9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Retrieves IMAP email server capabilities.
IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy.
See the documentation for the smbauth library.
nmap -sV -sC <target>
143/tcp open imap
|_ imap-capabilities: LOGINDISABLED IDLE IMAP4 LITERAL+ STARTTLS NAMESPACE IMAP4rev1
local imap = require "imap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Retrieves IMAP email server capabilities.
IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command
allows a client to ask a server what commands it supports and possibly
any site-specific policy.
]]
---
-- @output
-- 143/tcp open imap
-- |_ imap-capabilities: LOGINDISABLED IDLE IMAP4 LITERAL+ STARTTLS NAMESPACE IMAP4rev1
author = "Brandon Enright"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "safe"}
portrule = shortport.port_or_service({143, 993}, {"imap", "imaps"})
local function fail (err) return stdnse.format_output(false, err) end
action = function(host, port)
local helper = imap.Helper:new(host, port)
local status = helper:connect()
if ( not(status) ) then return fail("Failed to connect to server") end
local status, capa = helper:capabilities(host, port)
if( not(status) ) then return fail("Failed to retrieve capabilities") end
helper:close()
if type(capa) == "table" then
-- Convert the capabilities table into an array of strings.
local capstrings = {}
local cap, args
for cap, args in pairs(capa) do
table.insert(capstrings, cap)
end
return table.concat(capstrings, " ")
elseif type(capa) == "string" then
stdnse.debug1("'%s' for %s", capa, host.ip)
return
else
return "server doesn't support CAPABILITIES"
end
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%