iSMTP包装说明

测试SMTP用户枚举(RCPT TO和VRFY),内部欺诈和继电器。

iSMTP首页 | 卡利iSMTP回购

  • 作者:奥尔顿·约翰逊

  • 许可:GPL第二版

    0x01 包含在ismtp包工具

    ismtp - SMTP用户枚举和测试工具

    
:~# ismtp
---------------------------------------------------------------------
iSMTP v1.6 - SMTP Server Tester, Alton Johnson (

)

------
Usage: ./iSMTP.py <OPTIONS>
Required:
  -f <import file>    Imports a list of SMTP servers for testing.
              (Cannot use with '-h'.)
  -h <host>       The target IP and port (IP:port).
              (Cannot use with '-f'.)
Spoofing:
  -i <isa email>      The ISA's email address.
  -s <sndr email>     The sender's email address.
  -r <rcpt email>     The recipient's email address.
     --sr <email>     Specifies both the sender's and recipient's email address.
  -S <sndr name>      The sender's first and last name.
  -R <rcpt name>      The recipient's first and last name.
     --SR <name>      Specifies both the sender's and recipient's first and last name.
  -m          Enables SMTP spoof testing.
  -a          Includes .txt attachment with spoofed email.
SMTP enumeration:
  -e <file>   Enable SMTP user enumeration testing and imports email list.
  -l <1|2|3>  Specifies enumeration type (1 = VRFY, 2 = RCPT TO, 3 = all).
          (Default is 3.)
SMTP relay:
  -i <isa email>      The ISA's email address.
  -x          Enables SMTP external relay testing.
Misc:
  -t <secs>   The timeout value. (Default is 10.)
  -o      Creates "ismtp-results" directory and writes output to
          ismtp-results/smtp_<service>_<ip>(port).txt
Note: Any combination of options is supported (e.g., enumeration, relay, both, all, etc.).

    0x02 iSMTP用法示例

    测试从文件中IP地址从字典文件 (-e /usr/share/wordlists/metasploit/unix_users.txt) 列举的用户名 列表(-f SMTP-ips.txt): 


 :~# ismtp -f smtp-ips.txt -e /usr/share/wordlists/metasploit/unix_users.txt
 ---------------------------------------------------------------------
  iSMTP v1.6 - SMTP Server Tester, Alton Johnson (

 )

 ------
 Testing SMTP server [user enumeration]: 192.168.1.25:25
 Emails provided for testing: 109
 Performing SMTP VRFY test...
 [-] 4Dgifts ------------- [ invalid ]
 [-] EZsetup ------------- [ invalid ]
 [+] ROOT ---------------- [ success ]
 [+] adm ----------------- [ success ]

原文来自:https://www.hackfun.org/kali-tools/ismtp_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""