SMTP-用户枚举包装说明
SMTP-用户枚举是通过SMTP服务(sendmail)在列举OS级别的用户帐户上的Solaris的工具。枚举通过检查响应VRFY,EXPN和RCPT TO命令来执行。它可以适用于对工作的其他弱势SMTP守护进程,但是这并没有这样做是V1.0的。
资料来源:http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum
SMTP-用户枚举首页 | 卡利SMTP-用户枚举回购
- 作者:pentestmonkey
- 许可:GPL第二版
包含在SMTP-用户枚举封装工具
SMTP-用户枚举 - 用户名猜工具主要用于SMTP服务
[email protected]:~# smtp-user-enum -h
smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )
Usage: smtp-user-enum.pl [options] ( -u username | -U file-of-usernames ) ( -t host | -T file-of-targets )
options are:
-m n Maximum number of processes (default: 5)
-M mode Method to use for username guessing EXPN, VRFY or RCPT (default: VRFY)
-u user Check if user exists on remote system
-f addr MAIL FROM email address. Used only in "RCPT TO" mode (default: [email protected])
-D dom Domain to append to supplied user list to make email addresses (Default: none)
Use this option when you want to guess valid email addresses instead of just usernames
e.g. "-D example.com" would guess [email protected], [email protected], etc. Instead of
simply the usernames foo and bar.
-U file File of usernames to check via smtp service
-t host Server host running smtp service
-T file File of hostnames running the smtp service
-p port TCP port on which smtp service runs (default: 25)
-d Debugging output
-t n Wait a maximum of n seconds for reply (default: 5)
-v Verbose
-h This help message
Also see smtp-user-enum-user-docs.pdf from the smtp-user-enum tar ball.
Examples:
$ smtp-user-enum.pl -M VRFY -U users.txt -t 10.0.0.1
$ smtp-user-enum.pl -M EXPN -u admin1 -t 10.0.0.1
$ smtp-user-enum.pl -M RCPT -U users.txt -T mail-server-ips.txt
$ smtp-user-enum.pl -M EXPN -D example.com -U users.txt -t 10.0.0.1SMTP-用户枚举用法示例
使用VRFY方法(-M VRFY)来搜索目标服务器(-t 192.168.1.25)上指定的用户(-u root用户):
[email protected]:~# smtp-user-enum -M VRFY -u root -t 192.168.1.25
Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )
----------------------------------------------------------
| Scan Information |
----------------------------------------------------------
Mode ..................... VRFY
Worker Processes ......... 5
Target count ............. 1
Username count ........... 1
Target TCP port .......... 25
Query timeout ............ 5 secs
Target domain ............
######## Scan started at Tue May 13 16:06:28 2014 #########
192.168.1.25: root exists
######## Scan completed at Tue May 13 16:06:29 2014 #########
1 results.
1 queries in 1 seconds (1.0 queries / sec)