forked from funkandwagnalls/pythonpentest
-
Notifications
You must be signed in to change notification settings - Fork 0
/
smtp_vrfy.py
152 lines (140 loc) · 7.01 KB
/
smtp_vrfy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#/usr/bin/env python
'''
Author: Chris Duffy
Date: March 2015
Name: smtp_vrfy.py
Purpose: To validate users on a box running SMTP
Copyright (c) 2015, Christopher Duffy All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met: * Redistributions
of source code must retain the above copyright notice, this list of conditions and
the following disclaimer. * Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution. * Neither the
name of the nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL CHRISTOPHER DUFFY BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
import socket, time, argparse, os, sys
def read_file(filename):
with open(filename) as file:
lines = file.read().splitlines()
return lines
def verify_smtp(verbose, filename, ip, timeout_value, sleep_value, port=25):
if port is None:
port=int(25)
elif port is "":
port=int(25)
else:
port=int(port)
if verbose > 0:
print "[*] Connecting to %s on port %s to execute the test" % (ip, port)
valid_users=[]
username_list = read_file(filename)
for user in username_list:
try:
sys.stdout.flush()
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(timeout_value)
connect=s.connect((ip,port))
banner=s.recv(1024)
if verbose > 0:
print("[*] The system banner is: '%s'") % (str(banner))
command='VRFY ' + user + '\n'
if verbose > 0:
print("[*] Executing: %s") % (command)
print("[*] Testing entry %s of %s") % (str(username_list.index(user)),str( len(username_list)))
s.send(command)
result=s.recv(1024)
if "252" in result:
valid_users.append(user)
if verbose > 1:
print("[+] Username %s is valid") % (user)
if "550" in result:
if verbose > 1:
print "[-] 550 Username does not exist"
if "503" in result:
print("[!] The server requires authentication")
break
if "500" in result:
print("[!] The VRFY command is not supported")
break
except IOError as e:
if verbose > 1:
print("[!] The following error occured: '%s'") % (str(e))
if 'Operation now in progress' in e:
print("[!] The connection to SMTP failed")
break
finally:
if valid_users and verbose > 0:
print("[+] %d User(s) are Valid" % (len(valid_users)))
elif verbose > 0 and not valid_users:
print("[!] No valid users were found")
s.close()
if sleep_value is not 0:
time.sleep(sleep_value)
sys.stdout.flush()
return valid_users
def write_username_file(username_list, filename, verbose):
open(filename, 'w').close() #Delete contents of file name
if verbose > 1:
print("[*] Writing to %s") % (filename)
with open(filename, 'w') as file:
file.write('\n'.join(username_list))
return
if __name__ == '__main__':
# If script is executed at the CLI
usage = '''usage: %(prog)s [-u username_file] [-f output_filename] [-i ip address] [-p port_number] [-t timeout] [-s sleep] -q -v -vv -vvv'''
parser = argparse.ArgumentParser(usage=usage)
parser.add_argument("-u", "--usernames", type=str, help="The usernames that are to be read", action="store", dest="username_file")
parser.add_argument("-f", "--filename", type=str, help="Filename for output the confirmed usernames", action="store", dest="filename")
parser.add_argument("-i", "--ip", type=str, help="The IP address of the target system", action="store", dest="ip")
parser.add_argument("-p","--port", type=int, default=25, action="store", help="The port of the target system's SMTP service", dest="port")
parser.add_argument("-t","--timeout", type=float, default=1, action="store", help="The timeout value for service responses in seconds", dest="timeout_value")
parser.add_argument("-s","--sleep", type=float, default=0.0, action="store", help="The wait time between each request in seconds", dest="sleep_value")
parser.add_argument("-v", action="count", dest="verbose", default=1, help="Verbosity level, defaults to one, this outputs each command and result")
parser.add_argument("-q", action="store_const", dest="verbose", const=0, help="Sets the results to be quiet")
parser.add_argument('--version', action='version', version='%(prog)s 0.42b')
args = parser.parse_args()
# Set Constructors
username_file = args.username_file # Usernames to test
filename = args.filename # Filename for outputs
verbose = args.verbose # Verbosity level
ip = args.ip # IP Address to test
port = args.port # Port for the service to test
timeout_value = args.timeout_value # Timeout value for service connections
sleep_value = args.sleep_value # Sleep value between requests
dir = os.getcwd() # Get current working directory
username_list =[]
# Argument Validator
if len(sys.argv)==1:
parser.print_help()
sys.exit(1)
if not filename:
if os.name != "nt":
filename = dir + "/confirmed_username_list"
else:
filename = dir + "\\confirmed_username_list"
else:
if filename:
if "\\" or "/" in filename:
if verbose > 1:
print("[*] Using filename: %s") % (filename)
else:
if os.name != "nt":
filename = dir + "/" + filename
else:
filename = dir + "\\" + filename
if verbose > 1:
print("[*] Using filename: %s") % (filename)
username_list = verify_smtp(verbose, username_file, ip, timeout_value, sleep_value, port)
if len(username_list) > 0:
write_username_file(username_list, filename, verbose)