Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RFC] Default NSE Scripts

From: Fyodor <fyodor () insecure org>
Date: Mon, 12 May 2008 13:23:47 -0700
On Fri, May 09, 2008 at 05:17:44PM -0500, Kris Katterjohn wrote:

* SMTPcommands - I want this to be default, but it usually has a lot of
output


Good point.  First, let's take a look at the output of this script.  I
did a scan against the MX servers for gmail, slashdot, and hotmail:

nmap -p1-100 -PN --script SMTPcommands.nse gmail-smtp-in.l.google.com mx.vasoftware.com mx1.hotmail.com

Starting Nmap 4.62 ( http://nmap.org ) at 2008-05-12 13:12 PDT
Warning: Hostname gmail-smtp-in.l.google.com resolves to 2 IPs. Using 209.85.147.27.
Warning: Hostname mx.vasoftware.com resolves to 2 IPs. Using 208.48.95.24.
Warning: Hostname mx1.hotmail.com resolves to 3 IPs. Using 65.54.244.136.
Interesting ports on wa-in-f27.google.com (209.85.147.27):
Not shown: 98 filtered ports
PORT   STATE  SERVICE
25/tcp open   smtp
|  SMTP: Responded to EHLO command
|  mx.google.com at your service, [64.13.134.2]
|  SIZE 28311552
|  8BITMIME
|  250 ENHANCEDSTATUSCODES
|  Responded to HELP command
|_ 2.0.0 http://www.google.com/search?btnI&q=RFC+2821
80/tcp closed http

Interesting ports on mx-2.vasoftware.com (208.48.95.24):
Not shown: 99 filtered ports
PORT   STATE SERVICE
25/tcp open  smtp
|  SMTP: Responded to EHLO command
|  mx-2.vasoftware.com Hello mail.titan.net [64.13.134.2]
|  SIZE 15728640
|  EXPN
|  PIPELINING
|  AUTH PLAIN LOGIN
|  STARTTLS
|  250 HELP
|  Responded to HELP command
|  Commands supported:
|_ AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP EXPN VRFY

Interesting ports on mx1.hotmail.com (65.54.244.136):
Not shown: 99 filtered ports
PORT   STATE SERVICE
25/tcp open  smtp
|  SMTP: Responded to EHLO command
|  bay0-mc3-f20.bay0.hotmail.com (3.5.0.22) Hello [64.13.134.2]
|  SIZE 29696000
|  PIPELINING
|  8bitmime
|  BINARYMIME
|  CHUNKING
|  AUTH LOGIN
|  AUTH=LOGIN
|  Responded to HELP command
|  This server supports the following commands:
|_ HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT VRFY

Nmap done: 3 IP addresses (3 hosts up) scanned in 94.733 seconds


This output is definitely quite long.  And Jason seemed to recognize
that when writing the script, as he included this comment:

-- EHLO returns a multiline result - I would like to pull out the line feeds and replace them with
-- something nicer like commas.  But when I do that, it messes up the first two lines as well, which
-- probably should be on their own lines.  I have not mastered the regexes for NSE yet, so maybe some day.

I think the results of this script can be interesting, but don't think
it should be default until someone can clean it up.  Replacing the
line feeds in the option list with commas, as suggested by Jason,
should resolve the problem.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: