Lucene search

K
nmapBrandon EnrightNMAP:IMAP-CAPABILITIES.NSE
HistoryJun 08, 2009 - 11:21 p.m.

imap-capabilities NSE Script

2009-06-0823:21:56
Brandon Enright
nmap.org
91

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Retrieves IMAP email server capabilities.

IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy.

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -sV -sC <target>

Script Output

143/tcp open  imap
|_ imap-capabilities: LOGINDISABLED IDLE IMAP4 LITERAL+ STARTTLS NAMESPACE IMAP4rev1

Requires


local imap = require "imap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"

description = [[
Retrieves IMAP email server capabilities.

IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command
allows a client to ask a server what commands it supports and possibly
any site-specific policy.
]]

---
-- @output
-- 143/tcp open  imap
-- |_ imap-capabilities: LOGINDISABLED IDLE IMAP4 LITERAL+ STARTTLS NAMESPACE IMAP4rev1


author = "Brandon Enright"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

categories = {"default", "safe"}


portrule = shortport.port_or_service({143, 993}, {"imap", "imaps"})

local function fail (err) return stdnse.format_output(false, err) end

action = function(host, port)
  local helper = imap.Helper:new(host, port)
  local status = helper:connect()
  if ( not(status) ) then return fail("Failed to connect to server") end

  local status, capa = helper:capabilities(host, port)
  if( not(status) ) then return fail("Failed to retrieve capabilities") end
  helper:close()

  if type(capa) == "table" then
    -- Convert the capabilities table into an array of strings.
    local capstrings = {}
    local cap, args
    for cap, args in pairs(capa) do
      table.insert(capstrings, cap)
    end
    return table.concat(capstrings, " ")
  elseif type(capa) == "string" then
    stdnse.debug1("'%s' for %s", capa, host.ip)
    return
  else
    return "server doesn't support CAPABILITIES"
  end
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:IMAP-CAPABILITIES.NSE