#!/usr/bin/perl
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
#  ************************************************** !!! WARNING !!! ***********************************************************
#  ************************************************* DO NOT DISTRIBUTE **********************************************************
#  *                                            FOR SECURITY TESTiNG ONLY!                                                      *
#  ******************************************************************************************************************************
#  * By using this code you agree that I makes no warranties or representations, express or implied, about the                  *
#  * accuracy, timeliness or completeness of this, including without limitations the implied warranties of                      *
#  * merchantability and fitness for a particular purpose.                                                                      *
#  * I makes NO Warranty of non-infringement. This code may contain technical inaccuracies or typographical errors.             *
#  * This code can never be copyrighted or owned by any commercial company, under no circumstances what so ever.                *
#  * but can be use for as long the developer, are giving explicit approval of the usage, and the user understand               *
#  * and approve of all the parts written in this notice.                                                                       *
#  * This program may NOT be used by any Danish company, unless explicit written permission from the developer .                *
#  * Neither myself nor any of my Affiliates shall be liable for any direct, incidental, consequential, indirect                *
#  * or punitive damages arising out of access to, inability to access, or any use of the content of this code,                 *
#  * including without limitation any PC, other equipment or other property, even if I am Expressly advised of                  *
#  * the possibility of such damages. I DO NOT encourage criminal activities. If you use this code or commit                    *
#  * criminal acts with it, then you are solely responsible for your own actions and by use, downloading,transferring,          *
#  * and/or reading anything from this code you are considered to have accepted the terms and conditions and have read          *
#  * this disclaimer. Once again this code is for penetration testing purposes only. And once again, DO NOT DISTRIBUTE!         *
#  ******************************************************************************************************************************
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
#  Author/Developer:  Dennis Rand - CIRT.DK
#  Website:           http://www.cirt.dk
#  Copyright:         (c)2005 by Dennis Rand
#  Remember:          This program may NOT be used by any Danish company, unless explicit written permission.
#                     This would be violation of the law on intellectual property rights
#  Special thanks to: Andrew Christensen.
#
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
#  Description:
#   This program is used to test SMTP servers for Relaying problems
#   that could lead to an spammer using your mailserver to send SPAM.
#   Try to bypass relaying in as many ways as possible.
#   Remember that both the Customer Email and the Tester Email has to 
#   be valid due to the testcases, that try to get by the security on the server.
#
#   Features / Bugs should be reported to Dennis Rand for fix or creation
#   All ideas are higly welcome to make this as complete as possible.
#   And remember this may never be used to earn money, so KEEP IT FREE.
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
# Building plugins:
#   PLUGINNAME=Short description of the plugin, and what is does
#   DESCRIPTION= This is an description <CR><CN> that are put into <CR><CN> the email <CR><CN>
#   SUBJECT=Mostely the same as Plugin name
#   MAILFROM=insert either eg. <LOCALMAIL> this will be translated into eg. <der@somewhere.dk>
#   RCPTTO=<REMOTEMAIL> 
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
# Commands to use in plugins:
#   LOCALMAIL    =  This will be translated into the Customers email address
#   REMOTEMAIL   =  This will be translated into the Testers email address
#   DOMAIN       =  This will be translated into the Domain name set in the configuration file
#   INITTESTER   =  This will be translated into "any" if testers email is any@cirt.dk
#   DOMAINTESTER =  This will be translated into "cirt.dk" if testers email is any@cirt.dk
#   INITCOMPANY  =  This will be translated into "qwerty" if customers email is qwerty@qwe.dk
#   <CR>         =  This will be translated into an Return
#   <CN>         =  This will be translated into an Newline
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
#  Requirements:
#    perl 5.8.0 it will proberly work with others but are written and tested on this perl version
#    Getopt::Long
#    IO::Socket
#
#    Also tested on ActivePerl v5.8.6 built for MSWin32-x86
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
#  TO-DO:
#   . Make more plugins
#   . Make support for testing AUTH 
#   . Make more features, ideas needed
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
#  Version:
#   Version 1.0
#      This is the first functional version, that are currently in beta release, and are in need to be tested.
#
#   Version 1.1 - Still needs more test and plugins
#      Added more functions into the plugin language located in the sub -> Read_plugin_file.
#      Fixed an bug in the HTML report where < and > is now translated into &lt; and &gt; now RCPT TO and MAIL FROM are shown.
#      Added more information into the report so that it is possible to see what the message contains.
#      Added/Removed plugin name as being listed and put it as an link to the description.
#      Passed 20 plugins maybe some of them are the same, need cleanup and new plugin testcases.
#      Added date, and X-Mailer into the email proberly need more parameters.
#
#   Version 1.2
#      Added function to test for MAIL,SEND,SOML,SAML FROM
#      Added more information into html report and the mail send
#      Added possibility to delay between tests to ensure 
#      Added success and faliure attempts into the report
#      Made minor modifications to output on screen during the scan
#
#   Version 1.3
#      Made emails look like comming from Ximian Evolution 1.4.6 (1.4.6-2)
#      Made a progressbar that runs while the scan is in progress.
#      Fixed an error in the showing of scan time frame (When did it start and when did it end)
#
#   Version 1.4
#     Cleaned up some of the code.
#     Checks for updates at www.cirt.dk
#     The mails now appear to come from an Outlook client instead of the Ximian Evolution
#     Set Sensitivity to Private, to possible avoid it from being read by a mail sweeper, one could hope
#     Set Importance to High
#     Set a Read receipt for this message on to it.
#     Rewritten the main connection code.
#     Added catch of CTRL + C, so program terminates in a nice way.
#     Rewritten alot of the report stuff, so it is possible to see what was sent and recieved.
# 
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
use IO::Socket;
use Getopt::Long;

$version           = "Version 1.4";                # Version 
$plugin_version    = "Plugin 1.0";                 # Plugin Version
$copyright         = "(c)2005 by Dennis Rand";     # Copyright Version
$plugindir         = "plugins/";                   # Plugins directory
$port              = "25";                         # SMTP server port
$timestamp         = localtime;
$count, $helo_ok   = 0;
@list              = ("MAIL","SEND","SOML","SAML");# Commands to use in <LIST> FROM
@hlo               = ("HELO","EHLO");
$xmailer           = "Microsoft Outlook, Build 10.0.6626";
$delay             = 2;                            # Default amount of seconds between each testcase
$success, $faliure = 0;
$faliure           = 0;
$c                 = "#";
$s                 = "";
$ml                = 10;
$timeout           = 10;                           # Maximum timeout of the connection

GetOptions( 
   "load=s"    => \$load_file,
   "delay=i"   => \$delay,
   "timeout=i" => \$timeout,
   "nocheck"   => \$nocheck,
   "help|?"    => sub 
   { 
      print "\n\n\n\n\n";
      print "\t\t\t **************************************** \r\n";
      print "\t\t\t **************************************** \r\n";
      print "\t\t\t **        SMTP Relay Scanner          ** \r\n";
      print "\t\t\t **            $version             ** \r\n";
      print "\t\t\t **************************************** \r\n";
      print "\t\t\t ********$copyright********** \r\n";
      print "\t\t\t **************************************** \r\n";
      print "\n\t     ooOOooOOooOOooOOooOOooOOooOOooOOOOooOOooOOooOOooOOooOOooOOooOOoo\n\n";
      print "\t\t Parameters\n";
      print "\t\t    -load    < configuration filename     > \n";
      print "\t\t    -delay   < Seconds between testcases  > \tDefault:  $delay seconds\n";
      print "\t\t    -timeout < Timeout connection to SMTP > \tDefault: $timeout seconds\n";
      print "\t\t    -nocheck (Does not check for a 220, when connection are made)\n";
      print "\n\t     ooOOooOOooOOooOOooOOooOOooOOooOOOOooOOooOOooOOooOOooOOooOOooOOoo\n";
      print "\t       Usage eg.: $0 -l <filename> -delay 5\n";
      print "\n\t     ooOOooOOooOOooOOooOOooOOooOOooOOOOooOOooOOooOOooOOooOOooOOooOOoo";
      print "\n\t     Configuration file eg.:\n";
      print "\n\t     CustomerEmailServer=mail.anyone.com";
      print "\n\t     CustomerEmail=admin\@anyone.com";
      print "\n\t     CustomerDomain=anyone.com";
      print "\n\t     TesterEmail=relayscanner\@cirt.dk";
      print "\n\t     Port=25";
      print "\n\t     ooOOooOOooOOooOOooOOooOOooOOooOOOOooOOooOOooOOooOOooOOooOOooOOoo\n\n";
      exit;
   }
);

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Check for updates at www.cirt.dk
sub ChkUpdates
{
   $| = 1;
   $updates = IO::Socket::INET->new(
   Proto    => "tcp",
   PeerAddr => "www.cirt.dk", 
   PeerPort => "80", 
   Reuse    => 1,
   Timeout  => 10,) || print "";
}  

ChkUpdates();
$response = undef;
print $updates "GET /tools/relayscanner/rs_update.txt HTTP/1.0\r\nHost: www.cirt.dk\r\nUser-Agent: Mozilla/4.0 (RelayScanner Update Check)\r\n\r\n";
while(<$updates>)
   {
      if(!defined($response)){$response = $_;}
      $result .= $_;
   }
if ($result =~ m/200 OK/mgsi)
{   
   if($result !~ m/$version/mgsi) 
   {
      printf STDERR "\r\nThe SMTP Relay scanner has been updated, get the latest version at www.cirt.dk\r\n"; 
      close(updates); 
   }
   if($result !~ m/$plugin_version/mgsi) 
   {
      printf STDERR "\r\nThe SMTP Relay scanner Plugins has been updated, get the latest version at www.cirt.dk\r\n"; 
      close(updates); 
   }
   sleep(5);
} 
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Catch Interupt - CTRL + C

sub catchInterrupt {
  $SIG{INT} = sub {exit;};
  print "\r\n The RelayScanner has been terminated by a CTRL + C\n\n";
  exit;
};

$SIG{INT} = \&catchInterrupt;

# verify that interrupt handler was installed properly

unless(defined($SIG{INT})){print "Unable to install signal handler, contact $copyright";}
unless($SIG{INT} == \&catchInterrupt){print "There was an unexpected error installing the signal handler, contact $copyright";}
  

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
$error .= "SMTP Relay Scanner: You have to specify an scanner file\n" if (!$load_file);
if ($error) 
{
   
   print "\n\nooOOooOOooOOooOOooOOooOOooOOooOOOOooOOooOOooOOooOOooOOooOOooOOoo";
   print "\n\tTry RelayScanner.pl -help or -? for more information.\n";
   print "ooOOooOOooOOooOOooOOooOOooOOooOOOOooOOooOOooOOooOOooOOooOOooOOoo\n\n";
   exit;
};

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO

sub splash_screen 
{
   print "\n\n\n";
   print "\t **************************************** \r\n";
   print "\t **************************************** \r\n";
   print "\t ***       SMTP Relay Scanner         *** \r\n";
   print "\t ***           $version            *** \r\n";
   print "\t **************************************** \r\n";
   print "\t ******* $copyright ********* \r\n";
   print "\t **************************************** \r\n";
   print "\t **************************************** \r\n\r\n\r\n";
   print " Relay scan started: $timestamp\r\n";
   print " Delay between tests: $delay seconds\r\n";
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Loads the scannings file with Customer data into program

sub Load_scanner 
{
if (-f $load_file) 
{
     open (FILE, $load_file);
     while (<FILE>) 
     {
        chomp; 
        $target         = $' if (/^CustomerEmailServer=/);
        $customer_email = $' if (/^CustomerEmail=/);
        $domain       = $' if (/^CustomerDomain=/);
        $tester_email = $' if (/^TesterEmail=/);
        $port        = $' if (/^Port=/); #'
     }
  } 
  else 
  {
     print "\n\tSMTP Relay Scanner: The File '$load_file' could not be found\n";
     print "\tTry RelayScanner.pl -help or -? for more information.\n\n\n";
     exit;
  }
  close(FILE);
  &slog;
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Read the plugin file

sub read_plugin_file
{
   unless ($copyright =~ "Dennis Rand") {print "\n Syntax error near \"\$copyright\" Execution aborted due to compilation errors.\n";exit;}
   open (PLUGIN, "$plugindir$plugin_file");
   while (<PLUGIN>) 
   {
      chomp; 
      $plugin_name = $' if (/^PLUGINNAME=/);  # Name of Plugin
      $subject     = $' if (/^SUBJECT=/);     # Description of the plugin
      $description = $' if (/^DESCRIPTION=/); # Message to be put in body of the email
      $mailfrom    = $' if (/^MAILFROM=/);    # The mail from
      $rcptto      = $' if (/^RCPTTO=/);      # Description of the plugin
      $helo        = $' if (/^HELO=/);        # HELO mostely used RelayChecker@DOMAINTESTER
   }

   # Translate the plugin files using self made plugin language
   ($front_company,$back_company)   = split(/\@/,$customer_email);# Split up Customer email
   ($front_tester,$back_tester)     = split(/\@/,$tester_email);  # Split up Tester email

   $mailfrom     =~ s/LOCALMAIL/$customer_email/g;   # Replaces LOCALMAIL with Customers email in MAIL FROM
   $rcptto       =~ s/LOCALMAIL/$customer_email/g;   # Replaces LOCALMAIL with Customers email in RCPT TO
   $description  =~ s/LOCALMAIL/$customer_email/g;   # Replaces LOCALMAIL with Customers email in BODY
   $helo         =~ s/LOCALMAIL/$customer_email/g;   # Replaces LOCALMAIL with Customers email in HELO
 
   $mailfrom     =~ s/REMOTEMAIL/$tester_email/g;    # Replaces REMOTEMAIL with Testers email in MAIL FROM
   $rcptto       =~ s/REMOTEMAIL/$tester_email/g;    # Replaces REMOTEMAIL with Testers email in RCPT TO
   $description  =~ s/REMOTEMAIL/$tester_email/g;    # Replaces REMOTEMAIL with Testers email in BODY
   $helo         =~ s/REMOTEMAIL/$tester_email/g;    # Replaces REMOTEMAIL with Testers email in HELO 

   $mailfrom     =~ s/INITTESTER/$front_tester/g;    # Replaces INITTESTER with the testers email address before the @ in MAIL FROM
   $rcptto       =~ s/INITTESTER/$front_tester/g;    # Replaces INITTESTER with the testers email address before the @ in RCPT TO
   $description  =~ s/INITTESTER/$front_tester/g;    # Replaces INITTESTER with the testers email address before the @ in BODY 
   $helo         =~ s/INITTESTER/$front_tester/g;    # Replaces INITTESTER with the testers email address before the @ in HELO  

   $mailfrom     =~ s/INITCOMPANY/$front_company/g;  # Replaces INITCOMPANY with the companys email address before the @ in MAIL FROM
   $rcptto       =~ s/INITCOMPANY/$front_company/g;  # Replaces INITCOMPANY with the companys email address before the @ in RCPT TO
   $description  =~ s/INITCOMPANY/$front_company/g;  # Replaces INITCOMPANY with the companys email address before the @ in BODY
   $helo         =~ s/INITCOMPANY/$front_company/g;  # Replaces INITCOMPANY with the companys email address before the @ in HELO

   $mailfrom     =~ s/DOMAINTESTER/$back_tester/g;   # Replaces TESTERDOMAIN with the testers email domain in MAIL FROM
   $rcptto       =~ s/DOMAINTESTER/$back_tester/g;   # Replaces TESTERDOMAIN with the testers email domain in RCPT TO
   $helo         =~ s/DOMAINTESTER/$back_tester/g;   # Replaces TESTERDOMAIN with the testers email domain in HELO
   $description  =~ s/DOMAINTESTER/$back_tester/g;   # Replaces TESTERDOMAIN with the testers email domain in BODY
 
   $mailfrom     =~ s/DOMAIN/$domain/g;              # Replaces DOMAIN with the companys Mail domain name in MAIL FROM
   $rcptto       =~ s/DOMAIN/$domain/g;              # Replaces DOMAIN with the companys Mail domain name in RCPT TO
   $helo         =~ s/DOMAIN/$domain/g;              # Replaces DOMAIN with the companys Mail domain name in HELO
   $description  =~ s/DOMAIN/$domain/g;              # Replaces DOMAIN with the companys Mail domain name in BODY

   $description  =~ s/<CR>/\r/g;                     # Replaces <CR> with Character Return
   $description  =~ s/<CN>/\n/g;                     # Replaces <CN> with Character Newline

   close(PLUGIN);
   &Relay_engine; # Now lets send the plugin through the engine 

   #Progressbar
   if(length($s) > $ml) {$s="";}
   $s.=$c;
   printf STDERR "\r Relay Checking in progress: => %-0s",$s,"";
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Connection Strings

sub Con 
{ 
   $| = 1;
   $remote = IO::Socket::INET->new(
   Proto => "tcp",
   PeerAddr => $target, 
   PeerPort => $port, 
   Reuse => 1,
   Timeout => $timeout,) || die { print "\r\n FAILED NO SERVICE FOUND ON HOST: $target AND PORT: $port\r\n\r\n"};
} 

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Relay Mailing Engine

sub Relay_engine 
{
   $set = 1;
   sleep $delay; # Set 5 seconds delay between tests
   $count++;
   $result = "";
   Con();
   if(!$nocheck)
   {
      unless (<$remote> =~ "220") { die "The service behind port: $port does not seem to be an SMTP Server.\r\nUse -nocheck if this is an SMTP server" }
   }

   print $remote "$hlo [$helo]\r\n";
   print $remote "$list FROM: $mailfrom\r\n";
   print $remote "RCPT TO: $rcptto\r\n";
   print $remote "DATA\r\n";
  
   $mailfrom =~ s/<//g;  
   $rcptto   =~ s/<//g;  
   $mailfrom =~ s/>//g;  
   $rcptto   =~ s/>//g;  

   print $remote "From: \"CIRT.DK Relay Scanner\" <$mailfrom>\r\n";
   print $remote "To: $rcptto\r\n";
   print $remote "Subject: $subject (Test Case: $count)\r\n";
   print $remote "Date: $timestamp\r\n";
   print $remote "Message-ID: <000501c53143$25d6ef60$0901a8c0$count\@$domain>\r\n";
   print $remote "MIME-Version: 1.0\r\n";
   print $remote "Content-Type: text/plain\r\n";
   print $remote "Content-Transfer-Encoding: 7bit\r\n";
   print $remote "X-Priority: 1 (Highest)\r\n";
   print $remote "x-MSMail-Priority: High\r\n";
   print $remote "X-Mailer: $xmailer\r\n";
   print $remote "Importance: High\r\n";
   print $remote "X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180\r\n";
   print $remote "Sensitivity: Private\r\n";
   print $remote "Disposition-Notification-To: \"CIRT.DK Relay Scanner\" <$tester_email>\r\n";
   print $remote "\r\nTestcase: $count\r\n$description\r\n\r\n";
   print $remote "Mail creation:\r\n";
   print $remote "$list FROM: $mailfrom\r\n";
   print $remote "RCPT TO: $rcptto\r\n\r\n";
   print $remote "-----------------------------------\r\n";
   print $remote "CIRT.DK Relay Scanner $version\r\n";
   print $remote "$copyright - CIRT.DK\r\n";
   print $remote "http://www.cirt.dk\r\n";
   print $remote "-----------------------------------\r\n";
   print $remote "\r\n.\r\n";
   print $remote "QUIT\r\n";
   while(<$remote>)
   {
$result .= $_;
if ( $result =~ m/(250.*Message accepted)/mgsi || m/(250.*queued)/mgsi)
{
   $set = 0;
}
   }
   if($set){$faliure++;} else {$success++;}
   &wlog;
   close($remote);
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Read all plugins in the plugins libary

sub run_plugins 
{
   foreach $list (@list) # Loop all the plugins through the commands MAIL, SEND, SOML and SAML FROM
   {
      foreach $hlo (@hlo)
      {
         opendir(D, "$plugindir") || die "Cannot open Plugins Directory.\r\n";
         @names = readdir(D);
         foreach $plugin_file (@names) 
         {
            if($plugin_file eq '..' or $plugin_file eq '.'){next;} 
          &read_plugin_file;
       }
    }
   }
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Writes the beginning of the log

sub slog
{
   $log = "SMTP_Relay_Scanner_".$domain.".html";
   open(FH, ">", $log);
   print FH "<HTML>\n<HEAD>\n<TITLE>$domain - SMTP Relay Scanner V.$version</TITLE>\n\n";
   print FH "<SCRIPT LANGUAGE=\"JavaScript\" TYPE=\"text/javascript\">\n";
   print FH "<!-- // hide from old browsers\n\n";
   print FH "// hide text from MSIE browsers\n\n";
   print FH "with (document)\n";
   print FH "{\n";
   print FH "   write(\"<STYLE TYPE='text/css'>\");\n";
   print FH "   if (navigator.appName == 'Microsoft Internet Explorer')\n";
   print FH "   {\n";
   print FH "   write(\".hiddentext {display:none}  .outline {cursor:hand; text-decoration:underline}\");\n";
   print FH "}\n";
   print FH "  write(\"</STYLE>\");\n";
   print FH "}\n\n";
   print FH "// show text on click for MSIE browsers\n\n";
   print FH "function expandIt(whichEl)\n";
   print FH "{\n";
   print FH "   if (navigator.appName == 'Microsoft Internet Explorer')\n";
   print FH "{\n";
   print FH "   whichEl.style.display = (whichEl.style.display == \"block\" ) ? \"none\" : \"block\";\n";
   print FH "}\n";
   print FH "  else return;\n";
   print FH "}\n";
   print FH "// end hiding from old browsers -->\n";
   print FH "</SCRIPT>\n";
   print FH "</HEAD>\n";
   print FH "<!-- \r\n";
   print FH "     Remember if you are a Danish company, \r\n";
   print FH "     and does not have explicit written permission,\r\n";
   print FH "     you are in violation of the law on\r\n"; 
   print FH "     intellectual property rights\r\n -->\r\n\r\n";
   print FH "</HEAD>\n";
   print FH "<BODY BGCOLOR=white>\n";
   print FH "<TABLE WIDTH=90% BGCOLOR=white CELLSPACING=0 CELLPADDING=2 BORDER=0>\n<TR>\n<TD>\n<CENTER>\n<FONT FACE=Tahoma COLOR=black SIZE=+2><B>SMTP Relay Scanner $version</B></FONT>\n</LEFT>\n</TD>\n</TABLE>\r\n";
   print FH "<TABLE WIDTH=90% BGCOLOR=white CELLSPACING=0 CELLPADDING=2 BORDER=0>\n<TR>\n<TD>\n<CENTER>\n<FONT FACE=Tahoma COLOR=black SIZE=1><B>$copyright - CIRT.DK</B></FONT>\n</LEFT>\n</TD>\n</TABLE>\n<BR>\r\n";
   print FH "<TABLE WIDTH=90% BGCOLOR=black CELLSPACING=0 CELLPADDING=2 BORDER=0>\n<TR>\n<TD>\n<CENTER>\n<FONT FACE=Tahoma COLOR=white SIZE=+1><B>SMTP Relay Audit Rapport for $target</B>\n</FONT>\n</LEFT>\n</TD>\n</TABLE>\n<BR>\r\n";
   print FH "<TABLE WIDTH=90% BGCOLOR=white CELLSPACING=0 CELLPADDING=0 BORDER=0><TR ALIGN=left><COLOR=black SIZE=2>\r\n";

   print FH "\r\n";
   print FH "  <TR>\r\n";
   print FH "    <TD>\r\n";
   print FH "       <B>Target SMTP server:</B>\r\n";
   print FH "    </TD>\r\n";
   print FH "    <TD><LEFT>\r\n";
   print FH " <B>$target</B>\r\n";

   print FH "\r\n";
   print FH "  <TR>\r\n";
   print FH "    <TD>\r\n";
   print FH "       <B>Port number:</B>\r\n";
   print FH "    </TD>\r\n";
   print FH "    <TD><LEFT>\r\n";
   print FH "       <B>$port</B>\r\n";
   print FH "    </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "  <TR>\r\n";
   print FH "    <TD>\r\n";
   print FH "       <B>Domain name:</B>\r\n";
   print FH "    </TD>\r\n";
   print FH "    <TD><LEFT>\r\n";
   print FH "       <B>$domain</B>\r\n";
   print FH "    </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "  <TR>\r\n";
   print FH "    <TD>\r\n";
   print FH "       <B>Customer email:</B>\r\n";
   print FH "    </TD>\r\n";
   print FH "    <TD><LEFT>\r\n";
   print FH "       <B>$customer_email</B>\r\n";
   print FH "    </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "  <TR>\r\n";
   print FH "    <TD>\r\n";
   print FH "       <B>Tester email:</B>\r\n";
   print FH "    </TD>\r\n";
   print FH "    <TD><LEFT>\r\n";
   print FH "       <B>$tester_email</B>\r\n";
   print FH "    </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "  <TR>\r\n";
   print FH "    <TD>\r\n";
   print FH "       <B>Scan Started:</B>\r\n";
   print FH "    </TD>\r\n";
   print FH "    <TD><LEFT>\r\n";
   print FH "       <B>$timestamp</B>\r\n";
   print FH "    </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   
   print FH "</TABLE>\r\n";
   print FH "<BR><TABLE WIDTH=90% BGCOLOR=black CELLSPACING=0 CELLPADDING=2 BORDER=0><TR><TD><CENTER><FONT FACE=Tahoma COLOR=white SIZE=+1><B>Audit Results</B></FONT></LEFT></TD></TABLE>\r\n";
   print FH "\r\n";
   print FH "<TABLE WIDTH=90% BGCOLOR=white CELLSPACING=0 CELLPADDING=0 BORDER=0><TR ALIGN=left><BR>\r\n";
   close(FH);
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Writing log informaiton to report

sub wlog
{
   $rcptto   =~ s/</&lt;/g;
   $rcptto   =~ s/>/&gt;/g;
   $mailfrom =~ s/</&lt;/g;
   $mailfrom =~ s/>/&gt;/g;
   $helo     =~ s/</&lt;/g;
   $helo     =~ s/>/&gt;/g;
   $0        =~ s/RelayScanner.pl//g;
   
   open(FH, ">>", $log);
   print FH "\r\n";
   print FH "  <TR>\r\n";
   print FH "     <TD>\r\n";
   if($set)
   {
      print FH "         <B><A HREF=\"$0$plugindir$plugin_file\">TC: $count - $plugin_name<FONT COLOR=\"#FF0000\"> (Faliure)</FONT></A></B><BR>\n";
   } 
   else
   {  
      print FH "         <B><A HREF=\"$0$plugindir$plugin_file\">TC: $count - $plugin_name<FONT COLOR=\"#00FF00\"> (Success)</FONT></A></B><BR>\n";
   }
   print FH "        <B><A onClick=\"expandIt(inel$count); return false\" CLASS=\"outline\">Sent to server</A></B><BR>\n";
   print FH "        <DIV ID=\"inel$count\" CLASS=\"hiddentext\">\n";
   print FH "           $hlo [$helo]<BR>\n";
   print FH "           $list FROM: $mailfrom<BR>\n";
   print FH "           RCPT TO: $rcptto<BR>\n";
   print FH "           DATA<BR>\n";
   print FH "           From: \"CIRT.DK Relay Scanner\" &lt$mailfrom&gt<BR>\n";
   print FH "           To: $rcptto<BR>\n";
   print FH "           Subject: $subject (Test Case: $count)<BR>\n";
   print FH "           Date: $timestamp<BR>\n";
   print FH "           Message-ID: &lt000501c53143$25d6ef60$0901a8c0$count\@$domain&gt<BR>\n";
   print FH "           MIME-Version: 1.0<BR>\n";
   print FH "           Content-Type: text/plain<BR>\n";
   print FH "           Content-Transfer-Encoding: 7bit<BR>\n";
   print FH "           X-Priority: 1 (Highest)<BR>\n";
   print FH "           x-MSMail-Priority: High<BR>\n";
   print FH "           X-Mailer: $xmailer<BR>\n";
   print FH "           Importance: High<BR>\n";
   print FH "           X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180<BR>\n";
   print FH "           Sensitivity: Private<BR>\n";
   print FH "           Disposition-Notification-To: \"CIRT.DK Relay Scanner\" &lt$tester_email&gt<BR>\n";
   print FH "           <BR>\nTestcase: $count<BR>\n$description<BR>\n<BR>\n";
   print FH "           Mail creation:<BR>\n";
   print FH "           $list FROM: $mailfrom<BR>\n";
   print FH "           RCPT TO: $rcptto<BR>\n";
   print FH "           <BR>\n.<BR>\n";
   print FH "           QUIT<BR>\n";
   print FH "        </DIV>\n";
   print FH "        <B><A onClick=\"expandIt(outel$count); return false\" CLASS=\"outline\">Output from server</B></A><BR>\n";
   print FH "        <DIV ID=\"outel$count\" CLASS=\"hiddentext\">\n";
   my @lines = split(/\n/,$result);
   foreach $line (@lines)
   {
      if ( $line =~ m/(250.*Message accepted)/mgsi || m/(250.*queued)/mgsi)
      {
         print FH "         <B>$line</B><BR>\n";
      }
      else
      {
         print FH "         $line<BR>\n";
      }
   }
   print FH "        </DIV>\n";
   print FH "     </TD>\r\n";
   print FH "     <TD><LEFT>\r\n";
   print FH "         <B></B>\r\n";
   print FH "     </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";


   print FH "  <TR>\r\n";
   print FH "     <TD>\r\n";
   print FH "        <HR>\r\n";
   print FH "     </TD>\r\n";
   print FH "     <TD><LEFT>\r\n";
   print FH "        <HR>\r\n";
   print FH "     </TD\r\n";
   print FH "  </TR>\r\n";
   close (FH);
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Write ending to log file

sub end_log
{
   $timestamp1 = localtime;
   open(FH, ">>", $log);
   
   print FH "\r\n";
   print FH "  </TABLE>\r\n";
   print FH " \r\n\r\n";
   print FH "<BR><TABLE WIDTH=90% BGCOLOR=black CELLSPACING=0 CELLPADDING=2 BORDER=0><TR><TD><CENTER><FONT FACE=Tahoma COLOR=white SIZE=+1><B>Rapport Summary</B></FONT></LEFT></TD></TABLE><BR>\r\n";
   print FH "<TABLE WIDTH=90% BGCOLOR=white CELLSPACING=0 CELLPADDING=0 BORDER=0><TR ALIGN=left>\r\n";
   print FH "  <TR>\r\n";
   print FH "     <TD>\r\n";
   print FH "         <B>The Scan completed:</B>\r\n";
   print FH "     </TD>\r\n";
   print FH "     <TD><LEFT>\r\n";
   print FH "         <B>$timestamp1<B>\r\n";
   print FH "     </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "  <TR>\r\n";
   print FH "     <TD>\r\n";
   print FH "         <B>Possible Success attempts:</B>\r\n";
   print FH "     </TD>\r\n";
   print FH "     <TD><LEFT>\r\n";
   print FH "         <B>$success<B>\r\n";
   print FH "     </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "  <TR>\r\n";
   print FH "     <TD>\r\n";
   print FH "         <B>Possible Failed attempts</B>\r\n";
   print FH "     </TD>\r\n";
   print FH "     <TD><LEFT>\r\n";
   print FH "         <B>$faliure<B>\r\n";
   print FH "     </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";

   print FH "  <TR>\r\n";
   print FH "     <TD>\r\n";
   print FH "         <B>Total number of Relay checks performed:</B>\r\n";
   print FH "     </TD>\r\n";
   print FH "     <TD><LEFT>\r\n";
   print FH "         <B>$count<B>\r\n";
   print FH "     </LEFT></TD>\r\n";
   print FH "  </TR>\r\n";
   print FH "\r\n";

   print FH "</TABLE>\r\n";
   print FH "\r\n";
   print FH " <BR><TABLE WIDTH=90% BGCOLOR=black CELLSPACING=0 CELLPADDING=2 BORDER=0><TR><TD><CENTER><FONT FACE=Tahoma COLOR=white SIZE=1><B>$copyright</B></FONT></LEFT></TD></TABLE><BR><BR>\r\n";
   print FH " </BODY>\r\n";
   print FH "<!-- Remember if you are a Danish company, \r\n";
   print FH "     and does not have explicit written permission,\r\n";
   print FH "     you are in violation of the law on\r\n"; 
   print FH "     intellectual property rights\r\n -->\r\n\r\n";
   print FH "</HTML>\r\n";
   close (FH);
}

#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO

#Shows splash screen
&splash_screen;

# Loading the Scanner
&Load_scanner;

# Load in all the plugins and run them through the Relay engine
&run_plugins;

# Write summery when test is done
$timestamp1 = localtime;
print "\r\n\r\n Scanning Finished:  $timestamp1";
print "\r\n\r\nooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOoo\r\n";
printf STDERR "\r\n Successfully attempts:%3s $success";
printf STDERR "\r\n Failed attempts:%8s $faliure";
printf STDERR "\r\n Total attempts:%9s $count";
print "\r\n\r\nooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOoo\n\n\n";

# Writes summery to logfile
&end_log;