http://www.thc.org/ nmap using "-sV". This service fingerprinting feature was added recently, and new fingerprints are coming in all the time. You may need to update to use this feature, and will definitely want to update to get a more comprehensive fingerprint database. ------------------------------------------------------------------------ --- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ------------------------------------------------------------------------ ---- ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- SMTP Survey ajwhitaker () excite com (Oct 06)
- Re: SMTP Survey lists (Oct 07)
- Re: SMTP Survey Michael Coulter (Oct 07)
- <Possible follow-ups>
- FW: SMTP Survey Francisco Araujo (Oct 06)
- Re: SMTP Survey Muhammad Faisal Rauf Danka (Oct 06)
- RE: SMTP Survey Michael Burns (Oct 09)