imap_version
The imap_version auxiliary module is a relatively simple banner grabber for IMAP servers.
msf > use auxiliary/scanner/imap/imap_version msf auxiliary(imap_version) > show options Module options (auxiliary/scanner/imap/imap_version): Name Current Setting Required Description ---- --------------- -------- ----------- IMAPPASS no The password for the specified username IMAPUSER no The username to authenticate as RHOSTS yes The target address range or CIDR identifier RPORT 143 yes The target port THREADS 1 yes The number of concurrent threads
To configure the module, we will only set the RHOSTS and THREADS values and let it run. Note that you can also pass credentials to the module.
msf auxiliary(imap_version) > set RHOSTS 192.168.1.200-240 RHOSTS => 192.168.1.200-240 msf auxiliary(imap_version) > set THREADS 20 THREADS => 20 msf auxiliary(imap_version) > run [*] 192.168.1.215:143 IMAP * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] [192.168.1.215] IMAP4rev1 2001.315rh at Sun, 23 Jan 2011 20:47:51 +0200 (IST)\x0d\x0a [*] Scanned 13 of 55 hosts (023% complete) [*] 192.168.1.224:143 IMAP * OK Dovecot ready.\x0d\x0a [*] 192.168.1.229:143 IMAP * OK IMAPrev1\x0d\x0a [*] Scanned 30 of 55 hosts (054% complete) [*] Scanned 31 of 55 hosts (056% complete) [*] Scanned 38 of 55 hosts (069% complete) [*] Scanned 39 of 55 hosts (070% complete) [*] Scanned 40 of 55 hosts (072% complete) [*] 192.168.1.234:143 IMAP * OK localhost Cyrus IMAP4 v2.3.2 server ready\x0d\x0a [*] Scanned 52 of 55 hosts (094% complete) [*] Scanned 53 of 55 hosts (096% complete) [*] Scanned 54 of 55 hosts (098% complete) [*] Scanned 55 of 55 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(imap_version) >