Make the SMTP client used in javascript templates able to send email #4451

Marcuccio · 2023-12-01T16:28:35Z

Proposed changes

With the proposed change, the SMTPmodule used in the Javascript Protocol will have the SMTPClient struct able to test open relay with the new function IsOpenRelay()

I tested the new feature with a postfix server in my local PC and with destination a random temporary mail service found on internet.

I tested the code with the below template:

id: smtp-open-relay

info:
  name: SMTP open relay - Exploit
  author: abut0n
  severity: High
  description: |
    Mail relaying allows any spammer or phisher to abuse a mail server and send unsolicited mails, thus flooding network bandwidth or enabling [spear-]phishing attacks.
  reference:
    - https://nmap.org/nsedoc/scripts/smtp-open-relay.html
  tags: network,js,smtp,mail

javascript:
  - code: |
      var m = require("nuclei/smtp");
      var c = m.SMTPClient();
      msg = m.NewSMTPMessage();
      msg.From(template.From);
      msg.To(template.To);
      msg.Subject(template.Subj);
      msg.Body(template.Msg);
      var response = c.IsOpenRelay(Host, Port, msg);
      to_json(response);
    
    args:
      Host: "{{Host}}"
      Port: "25"
      Subj: "Open relay at: {{Host}}"
      Msg: "Contact your security team if you do not expect this message"

    matchers:
      - type: word
        words:
          - true

And obtained the expected behavior debugging with:

go run cmd/nuclei/main.go -code -t smtp-open-relay.yaml -debug -u 127.0.0.1 -var From="[email protected]" -var To="<your@destination>"

Checklist

[x ] Pull request is created against the dev branch
All checks passed (lint, unit/integration/regression tests etc.) with my changes
I have added tests that prove my fix is effective or that my feature works
I have added necessary documentation (if appropriate)

make smtp module able to send mail

Bumps [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) from 1.0.36 to 1.0.38. - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](projectdiscovery/retryablehttp-go@v1.0.36...v1.0.38) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/clistats](https://github.com/projectdiscovery/clistats) from 0.0.19 to 0.0.20. - [Release notes](https://github.com/projectdiscovery/clistats/releases) - [Commits](projectdiscovery/clistats@v0.0.19...v0.0.20) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/clistats dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.44 to 1.0.45. - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](projectdiscovery/retryabledns@v1.0.44...v1.0.45) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryabledns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.0.32 to 0.0.33. - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](projectdiscovery/dsl@v0.0.32...v0.0.33) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/dsl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.27 to 0.1.28. - [Release notes](https://github.com/projectdiscovery/rawhttp/releases) - [Commits](projectdiscovery/rawhttp@v0.1.27...v0.1.28) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/rawhttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…ry#4462)

* fix waitEvent action * avoid future panics * integration test + bug fix * headless: add max-duration support in waitevent * fix comment + max-duration input

* add timeout * ssh: make timeout configurable * ssh: update bindings + docs --------- Co-authored-by: Tarun Koyalwar <[email protected]>

Bumps [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) from 0.0.17 to 0.0.19. - [Release notes](https://github.com/projectdiscovery/ratelimit/releases) - [Commits](projectdiscovery/ratelimit@v0.0.17...v0.0.19) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/ratelimit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.45 to 1.0.46. - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](projectdiscovery/retryabledns@v1.0.45...v1.0.46) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryabledns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) from 1.1.7 to 1.1.8. - [Release notes](https://github.com/projectdiscovery/interactsh/releases) - [Changelog](https://github.com/projectdiscovery/interactsh/blob/main/.goreleaser.yml) - [Commits](projectdiscovery/interactsh@v1.1.7...v1.1.8) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/interactsh dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.65 to 0.0.67. - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](projectdiscovery/utils@v0.0.65...v0.0.67) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.46 to 0.0.48. - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](projectdiscovery/fastdialer@v0.0.46...v0.0.48) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

* network proto: revert full buffer size read * fix read-all in network protocol

Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.46 to 1.0.47. - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](projectdiscovery/retryabledns@v1.0.46...v1.0.47) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryabledns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.48 to 0.0.49. - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](projectdiscovery/fastdialer@v0.0.48...v0.0.49) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) from 0.0.19 to 0.0.20. - [Release notes](https://github.com/projectdiscovery/ratelimit/releases) - [Commits](projectdiscovery/ratelimit@v0.0.19...v0.0.20) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/ratelimit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.0.33 to 0.0.35. - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](projectdiscovery/dsl@v0.0.33...v0.0.35) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/dsl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.67 to 0.0.68. - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](projectdiscovery/utils@v0.0.67...v0.0.68) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.17.0. - [Commits](golang/crypto@v0.15.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

tarunKoyalwar

lgtm !

misc changes like network host deny policy etc
updated js docs + bindings
added SMTPMessage builder struct to build message with options

public smtp server = https://www.wpoven.com/tools/free-smtp-server-for-testing

Update smtp.go

f62c745

make smtp module able to send mail

tarunKoyalwar self-requested a review December 3, 2023 09:41

Marco and others added 26 commits December 4, 2023 17:29

Pass Lint Test

733c372

http: support arbitrary strings on TLS SNI annotation (projectdiscove…

1fadc83

…ry#4462)

headless: fix panic + refactor waitevent action (projectdiscovery#4465)

c82d2b5

* fix waitEvent action * avoid future panics * integration test + bug fix * headless: add max-duration support in waitevent * fix comment + max-duration input

add timeout (projectdiscovery#4467)

57b0b1a

* add timeout * ssh: make timeout configurable * ssh: update bindings + docs --------- Co-authored-by: Tarun Koyalwar <[email protected]>

use file stat to check if file is empty (projectdiscovery#4469)

0f3bef3

version update

79403ff

network proto: revert full buffer size read (projectdiscovery#4497)

7775e8d

* network proto: revert full buffer size read * fix read-all in network protocol

version update

16464a6

misc updates

17ffa2c

misc updates + message builder struct

b412474

tarunKoyalwar approved these changes Dec 20, 2023

View reviewed changes

tarunKoyalwar requested a review from ehsandeep December 20, 2023 10:26

ehsandeep approved these changes Dec 21, 2023

View reviewed changes

ehsandeep merged commit 199bd9d into projectdiscovery:dev Dec 21, 2023

BrewTestBot mentioned this pull request Dec 21, 2023

nuclei 3.1.3 Homebrew/homebrew-core#157949

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Make the SMTP client used in javascript templates able to send email #4451

Make the SMTP client used in javascript templates able to send email #4451

Uh oh!

Marcuccio commented Dec 1, 2023 •

edited by tarunKoyalwar

Loading

Uh oh!

tarunKoyalwar left a comment

Uh oh!

Uh oh!

Make the SMTP client used in javascript templates able to send email #4451

Make the SMTP client used in javascript templates able to send email #4451

Uh oh!

Conversation

Marcuccio commented Dec 1, 2023 • edited by tarunKoyalwar Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed changes

Checklist

Uh oh!

tarunKoyalwar left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Marcuccio commented Dec 1, 2023 •

edited by tarunKoyalwar

Loading