iSMTP 介绍

测试枚举SMTP用户(RCPT TO和VRFY),内部欺诈和接替。

iSMTP 首页
iSMTP 源代码版本库

作者:Alton Johnson
许可:GPLv2

包含在ismtp里的工具

ismtp - 枚举SMTP用户和测试工具
:~# ismtp

 ---------------------------------------------------------------------
  iSMTP v1.6 - SMTP Server Tester, Alton Johnson (alton.jx@gmail.com)
 ---------------------------------------------------------------------

Usage: ./iSMTP.py  <OPTIONS>

Required:
    -f <import file>   Imports a list of SMTP servers for testing,(Cannot use with '-h'.)
    -h <host>   The target IP and port (IP:port),(Cannot use with '-f'.)

Spoofing:
    -i <isa email>      The ISA's email address.
    -s <sndr email>     The sender's email address.
    -r <rcpt email>     The recipient's email address.
        --sr<email>     Specifies both the sender's and recipient's email address.
    -S <sndr name>      The sender's first and last name.
    -R <rcpt name>      The recipient's first and last name.
        --SR<name>      Specifies both the sender's and recipient's first and last name.
    -m          Enables SMTP spoof testing.
    -a          Includes .txt attachment with spoofed email.

 SMTP enumeration:
    -e <file>   Enable SMTP user enumeration testing and imports email list.
    -l <1|2|3>  Specifies enumeration type (1=VRFY, 2=RCPT TO, 3=all),(Default is 3.)

 SMTP relay:
    -i <isa email>      The ISA's email address.
    -x          Enables SMTP external relay testing.

 Misc:
    -t <secs>   The timeout value. (Default is 10.)
    -o      Creates "ismtp-results" directory and writes output to
            ismtp-results/smtp_<service>_<ip>(port).txt

 Note: Any combination of options is supported (e.g., enumeration, relay, both, all, etc.).

iSMTP 用法示例

从IP地址文件中测试(-e /usr/share/wordlists/metasploit/unix_users.txt)枚举的用户名列表(-f SMTP-ips.txt):

:~# ismtp -f smtp-ips.txt -e /usr/share/wordlists/metasploit/unix_users.txt

 ---------------------------------------------------------------------
  iSMTP v1.6 - SMTP Server Tester, Alton Johnson (alton.jx@gmail.com)
 ---------------------------------------------------------------------

 Testing SMTP server [user enumeration]: 192.168.1.25:25
 Emails provided for testing: 109

 Performing SMTP VRFY test...

 [-] 4Dgifts ------------- [ invalid ]
 [-] EZsetup ------------- [ invalid ]
 [+] ROOT ---------------- [ success ]
 [+] adm ----------------- [ success ]