diff options
Diffstat (limited to 'scripts/smtp-strangeport.nse')
| -rw-r--r-- | scripts/smtp-strangeport.nse | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/scripts/smtp-strangeport.nse b/scripts/smtp-strangeport.nse new file mode 100644 index 0000000..7613d63 --- /dev/null +++ b/scripts/smtp-strangeport.nse @@ -0,0 +1,29 @@ +description = [[ +Checks if SMTP is running on a non-standard port. + +This may indicate that crackers or script kiddies have set up a backdoor on the +system to send spam or control the machine. +]] + +--- +-- @output +-- 22/tcp open smtp +-- |_ smtp-strangeport: Mail server on unusual port: possible malware + +author = "Diman Todorov" + +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +categories = {"malware", "safe"} + +portrule = function(host, port) + return port.service == "smtp" and + port.number ~= 25 and port.number ~= 465 and port.number ~= 587 + and port.protocol == "tcp" + and port.state == "open" +end + +action = function() + return "Mail server on unusual port: possible malware" +end + |