Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comments on smtp-open-relay and smtp-enum-users

From: Duarte Silva <duartejcsilva () gmail com>
Date: Sun, 14 Mar 2010 11:15:33 +0000
The changes have been made to smtp-open-relay.nse. It is also now
possible to specify which addresses to use in the tests. Default are
antispam and relaytest respectively.

--script-args smtp-open-relay.from=hello,smtp-open-relay.to=goodbye

Thanks for the suggestions :P

On Fri, Mar 12, 2010 at 3:09 PM, Ron <ron () skullsecurity net> wrote:

I talked to Duarte this off the list a bit, but I thought I'd post it here. The other thread was growing out of 
control, so I thought it best to make a new one.

Anyways, smtp-enum-users.nse works great for me. Even the server where VRFY was disabled worked, thanks to the "RCTP 
TO" hacking. I did generated the list by harvesting some .pdf files on the site manually and feeding them in with the 
userdb script-arg.

smtp-open-relay.nse looks like it's working as well, but I don't think the output is clear enough. It'd be nice to 
get a boolean message, saying "this server IS an open relay" or "x out of 5 tests passed, this server is likely [not] 
an open relay". That'd be helpful to me.

Overall, though, they're looking good and have already helped me find an issue.

--
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: smtp-open-relay.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: