Home page logo

nmap-dev logo Nmap Development mailing list archives

Bug in smtp-enum-users.nse
From: Yehuda Eisenstark <yudieisenstark () gmail com>
Date: Thu, 10 Feb 2011 22:44:13 +0200

I am a complete newbie at NSE, so this may be completely off but,
the smtp-enum-users.nse script contains the following code:

  elseif string.match(response, "^502") or string.match(response, "^252") or
string.match(response, "^550") then
                          -- The server doesn't implement the command or it
is disallowed.
                          return STATUS_CODES.NOTPERMITTED

Many SMTP servers return a "550 User Unknown" in response to a "RCPT TO"
request with an unknown user. The script starts enumerating users via "RCPT
TO" but stops at the first "550 User Unknown" response and then tries using
VRFY and EXPN for that user. The script never goes back to enumerating the
rest of the users in the username file via "RCPT TO". If VRFY and EXPN don't
work the script sends a QUIT and stops. Why is that?

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]