NSE LIB

Back to library

Official safe Malware

smtp-strangeport

Checks if SMTP is running on a non-standard port.

Ports

Any

Protocols

n/a

Attribution

Nmap Project

Usage

Copy the command and adjust the target or script arguments as needed.

nmap -sV --script=smtp-strangeport <target>

Script Source Toggle

The full script source is stored with this entry and is hidden by default to keep the page easier to scan.

description = [[
Checks if SMTP is running on a non-standard port.

This may indicate that crackers or script kiddies have set up a backdoor on the
system to send spam or control the machine.
]]

---
-- @output
-- 22/tcp  open   smtp
-- |_ smtp-strangeport: Mail server on unusual port: possible malware

author = "Diman Todorov"

license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

categories = {"malware", "safe"}

portrule = function(host, port)
  return port.service == "smtp" and
    port.number ~= 25 and port.number ~= 465 and port.number ~= 587
    and port.protocol == "tcp"
    and port.state == "open"
end

action = function()
  return "Mail server on unusual port: possible malware"
end

Overview

Checks if SMTP is running on a non-standard port. This may indicate that crackers or script kiddies have set up a backdoor on the system to send spam or control the machine.

References

View Official Script Source View NSEDoc Page

Output Preview

22/tcp  open   smtp
|_ smtp-strangeport: Mail server on unusual port: possible malware