Nmap Development mailing list archives
Re: Last call for smtp-open-relay.nse - help needed
From: Duarte Silva <duartejcsilva () gmail com>
Date: Fri, 18 Sep 2009 17:56:07 +0100
Hi, Just noticed that, was about to send the corrected version. And yes, will send the log of using comm.tryssl to you /off-list. Thanks, Duarte On Fri, Sep 18, 2009 at 5:31 PM, Joao Correa <joao () livewire com br> wrote:
Hi Duarte, I've made a fast try with your first patch. The only error I got was related to using an undeclared variable on line 98. After changing the variable name from test to tests, it worked fine. I didn't get the errors you mentioned about comm.tryssl. If the problem is a bug on comm.tryssl, I really would like more information to fix it. Would you mind sending me (off list) the outputs you got while running the first version of the script? Thanks, João. On Fri, Sep 18, 2009 at 1:02 PM, Duarte Silva <duartejcsilva () gmail com> wrote:Hi, Just fixed the problem with comm.tryssl by not using it :P The script is now able to detect if the SMTP server requires authentication. Give it a go, and if it is accepted I will make the documentation (too lazy/busy). Patch in attachments. Best regards, Duarte On Fri, Sep 18, 2009 at 1:03 AM, Duarte Silva <duartejcsilva () gmail com> wrote:Hi, I decided to try it out. I'm having troubles in the call comm.tryssl, it reports that I'm using a nil value but I checked all the values and they aren't nil (print & debuglevel > 1 = r0x). Don't be evil, this is the first time I develop in LUA and I don't know if the tests *array* can be declared like that :P. I didn't made the documentation yet. Anyway, the patch is attached, best regards Duarte On Thu, Sep 17, 2009 at 10:00 PM, Fyodor <fyodor () insecure org> wrote:Hi all. It has been two years since we changed smtp-open-relay to the demo category because it was using legitimate domains (e.g. insecure.org -- current version uses scanme.org) to check for open relays. The hope was that someone would find a way to avoid doing that, but it hasn't happened. However, we do now have the external category for scripts which do this sort of thing. So I think we should either clean it up and put it in real categories, or remove the script. So this is a call for anyone who wants to "adopt" this script and clean it up. The things I see right away that it needs are: o If there is a way to avoid using a real domain, that would be best. If not, I suppose "nmap.scanme.org" is OK. In that case, the script should be added to the "external" category. Also, there should be a script argument for changing "ourdomain". You shouldn't have to edit the script. o It should be removed from the "demo" category and added to whatever other categories are appropriate. Maybe "discovery" and "intrusive". Perhaps "vuln" is appropriate too, as an open relay is a vulnerability IMHO. Though if we use that category here, we should probably do the same for http-open-proxy and socks-open-proxy. Let's not put it in "default" at this time, though it might be worth consideration later. o It needs to be updated to look like a current script. In particular, it needs decent NSEDoc comments, license and author fields, etc. Take a look at one of Ron's recent scripts, as he does a good job at this. o I think the "spamtest" strings should probably be changed to "antispam" to make it more clear that we're trying to prevent spam. This script definitely has value and so I hope someone will take this one. Otherwise I'll have to remove the script in a week or so. Two years is long enough to carry this around as the final remaining "demo" script. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Last call for smtp-open-relay.nse - help needed Fyodor (Sep 17)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 17)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Joao Correa (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Joao Correa (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 20)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 18)
- Re: Last call for smtp-open-relay.nse - help needed Duarte Silva (Sep 17)