Nmap Scripting Engine - SMTP Open Relay

Hi guys!

I usually hang around the nmap-dev mailing-list hosted by Fyodor, author of the most excellent Nmap, at insecure.org

The last month has been pretty exciting, because Diman has just made the final release for the Nmap Scripting Engine available, which definitely ROCKS!

It comes with great scripts, but some of the other contributors made a list of useful scripts that didn't yet exist, and one of them was an SMTP Open Relay testing script.

I've coded one, which you can grab HERE. I just fixed a couple of stupid bugs, but it works ok so far ;)

To use it, just place the file under your share/nmap/nse-scripts directory and call it like this (for example, you can remove --script-trace later on):

nmap --script-trace -sV -F --script=SMTP_openrelay_test.lua $SOME_HOST

It will run a series of tests against SOME_HOST, using service detection (-sV) on the standard ports (-F), then run the script SMTP_openrelay_test.lua against those ports that have a running smtp service. Later on it will let you know the results ;)

Try it, patch it, enhance it, share it. It's licensed as Nmap, and I hope it will come along with the nmap package ;)

UPDATE: Script to test for an Open Proxy HERE (20070413).

TOP Internet Vulnerabilities 2006

Well, I've been invited by the SANS Institute to contribute to the creation of the TOP-20 Internet Vulnerabilities 2006.

This is going to be my third time working with SANS and the team of experts, and I have to admit that it's one of the things I really look forward to each year.

For the time being, just check out the SANS TOP-20 2005 and 2004.

Yours,
Buanzo

Remote Gentoo Installation Experts

It has come to my attention that many people are looking for Gentoo experts that can do installation work for them.

If you are in the need of one, just contact me (I'm buanzo *AT* buanzo.com.ar) ;)

Outlook Replacement for Windows and Exchange

Some of you may know that there is a Microsoft Outlook "clon" called Novell Evolution. Some of you may know that it is one of the best eMail clients for Linux, the only one that can give fight to Mozilla Thunderbird and Sylpheed.

But, less than some of you may be aware that Mark Pinto has packaged Evolution for Windows (originally ported by Tor Lillqvist) into a nice installer, adding some of his own tweaks here and there.

But, please let me reproduce here one of the paragraphs of Mark's site (that you can find by clicking here):

Evolution is an incredibly versatile email/calendar/PIM that took the Linux world by storm a few years ago. It has been called an 'Outlook replacement' by every tech site from ZDNET to InfoWorld. Evolution played a major role in allowing the Linux desktop to move into the enterprise by being able to connect to Microsoft Exchange Server and schedule/accept Microsoft Outlook Meetings.

Yes, you definitely have to give it a try, specially if you have to save money or need to prepare your users for a migration to GNU/Linux.

Give it a try!

Yours,
Buanzo.

One thing Firefox lacks

To tell you all the truth, I have not tested Firefox 2.0 yet, or even updated myself on it's potential/existing new features.

Now, I was just uploading some pictures of my punk-rock band to the picasaweb test Google has put online, when I noticed a simple, quite stupid really, fact: No browser that I know of EVER shows UPLOAD progress.

Yes, we are all used to different kinds of download progress windows, bars, notifications, whatever: but there is no single browser (that I use, that is) that shows upload progress.

And, of course, that's quite a nuisance. Specially when Picasaweb allows you to upload 5 pictures at a time. :P

Talk to you later :P

Buanzo.