#!/bin/sh

## ---  --
##  --- -
##   ---  fts(2) [fts(2) xploit division]
##  - ---  http://slacknet.org/fts/xploit
## --  ---
## rvscan version two beta three (fts-rvscan.v2-b3.tgz)
##    unix remote vulnerability exploit scanner

# basic color definitions (crackrock/bitchx style.. heh)
blink="[5m"
cl="[0m"
mag="[35m"
cyn="[36m"
wht="[37m"
red="[31m"
hblk="[1;30m"
hmag="[1;35m"
hcyn="[1;36m"
hwht="[1;37m"
hred="[1;31m"
bblk="[40m"
bred="[41m"
bmag="[45m"
bcyn="[46m"
bwht="[47m"
bg="[44m"
rver="${cl}${hblk}[${hmag}r${cyn}v${cl}${cyn}scan${hblk}]${mag}:${cl}${wht}"
clear
echo "${hwht}---  --"
echo "${hwht} --- -"
echo "${hwht}  ---${cl}  ${hcyn}f${cl}${cyn}ts${mag}(${cyn}2${mag}) ${hblk}[${cl}${wht}fts(2) xploit division${hblk}]"
echo "${hwht} - ---${cl}  ${wht}http://slacknet.org/fts/xploit"
echo "${hwht}--  ---"
echo "${cl}${hblk}[${cl}${wht}rvscan version two beta three ${cl}${mag}(${cl}${wht}fts-rvscan.v2-b3.tgz${cl}${mag})${wht}"
echo ""
echo -n "$rver press any key to set up our variables/etc for the scan.${hblk}.${cl}" 
read blah
echo ""

# set the local stuff
echo -n "$rver checking for correct installation paths.."
if [ ! -d tools ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 exit 0
fi
if [ ! -d docs ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 exit 0
fi
if [ ! -f tools/bin/cgichk ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 exit 0
fi
echo " ok."

echo -n "$rver checking for completion of registration.."
if [ ! -f .registration ]; then
 echo " ${bred}${hwht}${blink}no${cl}${wht}."
 exit 0
fi
echo " yes."

echo -n "$rver checking for all necessary arguments.."
if [ "$1" = "" ]; then
 echo " ${bred}${hwht}${blink}no${cl}${wht}."
 echo ""
 echo "$rver usage is $0 <host> [logfile] [-v]"
 exit 0
fi
echo " ok."

echo -n "$rver making sure this is a linux system.."
if [ `uname` != "Linux" ]; then
 echo " ${bred}${hwht}${blink}no${cl}${wht}."
 exit 0
fi
echo " yes."

echo -n "$rver setting local script variables.."
atksys="`uname -sr` ($HOSTTYPE)"
atkusr=`whoami`
atkuid="$UID"
atkeuid="$EUID"
atkip=`ifconfig ppp0 | grep inet | cut -d: -f2 | awk '{print $1}'`
atkhost=`hostname`
yes="${hblk}[${cl}${wht}yes${hblk}]${cl}${wht}"
no="${hblk}[${cl}${wht}no${hblk}]${cl}${wht}"
rlog="$2"
if [ "$3" != "" ]; then
 verbose="1"
fi
if [ "$2" = "" ]; then
 rlog="$1.log"
fi
echo " done."

echo -n "$rver checking for root priveledges.."
if [ `whoami` != "root" ]; then
 echo " ${bred}${hwht}${blink}no${cl}${wht}."
 exit 0
fi
echo " yes."

echo -n "$rver looking for nmap.."
if [ ! -f /usr/local/bin/nmap ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 echo ""
 echo "$rver please install nmap from http://www.insecure.org/nmap"
 exit 0
fi
if [ "$verbose" = "1" ]; then
 echo "$vver `which nmap`"
fi
if [ "$verbose" != "1" ]; then
 echo " ok."
fi


echo -n "$rver looking for netcat.."
if [ `which nc` = "" ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 echo ""
 echo "$rver please install nmap from http://packetstorm.genocide2600.com"
 exit 0
fi
if [ "$verbose" = "1" ]; then
 echo "$vver `which nc`"
fi
if [ "$verbose" != "1" ]; then
 echo " ok."
fi


echo -n "$rver looking for telnet.."
if [ `which telnet` = "" ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 echo ""
 echo "$rver please install telnet before continuing."
 exit 0
fi
if [ "$verbose" = "1" ]; then
echo "$vver `which telnet`"
fi
if [ "$verbose" != "1" ]; then
 echo " ok."
fi



echo -n "$rver looking for rpcinfo.."
if [ `which rpcinfo` = "" ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 echo ""
 echo "$rver please install rpcinfo before continuing."
 exit 0
fi
if [ "$verbose" = "1" ]; then
echo "$vver `which rpcinfo`"
fi
if [ "$verbose" != "1" ]; then
 echo " ok."
fi


echo -n "$rver looking for strobe.."
if [ `which strobe` = "" ]; then
 echo " ${bred}${hwht}${blink}failed${cl}${wht}."
 echo ""
 echo "$rver please install strobe before coninuing."
 exit 0
fi
if [ "$verbose" = "1" ]; then
 echo "$vver `which strobe`"
fi
if [ "$verbose" != "1" ]; then
 echo " ok."
fi

echo -n "$rver making sure target exists.."
host $1 1>.host.tmp 2>.host.tmp
cat .host.tmp | grep -i "not found" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 echo " ${bred}${hwht}${blink}no${cl}${wht}."
 exit 0
fi
echo " yes."




# start the remote scans
echo ""
echo -n "$rver press any key to begin collecting remote data.${hblk}.${cl}${wht}"
read unfunfunf
echo ""
if [ -f $rlog ]; then
 mv $rlog $rlog.old 1>/dev/null 2>/dev/null
fi
rline="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
cat xfts >>$rlog
echo "" >>$rlog
echo "New scan against $1 started at `date`" >>$rlog
echo "* Local System: $atksys" >>$rlog
echo "* Local User: $atkusr (uid $atkuid/euid $atkeuid)" >>$rlog
echo "* Local Address: $atkhost ($atkip)" >>$rlog
echo "$rline" >>$rlog 

echo -n "$rver using nmap OS detection to analyze target.."
nmap -sS -P0 -O -p 20-81 $1 1>.nmap.tmp 2>.nmap.tmp
rmtfing=`cat .nmap.tmp | grep "guess:" | cut -d: -f2`
ndone="1"
if [ "$rmtfing" = "" ]; then
 echo " failed."
 rmtfing=" unavailable."
 ndone="0"
fi
if [ "$ndone" = "1" ]; then
 if [ "$verbose" != "1" ]; then
  echo " done."
 fi
 if [ "$verbose" = "1" ]; then
  echo " done. [$rmtfing]"
 fi
fi
rm .nmap.tmp 1>/dev/null 2>/dev/null
echo "Nmap Remote OS scan:$rmtfing" >>$rlog
echo "$rline" >>$rlog




echo -n "$rver using strobe to detect running services.."
echo "Running services on $1: " >>$rlog
strobe -o .strobe.tmp -b 19 -e 81 $1 1>/dev/null 2>/dev/null
sdone="1"
if [ ! -f .strobe.tmp ]; then
 echo " failed."
 sdone="0"
fi
if [ "$sdone" = "1" ]; then
 echo " done."
fi
cat .strobe.tmp >>$rlog
echo "$rline" >>$rlog
if [ "$verbose" = "1" ]; then
cat .strobe.tmp | grep "tcp"
fi




echo -n "$rver checking for remotely exploitable bind versions.."
cat .strobe.tmp | grep "nameserver" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 tools/bin/binfo-udp $1 1>.binfo.tmp 2>.binfo.tmp
 bindver=`cat .binfo.tmp | cut -d: -f2`
 rm .binfo.tmp
 bindvuln="0" 
 echo "$bindver" | grep -i "4.9.5-REL" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  bindvuln="1"
  bindver="4.9.5-REL"
 fi
 echo "$bindver" | grep -i "4.9.5-P1" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  bindvuln="1"
  bindver="4.9.5-P1"
 fi
 echo "$bindver" | grep -i "4.9.6-REL" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  bindvuln="1"
  bindver="4.9.6-REL"
 fi
 echo "$bindver" | grep -i "8.1-REL" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  bindvuln="1"
  bindver="4.9.5-REL"
 fi
 echo "$bindver" | grep -i "8.8.1-REL" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  bindvuln="1"
  bindver="8.1.1-REL"
 fi
fi

if [ "$bindvuln" = "1" ]; then
 if [ "$verbose" != "1" ]; then
  echo " yes."
 fi
 bindflog="yes"
 if [ "$verbose" = "1" ]; then
 echo "yes. [$bindver]"
 fi
fi
if [ "$bindvuln" != "1" ]; then
 echo " no."
 bindflog="no"
fi
echo "Checking for remotely exploitable bind version: $bindflog [$bindver]" >>$rlog



echo -n "$rver checking for vulnerable imapd versions.."
cat .strobe.tmp | grep "143/tcp" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 telnet $1 143 1>.imap.tmp 2>.imap.tmp &
 sleep 10
 killall -9 telnet 1>/dev/null 2>/dev/null
 cat .imap.tmp | grep -i "IMAP4" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  imapvuln="1"
 fi
fi
if [ "$imapvuln" = "1" ]; then
 if [ "$verbose" != "1" ]; then
  echo " possible."
 fi
 imapflog="yes"
 if [ "$verbose" = "1" ]; then
 echo " possible."
 fi
fi
if [ "$imapvuln" != "1" ]; then
 echo " no."
 imapflog="no"
fi
echo "Checking for remotely exploitable IMAP version: $imapflog" >>$rlog




echo -n "$rver checking for rpc.mountd vulnerability.."
rpcinfo -p $1 1>.mnt.tmp 2>.mnt.tmp &
sleep 4
killall -9 rpcinfo 1>/dev/null 2>/dev/null
cat .mnt.tmp | grep mountd >/dev/null 2>&1
if [ $? -eq 0 ]; then
 mnta="1"
 echo " possible."
 mntflog=" possible."
fi
if [ "$mnta" != "1" ]; then
 echo " no."
 mntflog=" no."
fi
echo "Checking for rpc.mountd vulnerability(s): $mntflog" >>$rlog



echo -n "$rver checking for insecure exports.."
showmount -e $1 1>.mnt2.tmp 2>.mnt2.tmp &
sleep 5
killall -9 showmount 1>/dev/null 2>/dev/null
cat .mnt2.tmp | grep "everyone" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 expvuln="1"
fi
cat .mnt2.tmp | grep "/" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 expvuln="1"
fi
if [ "$expvuln" = "1" ]; then
 echo " yes."
 expflog="yes"
fi
if [ "$mntvuln" != "1" ]; then
 echo " no."
 expflog="no"
fi
echo "Checking for vulnerable export(s): $expflog" >>$rlog
echo "$rline" >>$rlog


echo -n "$rver checking for anonymous ftp service.."
tools/bin/anonftp.pl $1 1>.ftp.tmp 2>.ftp.tmp
cat .ftp.tmp | grep "Guest login ok" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 anonftp="1"
fi
if [ "$anonftp" = "1" ]; then
 if [ "$verbose" != "1" ]; then
  echo " yes."
 fi
 anonftpflog="yes"
 if [ "$verbose" = "1" ]; then
  uber=`cat .ftp.tmp | grep "wu"`
  if [ "$uber" = "" ]; then
   uber=`cat .ftp.tmp | grep -i "Microsoft"`
  fi
  if [ "$uber" = "" ]; then
   uber="unknown."
  fi
 echo $uber
 fi
fi

if [ "$anonftp" != "1" ]; then
 echo " no."
 anonftpflog="no"
fi
echo "Anonymous ftp service: $anonftpflog" >>$rlog


echo -n "$rver checking for a running web server.."
(echo "GET /" ; sleep 5) | nc -w 6 $1 80 1>.www.tmp 2>.www.tmp
cat .www.tmp | grep "<" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 httpdflog="yes"
 httpd="1"
fi
if [ "$httpd" != "1" ]; then
 echo " no."
 httpdflog="no"
fi
hver=`(echo "HEAD / HTTP/1.0"; echo; echo) | nc -w 3 $1 80 | grep "Server:" | cut -d: -f2`
echo "Running httpd: $httpdflog.$hver" >>$rlog
echo "$rline" >>$rlog
if [ "$httpd" = "1" ]; then
 if [ "$verbose" != "1" ]; then
  echo " yes."
 fi
 httpdflog="yes"
 if [ "$verbose" = "1" ]; then
 if [ "$hver" = "" ]; then
  hver="unavailable"
 fi
 echo " $hver $yes"
 fi
fi


if [ "$httpd" = "1" ]; then
echo -n "$rver checking for frontpage extensions.."
(echo "GET /_vti_pvt/service.pwd" ; sleep 5) |nc -w 6 $1 80 1>.fp.tmp 2>.fp.tmp
cat .fp.tmp | grep -i "not found" >/dev/null 2>&1
if [ ! $? -eq 0 ]; then
 fpvuln="1"
fi
if [ "$fpvuln" = "1" ]; then
 echo " yes."
 fpflog="yes"
fi
if [ "$fpvuln" != "1" ]; then
 echo " no."
 fpflog="no"
fi
echo "Vulnerable FrontPage extensions present: $fpflog" >>$rlog
fi

if [ "$httpd" = "1" ]; then
 echo -n "$rver checking for vulnerable cold fusion httpd.."
 tools/bin/cgichk /cfdocs/expeval/openfile.cfm 1>.cf.tmp 2>.cf.tmp &
 sleep 4
 killall -9 cgichk 1>/dev/null 2>/dev/null
 cat .cf.tmp | grep "found!" >/dev/null 2>&1
 if [ $? -eq  0 ]; then
  echo " yes."
  cflog="yes. (openfile.cfm)"
  cf="1"
 fi
 if [ "$cf" != "1" ]; then
  echo " no."
  cf="0"
  cflog="no."
 fi
 echo "Vulnerable Cold Fusion httpd present: $cflog" >>$rlog
 echo -n "$rver checking for vulnerable website pro version.."
 tools/bin/cgichk /cgi-win/uploader.exe 1>.wp.tmp 2>.wp.tmp &
 sleep 5
 killall -9 cgichk 1>/dev/null 2>/dev/null
 cat .wp.tmp | grep "found!" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes."
  wflog="yes. (uploader.exe)"
  wp="1"
 fi
 if [ "$wp" != "1" ]; then
  echo " no."
  wp="0"
  wflog="no."
 fi
 echo "Vulnerable website pro httpd version present: $wflog" >>$rlog
 echo "$rline" >>$rlog
fi



echo -n "$rver checking for vulnerable version of wu-ftpd.."
tools/bin/anonftp.pl $1 1>.ftp.tmp 2>.ftp.tmp
cat .ftp.tmp | grep "wu-2.4" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 wuvuln="1"
fi
if [ "$wuvuln" = "1" ]; then
 wuvulnflog=" possible."
 if [ "$verbose" = "1" ]; then
  cat .ftp.tmp | grep "wu-2.4"
 fi
 if [ "$verbose" != "1" ]; then
  echo " possible."
 fi
fi
if [ "$wuvuln" != "1" ]; then
 echo " no."
 wuvulnflog=" no."
fi
echo "Vulnerable version of wu-ftpd: $wuvulnflog [`cat .ftp.tmp | grep "wu-2.4.2-academ"`]" >>$rlog


if [ "$httpd" = "1" ]; then
 echo -n "$rver scanning for various cgi scripts.."
 if [ "$verbose" = "1" ]; then
  echo ""
  tools/bin/cgichk $1
 fi
 if [ "$verbose" != "1" ]; then
  tools/bin/cgichk $1 1>/dev/null 2>/dev/null
 fi
 if [ -f cgilist ]; then
  echo "$rline" >>$rlog
  echo "The following vulnerable cgi scripts are present: " >>$rlog
  cat cgilist >>$rlog
  echo "$rline" >>$rlog
 fi
 echo " done."
fi


echo -n "$rver looking for open ipop3d multiple authentication.."
nc $1 110 1>.pop.tmp 2>.pop.tmp &
sleep 5
cat .pop.tmp | grep -i "pop" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 sleep 5
fi 
killall -9 nc 1>/dev/null 2>/dev/null
cat .pop.tmp | grep -i "+OK POP3" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 popvuln="1"
 popflog=" yes."
fi
if [ "$popvuln" != "1" ]; then
 popflog=" no."
fi
echo "$popflog"
echo "pop3 server accepts multiple authentication attempts:$popflog" >>$rlog
 

echo -n "$rver checking for dns iquery vulnerability.."
tools/bin/iquery $1 1>.iq.tmp 2>.iq.tmp &
sleep 5
killall -9 iquery 1>/dev/null 2>/dev/null
cat .iq.tmp | grep "exploit code" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 echo " yes."
 iqvuln="1"
 iqflog=" yes."
fi
if [ "$iqvuln" != "1" ]; then
 echo " no."
 iqflod=" no."
fi
echo "dns iquery vulnerability:$iqflod" >>$rlog


echo -n "$rver checking for icmp echo filters.."
ping -c 5 $1 1>.ping.tmp 2>.ping.tmp
cat .ping.tmp | grep "from" >/dev/null 2>&1
if [ ! $? -eq 0 ]; then
 icfilt="1"
 icflog=" yes."
fi
if [ "$icfilt" != "1" ]; then
 icflog=" no."
fi
echo " $icflog"
echo "icmp echo packet filtering present:$icflog" >>$rlog


echo -n "$rver checking for older qpop versions.."
nc $1 110 1>.qp.tmp 2>.qp.tmp &
sleep 5
killall -9 nc 1>/dev/null 2>/dev/null
cat .qp.tmp | grep "2.2" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 qpvuln="1"
 qpflog=" yes."
fi
cat .qp.tmp | grep "2.4" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 qpvuln="1"
 qpflog=" yes."
fi
if [ "$qpvuln" != "1" ]; then
 qpflog=" no."
fi
echo " $qpflog"
echo "vulnerable qpop mail daemons present:$qpflog" >>$rlog

echo -n "$rver checking rpcbind/portmap for statd overflow.."
sdflog=" no."
rpcinfo -p $1 1>.statd.tmp 2>.statd.tmp &
sleep 4
killall -9 rpcinfo 1>/dev/null 2>/dev/null
cat .statd.tmp | grep "stat" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 sdflog=" possible."
 sdvuln="1"
fi
echo "$sdflog"
echo "RPC/Statd running on host:$sdflog" >>$rlog

echo -n "$rver checking rpcbind/portmap for nlockmgr overflow.."
nlflog=" no."
cat .statd.tmp | grep "nlockmgr" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 nlflog=" possible."
 nlvuln="1"
fi
echo "$nlflog"
echo "RPC/Nlockmgr running on host:$nlflog" >>$rlog



echo -n "$rver checking for open oracle port(s).."
orflog=" no."
telnet $1 1525 1>.oracle.tmp 2>.oracle.tmp &
sleep 4
killall -9 telnet 1>/dev/null 2>/dev/null
cat .oracle.tmp | grep -i "connected" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 orflog=" yes."
 orvuln="1"
fi
echo "$orflog"
echo "Running Oracle services present:$orflog" >>$rlog


echo -n "$rver checking for bootp.."
btpflog=" no."
telent $1 67 1>.bootp.tmp 2>.bootp.tmp &
sleep 4
killall -9 telnet 1>/dev/null 2>/dev/null
cat .bootp.tmp | grep -i "connected" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 btpflog=" yes."
 btpvuln="1"
fi
echo "$btpflog"
echo "BOOTP server running on tcp/67:$btpflog" >>$rlog


echo -n "$rver checking for miscelanious sendmail holes.."
smflog=" no."
cat .strobe.tmp | grep "25" >/dev/null 2>&1
if [ $? -eq 0 ]; then
 echo -n "."
 nc $1 25 1>.sm.tmp 2>.sm.tmp &
 sleep 5
 cat .sm.tmp | grep -i "sendmail" >/dev/null 2>&1
 if [ ! $? -eq  0 ]; then
  sleep 5
 fi
 killall -9 nc 1>/dev/null 2>/dev/null
 smflog=" no."
 smvuln="0"
 cat .sm.tmp | grep "8.9.2" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.9.2"
 fi
 cat .sm.tmp | grep "8.8.4" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.8.4"
 fi
 cat .sm.tmp | grep "8.6.12" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.6.12"
 fi
 cat .sm.tmp | grep "8.7." >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.7.x"
 fi
 cat .sm.tmp | grep "8.8.2" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.8.2"
 fi
 cat .sm.tmp | grep "8.9.3" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.9.3"
 fi
 cat .sm.tmp | grep "8.8.8" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.8.8"
 fi
 cat .sm.tmp | grep "5.55" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog= " yes."
  smver="5.55"
 fi
 cat .sm.tmp | grep "5.61" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="5.61"
 fi
 cat .sm.tmp | grep "5.65" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="5.65"
 fi
 cat .sm.tmp | grep "8.65" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"   
  smflog=" yes."
  smver="8.65"  
 fi
 cat .sm.tmp | grep "8.6.9" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.6.9"
 fi
 cat .sm.tmp | grep "8.6.10" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.6.10"
 fi
 cat .sm.tmp | grep "8.6.4" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.6.4"
 fi
 cat .sm.tmp | grep "8.6.7" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  smvuln="1"
  smflog=" yes."
  smver="8.6.7"
 fi
 echo "Vulnerable sendmail holes present:$smflog [$smver]" >>$rlog
fi
if [ "$smvuln" != "1" ]; then
 echo " no."
fi
if [ "$smvuln" = "1" ]; then
 if [ "$verbose" = "1" ]; then
  echo " yes. [$smver]"
 fi
 if [ "$verbose" != "1" ]; then
  echo " yes."
 fi
fi



