iSMTP包装说明

测试SMTP用户枚举(RCPT TO和VRFY),内部欺诈和继电器。

iSMTP首页 | 卡利iSMTP回购

  • 作者:奥尔顿·约翰逊
  • 许可:GPL第二版

    0x01 包含在ismtp包工具

    ismtp - SMTP用户枚举和测试工具 ```bash

    :~# ismtp

    iSMTP v1.6 - SMTP Server Tester, Alton Johnson ( )

Usage: ./iSMTP.py Required: -f Imports a list of SMTP servers for testing. (Cannot use with '-h'.) -h The target IP and port (IP:port). (Cannot use with '-f'.) Spoofing: -i The ISA's email address. -s The sender's email address. -r The recipient's email address. --sr Specifies both the sender's and recipient's email address. -S The sender's first and last name. -R The recipient's first and last name. --SR Specifies both the sender's and recipient's first and last name. -m Enables SMTP spoof testing. -a Includes .txt attachment with spoofed email. SMTP enumeration: -e Enable SMTP user enumeration testing and imports email list. -l <1|2|3> Specifies enumeration type (1 = VRFY, 2 = RCPT TO, 3 = all). (Default is 3.) SMTP relay: -i The ISA's email address. -x Enables SMTP external relay testing. Misc: -t The timeout value. (Default is 10.) -o Creates "ismtp-results" directory and writes output to ismtp-results/smtp(port).txt Note: Any combination of options is supported (e.g., enumeration, relay, both, all, etc.).

## 0x02  iSMTP用法示例
测试从文件中IP地址从字典文件 *(-e /usr/share/wordlists/metasploit/unix_users.txt)* 
列举的用户名 *列表(-f SMTP-ips.txt):* 

```bash
:~# ismtp -f smtp-ips.txt -e /usr/share/wordlists/metasploit/unix_users.txt
 ---------------------------------------------------------------------
  iSMTP v1.6 - SMTP Server Tester, Alton Johnson (
)
------
 Testing SMTP server [user enumeration]: 192.168.1.25:25
 Emails provided for testing: 109
 Performing SMTP VRFY test...
 [-] 4Dgifts ------------- [ invalid ]
 [-] EZsetup ------------- [ invalid ]
 [+] ROOT ---------------- [ success ]
 [+] adm ----------------- [ success ]

原文来自https://www.hackfun.org/kali-tools/ismtp_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""