Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Last call for smtp-open-relay.nse - help needed

From: Ron <ron () skullsecurity net>
Date: Mon, 1 Mar 2010 22:02:00 -0600
On Mon, 1 Mar 2010 16:43:38 -0700 David Fifield <david () bamsoftware com>
wrote:

I also developed a new script that will try to enumerate the users
in a SMTP server using the VRFY or the EXPN command (using the
usernames.lst). If this is found to be useful since it seem that
there aren't many servers that allow those commands.


Okay, this is a good idea. It's not a problem if it's not supported on
lots of servers, especially if the script can realize it quickly and
not continue. What server are you testing the script against?


I actually use the VRFY command a lot in my work. I typically run a list of usernames through it prior to a bruteforce 
to save me from bruteforcing accounts that don't exist. It'd be cool to have it automated to the point where I just 
point Nmap at my list of usernames and let it go. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: