Nmap Development mailing list archives
smtp-enum-users.nse
From: David Fifield <david () bamsoftware com>
Date: Fri, 12 Mar 2010 21:06:26 -0700
On Sun, Mar 07, 2010 at 06:43:39PM +0000, Duarte Silva wrote:
I also finished the smtp-enum-users.nse script (for more info read the description in the script). Patches in the attachments as usual.
I think this is a good script and it's gotten good feedback so far. I've committed it. Here are some ideas I have to improve it. What do you think? Here is how the method selection works: if type(method) == "string" then if string.find(method, "^VRFY$", 0) then ignore_vrfy, ignore_expn, ignore_rcpt = false, true, true elseif string.find(method, "^EXPN$", 0) then ignore_vrfy, ignore_expn, ignore_rcpt = true, false, true elseif string.find(method, "^RCPT$", 0) then ignore_vrfy, ignore_expn, ignore_rcpt = true, true, false end end Instead of setting ignore_* variables with reverse logic, how about having a variable methods = {"VRFY", "EXPN", "RCPT"}, and a current_method variable? Then your script argument could actually be an array of methods to try, and the rest of the logic would be easier to understand. I think this structure is complicated: while username do if ignore_vrfy and ignore_expn and (not ignore_rcpt) then -- Do RCPT. else if not ignore_vrfy then -- Do VRFY. Set ignore_vrfy = false if not implemented. elseif not ignore_expn then -- Do EXPN. Set ignore_expn = false if not implemented. else break end end end It tries VRFY, EXPN, and RCPT in order, so the code should reflect that. (But see below for a different proposed order.) Probably the code that checks one username with each method should be broken out into functions. My mail server returns "252 Administrative prohibition" for VRFY. The script doesn't detect this as VRFY not working, so it never moves on to RCPT (which works). The script works if I use --script-args smtp-enum-users.method=RCPT. What do you think about making RCPT the first method tried? It seems to be the most effective all around. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Last call for smtp-open-relay.nse - help needed, (continued)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Mar 02)
- Re: Last call for smtp-open-relay.nse - help needed David Fifield (Mar 02)
- Re: Last call for smtp-open-relay.nse - help needed Ron (Mar 02)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Mar 02)
- Re: Last call for smtp-open-relay.nse - help needed Ron (Mar 02)
- Re: Last call for smtp-open-relay.nse - help needed David Fifield (Mar 02)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Mar 03)
- Re: Last call for smtp-open-relay.nse - help needed Ron (Mar 03)
- Re: Last call for smtp-open-relay.nse - help needed Fyodor (Mar 05)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Mar 07)
- smtp-enum-users.nse David Fifield (Mar 12)
- Re: smtp-enum-users.nse Duarte Silva (Mar 14)
- Re: smtp-enum-users.nse David Fifield (Mar 16)
- Re: smtp-enum-users.nse Duarte Silva (Mar 17)
- Re: smtp-enum-users.nse David Fifield (Mar 17)