diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:42:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:42:04 +0000 |
commit | 0d47952611198ef6b1163f366dc03922d20b1475 (patch) | |
tree | 3d840a3b8c0daef0754707bfb9f5e873b6b1ac13 /scripts/smtp-strangeport.nse | |
parent | Initial commit. (diff) | |
download | nmap-upstream.tar.xz nmap-upstream.zip |
Adding upstream version 7.94+git20230807.3be01efb1+dfsg.upstream/7.94+git20230807.3be01efb1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'scripts/smtp-strangeport.nse')
-rw-r--r-- | scripts/smtp-strangeport.nse | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/scripts/smtp-strangeport.nse b/scripts/smtp-strangeport.nse new file mode 100644 index 0000000..7613d63 --- /dev/null +++ b/scripts/smtp-strangeport.nse @@ -0,0 +1,29 @@ +description = [[ +Checks if SMTP is running on a non-standard port. + +This may indicate that crackers or script kiddies have set up a backdoor on the +system to send spam or control the machine. +]] + +--- +-- @output +-- 22/tcp open smtp +-- |_ smtp-strangeport: Mail server on unusual port: possible malware + +author = "Diman Todorov" + +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +categories = {"malware", "safe"} + +portrule = function(host, port) + return port.service == "smtp" and + port.number ~= 25 and port.number ~= 465 and port.number ~= 587 + and port.protocol == "tcp" + and port.state == "open" +end + +action = function() + return "Mail server on unusual port: possible malware" +end + |