Diman TodorovNMAP:SMTP-STRANGEPORT.NSEsmtp-strangeport NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Checks if SMTP is running on a non-standard port.
This may indicate that crackers or script kiddies have set up a backdoor on the system to send spam or control the machine.
Example Usage
nmap -sV --script=smtp-strangeport <target>
Script Output
22/tcp open smtp
|_ smtp-strangeport: Mail server on unusual port: possible malware
description = [[
Checks if SMTP is running on a non-standard port.
This may indicate that crackers or script kiddies have set up a backdoor on the
system to send spam or control the machine.
]]
---
-- @output
-- 22/tcp open smtp
-- |_ smtp-strangeport: Mail server on unusual port: possible malware
author = "Diman Todorov"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"malware", "safe"}
portrule = function(host, port)
return port.service == "smtp" and
port.number ~= 25 and port.number ~= 465 and port.number ~= 587
and port.protocol == "tcp"
and port.state == "open"
end
action = function()
return "Mail server on unusual port: possible malware"
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%