Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Get Outlook Web Address URL
From: Henri Doreau <henri.doreau () gmail com>
Date: Fri, 27 May 2011 15:18:14 +0200

2011/4/22 Dan <cdcdanielctin () gmail com>:
Hello everybody,

I found out the hard way that sometimes getting information from the
mail server admin can be very difficult due to externalization so I’ve
decided to write a NSE script that discovers the OWA URL, information
that would be very usefull in cases like configuring a handheld
device, a Blackberry Internet Service account or just simply access
the webmail.

The script is based on empirical data and it has been successfully
tested on several public server.


This is my first Lua script so run it and give me your feedback.


(resending to nmap-dev as it looks like something went wrong the first time).

Hello Daniel,

thanks for the script and sorry for the long delay. I know no server I
could use to test the script but here are a few suggestions about the

- please change the mixed tabs and spaces indentation to something
consistent, 2 or 4 spaces only is a good and fairly common choice.
- instead of using several table.insert() statements to generate the
targets array, the check_targets() function should simply iterate over
an array of subdomains. Something like this:
local subdomains = {"mail", "webmail", "owa", "exchange", "webmaileu", "exmail"}
local results = {}
local targets = {}

for _, subdomain in ipairs(subdomains) do
   table.insert(targets, subdomain .. "." .. targetname)
I'm also wondering whether it would make sense to offer the user the
ability to specify other names on the command line.
- calls to print() should be replaced by stdnse.print_debug/verbose
(see [1]), no need to check for the verbosity level before calling the
function then.
- unless I missed something, it looks like the action function could
be simplified, at least by moving duplicate code to a single function.
But it would be even better to have get_mx() returning an array (even
if it contains a single element). Then just iterate over the elements
of this array without worrying about its size.
- in check_targets() and check_mx() the script does things like:
local email_server = "https://"; .. mx .. p
results[#results + 1] = string.format("OWA Found with: ")
results[#results + 1] = string.format("Email Server: %s", email_server)

if (c == 302) then
   results[#results + 1] = string.format("Real Server Location: %s", l)
Using table.insert() would probably be easier to read, no big deal
though. string.format() is not useful for "OWA Found with: ", you can
just assign the string.
- you should improve the documentation a bit. At least elaborate on
what the script does in the description field and add an @args entry
in the nsedoc section to describe the aim of get-owa.domain (see
existing scripts for reference).
- the global variable "path" is only used by check_mx() and could
therefore be localized there.


[1] http://nmap.org/nsedoc/lib/stdnse.html#print_debug

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]