[Openvas-commits] r2878 - trunk/openvas-plugins/scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Mar 23 19:32:38 CET 2009 

Author: mime
Date: 2009-03-23 19:32:33 +0100 (Mon, 23 Mar 2009)
New Revision: 2878

Added:
   trunk/openvas-plugins/scripts/sendmail_expn.nasl
   trunk/openvas-plugins/scripts/smtp_relay.nasl
Log:
Added new pluginss

Added: trunk/openvas-plugins/scripts/sendmail_expn.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sendmail_expn.nasl	2009-03-23 18:31:13 UTC (rev 2877)
+++ trunk/openvas-plugins/scripts/sendmail_expn.nasl	2009-03-23 18:32:33 UTC (rev 2878)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# VRFY and EXPN request check.
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100072);
+ script_version ("1.0");
+
+ script_name(english:"Check if Mailserver answer to VRFY and EXPN requests");  
+
+ desc["english"] = "
+
+ Overview:
+  The Mailserver on this host answers to VRFY and/or EXPN requests.
+  VRFY and EXPN ask the server for information about an address. They are
+  inherently unusable through firewalls, gateways, mail exchangers for part-time
+  hosts, etc. OpenVAS suggest that, if you really want to publish this type of
+  information, you use a mechanism that legitimate users actually know about,
+  such as Finger or HTTP. 
+
+ Solution:
+  Disable VRFY and EXPN on your Mailserver.
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks if Mailserver answer to VRFY and EXPN requests");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"SMTP problems");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "smtpserver_detect.nasl");
+ script_require_ports("Services/smtp", 25);
+ script_exclude_keys("SMTP/wrapped");
+ exit(0);
+}
+
+include("smtp_func.inc");
+
+port = get_kb_item("Services/smtp");
+if (!port) port = 25;
+if(!get_port_state(port))exit(0);
+
+soctcp25 = open_sock_tcp(port);
+if(!soctcp25)exit(0);
+
+bannertxt = smtp_recv_banner(socket:soctcp25);
+send(socket:soctcp25, data:string("EHLO ",this_host(),"\r\n"));
+ehlotxt = smtp_recv_line(socket:soctcp25);
+
+if(("250" >< ehlotxt) || ("550" >< ehlotxt)) {
+#vrfy
+ send(socket: soctcp25, data:string("VRFY root\r\n")); 
+ vrfy_txt = smtp_recv_line(socket:soctcp25);
+
+ if(("250" >< vrfy_txt) || ("251" >< vrfy_txt) || ("550" >< vrfy_txt)) {
+  if(
+     !egrep(pattern:"Administrative prohibition", string: vrfy_txt) &&
+     !egrep(pattern:"Access Denied", string: vrfy_txt) &&
+     !egrep(pattern:"not available", string: vrfy_txt) &&
+     !egrep(pattern:"String does not match anything", string: vrfy_txt)
+    ) {
+       set_kb_item(name:"SMTP/vrfy",value:TRUE); 
+       VRFY = TRUE;
+  }  
+ }  
+#expn
+ send(socket: soctcp25, data:string("EXPN root\r\n"));
+ expn_txt =  smtp_recv_line(socket:soctcp25);
+
+ if(("250" >< expn_txt) || ("550" >< expn_txt)) {
+
+   if(
+     !egrep(pattern:"Administrative prohibition", string: vrfy_txt) &&
+     !egrep(pattern:"Access Denied", string: vrfy_txt) &&
+     !egrep(pattern:"not available", string: vrfy_txt)
+    ) {
+       set_kb_item(name:"SMTP/expn",value:TRUE);
+       EXPN = TRUE;
+  }
+ }  
+}  
+
+close(soctcp25);
+
+if(VRFY || EXPN) {
+ security_warning(port:port);
+ exit(0);
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/sendmail_expn.nasl
___________________________________________________________________
Name: svn:keywords
   + Id

Added: trunk/openvas-plugins/scripts/smtp_relay.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smtp_relay.nasl	2009-03-23 18:31:13 UTC (rev 2877)
+++ trunk/openvas-plugins/scripts/smtp_relay.nasl	2009-03-23 18:32:33 UTC (rev 2878)
@@ -0,0 +1,126 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# SMTP Open Relay Test
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(100073);
+ script_version ("1.0");
+ name["english"] = "Mail relaying";
+ script_name(english:name["english"]);
+ 
+ desc["english"] = "
+
+ Overview:
+  The remote SMTP server is insufficiently protected against relaying
+  This means that spammers might be able to use your mail server 
+  to send their mails to the world.
+
+ Solution:
+  Improve the configuration of your SMTP server so that your SMTP server 
+  cannot be used as a relay any more.
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ summary["english"] = "Checks if the mail server can be used as a open relay"; 
+ script_summary(english:summary["english"]);
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ family["english"] = "SMTP problems";
+ script_family(english:family["english"]);
+ script_dependencie("smtpserver_detect.nasl","sendmail_expn.nasl","smtp_settings.nasl");
+ script_exclude_keys("SMTP/wrapped", "SMTP/qmail");
+ script_require_ports("Services/smtp", 25);
+ exit(0);
+}
+
+include("smtp_func.inc");
+include("misc_func.inc");
+include("network_func.inc");
+
+if(islocalhost())exit(0);
+if(is_private_addr()) exit(0);
+
+port = get_kb_item("Services/smtp");
+if(!port) port = 25;
+
+if(get_kb_item('SMTP/'+port+'/broken'))exit(0);
+if(!get_port_state(port))exit(0);
+
+domain = get_kb_item("Settings/third_party_domain");
+if(!domain)domain = 'example.com';
+
+soc = smtp_open(port: port, helo: NULL);
+if(!soc)exit(0);
+ 
+src_name = this_host_name();
+FROM = string('openvas@', src_name);
+TO = string('openvas@', domain);
+
+send(socket: soc, data: strcat('EHLO ', src_name, '\r\n'));
+answer = smtp_recv_line(socket: soc);
+
+if("250" >!< answer)exit(0);
+
+  mf = strcat('MAIL FROM: <', FROM , '>\r\n');
+  send(socket: soc, data: mf);
+  l = smtp_recv_line(socket: soc);
+
+  if(! l || l =~ '^5[0-9][0-9]')
+  {
+    exit(0);
+  }
+  else
+  {
+    rt = strcat('RCPT TO: <', TO , '>\r\n');
+    send(socket: soc, data: rt);
+    l = smtp_recv_line(socket: soc);
+
+    if (l =~ '^2[0-9][0-9]')
+    {
+      data=string("data\r\n");
+      send(socket: soc, data: data);
+      data_rcv = smtp_recv_line(socket: soc);
+      
+      if(egrep(pattern:"3[0-9][0-9]", string:data_rcv)) {
+
+        send(socket: soc, data: string("OpenVAS-Relay-Test\r\n.\r\n"));
+	mail_send = smtp_recv_line(socket: soc);
+	
+	if("250" >< mail_send) {
+          security_warning(port:port);
+          set_kb_item(name:"SMTP/" + port + "/spam", value:TRUE);
+          set_kb_item(name:"SMTP/spam", value:TRUE);
+          smtp_close(socket: soc);
+          exit(0);
+	}  
+      
+      }
+    }
+    smtp_close(socket: soc);
+   }
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/smtp_relay.nasl
___________________________________________________________________
Name: svn:keywords
   + Id

More information about the Openvas-commits mailing list