Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE Script] SMTP Servername

From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Wed, 23 Aug 2006 11:03:03 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a really simple script that obtains the smtp servername from the HELO response.

Actually, the Open Relay script I'm about to finish uses that code. So, while testing if the script
worked, I just took the servername grabbing code, and put it into a new script.

Not necessarily useful, but it uses the gsub lua function to obtain the servername using patterns.

- --
Arturo "Buanzo" Busleiman - VPN Mail Project - http://vpnmail.buanzo.com.ar
Consultor en Seguridad Informatica - http://www.buanzo.com.ar
http://www.vivamoslavida.com.ar - Portal no-comercial del buen vivir!
for f in www blog linux-consulting vpnmail; do firefox http://$f.buanzo.com.ar ; done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE7GAXAlpOsGhXcE0RAhe0AJ0TeZ1jtMEJYDRZBffYio7K/ezJlgCfUSy5
Df6G3fdQPxfpkG/rjyIorCU=
=/OZS
-----END PGP SIGNATURE-----

-- Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar> / www.buanzo.com.ar/eng/ / linux-consulting.buanzo.com.ar
-- See Nmap'ss COPYING file for licence details

id="SMTP servername"
description="Retrieves SMTP servername from HELO response"
tags = {"intrusive"}

portrule = function(host, port)
        if      (port.number == 25
                or port.service == "smtp")
                and port.protocol == "tcp"
        then
                return true
        else
                return false
        end
end

action = function(host, port)
        local socket = nmap.new_socket()
        local result
        local status = true
        local mailservername

        socket:connect(host.ip, port.number, port.protocol)
        
        status, result = socket:receive_lines(1)

        if (result == "TIMEOUT") then
                socket:close()
                return
        end

-- Introduce ourselves...
        socket:send("HELO www.insecure.org\n")
        status, result = socket:receive_lines(1)

-- close socket and return if there's an smtp status code != 250
        if not string.match(result, "^250") then
                socket:close()
                return
        end

        mailservername = string.sub(result, string.find(result, '([.%w]+)',4))

        return mailservername
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: