iSMTP包装说明

测试SMTP用户枚举(RCPT TO和VRFY),内部欺诈和继电器。

iSMTP首页 | 卡利iSMTP回购

  • 作者:奥尔顿·约翰逊
  • 许可:GPL第二版

包含在ismtp包工具

ismtp - SMTP用户枚举和测试工具
[email protected]:~# ismtp

 ---------------------------------------------------------------------
  iSMTP v1.6 - SMTP Server Tester, Alton Johnson ([email protected])
[email protected]------

 Usage: ./iSMTP.py <OPTIONS>

 Required:

    -f <import file>    Imports a list of SMTP servers for testing.
                (Cannot use with '-h'.)
    -h <host>       The target IP and port (IP:port).
                (Cannot use with '-f'.)

 Spoofing:

    -i <isa email>      The ISA's email address.
    -s <sndr email>     The sender's email address.
    -r <rcpt email>     The recipient's email address.
       --sr <email>     Specifies both the sender's and recipient's email address.
    -S <sndr name>      The sender's first and last name.
    -R <rcpt name>      The recipient's first and last name.
       --SR <name>      Specifies both the sender's and recipient's first and last name.
    -m          Enables SMTP spoof testing.
    -a          Includes .txt attachment with spoofed email.

 SMTP enumeration:

    -e <file>   Enable SMTP user enumeration testing and imports email list.
    -l <1|2|3>  Specifies enumeration type (1 = VRFY, 2 = RCPT TO, 3 = all).
            (Default is 3.)

 SMTP relay:

    -i <isa email>      The ISA's email address.
    -x          Enables SMTP external relay testing.

 Misc:

    -t <secs>   The timeout value. (Default is 10.)
    -o      Creates "ismtp-results" directory and writes output to
            ismtp-results/smtp_<service>_<ip>(port).txt

 Note: Any combination of options is supported (e.g., enumeration, relay, both, all, etc.).

iSMTP用法示例

测试从文件中IP地址从字典文件(-e /usr/share/wordlists/metasploit/unix_users.txt)列举的用户名列表(-f SMTP-ips.txt):

[email protected]:~# ismtp -f smtp-ips.txt -e /usr/share/wordlists/metasploit/unix_users.txt

 ---------------------------------------------------------------------
  iSMTP v1.6 - SMTP Server Tester, Alton Johnson ([email protected])
[email protected]------

 Testing SMTP server [user enumeration]: 192.168.1.25:25
 Emails provided for testing: 109

 Performing SMTP VRFY test...

 [-] 4Dgifts ------------- [ invalid ]
 [-] EZsetup ------------- [ invalid ]
 [+] ROOT ---------------- [ success ]
 [+] adm ----------------- [ success ]