|
Smtpscan
Smtpscan is a remote SMTP
server version detector. It can be used to guess which mail software is
used on a remote server, especially when banner obfuscation is taking
place. Smtpscan
works by testing the remote SMTP server reaction using a series of
predefined tests. The 15 + tests consist of a mixture of RFC
compliant and non-compliant SMTP requests. After each test the remote
server returns a SMTP Error Message.
Fingerprints are made of SMTP
Error Messages corresponding to these test requests and responses.
Due to the fact that server reaction may be modified by its
configuration, smtpscan tries to detect the nearest fingerprint if there
is no exact match, that is it finds the fingerprints that have the
fewer different Error Messages.
It is available from
here.
Installation:
Prerequisites: Perl module
Net::DNS
# tar -zxvf
Net-DNS-0.29.tar.gz # cd Net-DNS-0.29 # perl Makefile.PL # make # make install
or use the cpan shell :-)
cpan>install Net::DNS
./configure make
make install
Syntax:
-h Print help message -V Print smtpscan
current version and exits -v Verbose
mode -d Debug
mode -f
PATH Fingerprint file location -t
PATH Test file location -p PORT
Remote port -i
TIMEOUT Connection timeout (in seconds) -c Connect
only once. Some servers don't accept too many consecutive connections
from a host. You may use this option to be able to scan some servers.
smtpscan then uses the SMTP 'RSET' command to be able to restart
negociation. Beware: some SMTP servers don't accept too many RSET
either... -D Domain name
instead of a server. smtpscan then retrieve the corresponding mail
exchanger and scan it -n NUMBER
Scan the Nth mail exchanger instead of the first (ordered by preference) -a Scan all
the Mail Exchangers of the specified domain (see -D switch), that is
scan every IP address returned by a MX DNS request (beware of 'virtual
IPs' or load balancing...)
Example Output:
scanning www.example.com
(91.84.23.170) port 25
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:15 +0100
MAIL FROM: pyxOHHU@hotmail.com
503 5.5.2 Send hello first
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:20 +0100
HELO
250 example.com Hello [86.151.48.136]
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:20 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
MAIL FROM test
500 5.5.1 Unrecognized command
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:21 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
MAIL FROM: <>
250 2.1.0 <>....Sender OK
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:21 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
MAIL FROM: <pyxOHHU@hotmail.com
501 5.5.4 Invalid Address
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:26 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
MAIL FROM: <FXL83IHVAR@Kt9qjcJlGbmRFY_qTPhOI_Zqm.com>
250 2.1.0 FXL83IHVAR@Kt9qjcJlGbmRFY_qTPhOI_Zqm.com....Sender OK
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:27 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
MAIL FROM: <pyxOHHU@hotmail.com>
250 2.1.0 pyxOHHU@hotmail.com....Sender OK
RCPT TO: test
550 5.1.1 User unknown
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:32 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
HELP
214-This server supports the following commands:
214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT
VRFY
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:32 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
VRFY root
252 2.1.5 Cannot VRFY user, but will take message for <root@example.com>
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:33 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
EXPN root
500 5.3.3 Unrecognized command
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:38 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
TURN
500 5.5.1 Unrecognized command
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:38 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
SOML FROM: <pyxOHHU@hotmail.com>
500 5.3.3 Unrecognized command
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:44 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
SAML FROM: <pyxOHHU@hotmail.com>
500 5.3.3 Unrecognized command
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:49 +0100
HELO hotmail.com
250 example.com Hello [86.151.48.136]
NOOP
250 2.0.0 OK
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:49 +0100
EHLO hotmail.com
250-example.com Hello [86.151.48.136]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
Result --
503:250:500:250:501:250:550:214:252:500:500:500:500:250:250
Banner :
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959
ready at Fri, 27 Apr 2007 14:54:49 +0100
No exact match. Nearest match :
- Stalker Internet Mail Server V.1.7 (1)
To help improving smtpscan database, if you know which soft is used
there, please send a mail to zejames@greyhats.org, giving the output of
smtpscan -v and the remote server version.
| 
