I have written a code in Python, and I want to change it. I use it when I am performing a penetration tests in my organization and I want to make my script better. The script gets a username that I entering and it connect to the SMTP server over port 25 and check if the user exists or not. Here is the script:
#!/usr/bin/python
import socket
import sys
if len(sys.argv) != 2:
print "Usage: vrfy.py <username>"
sys.exit(0)
# Create a Socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Connect to the Server
connect=s.connect(('192.168.0.10',25))
# Recieve the banner
banner=s.recv(1024)
print banner
# VRFY 开发者_Go百科a user
s.send('VRFY ' + sys.argv[1] + '\r\n')
result=s.recv(1024)
print result
# Close the socket
s.close()
The changes that I want to perform are the following: Instead of entering only one username to check, I want to mention a location of a txt file and the script will read all the usernames it contains.
Also, I what that the IP address at the script wont be hard coded and I will need to insert it every time I am using the script. Many thanks in advance,
Bar Aviv
You're not really supposed to use the low-level socket send() and recv() directly like that. They're not guaranteed to send/receive any particular amount of data. It might just happen to work the way you want talking to one particular mail server, but as soon as commands/responses don't fit one-to-one into IP packets, you're going to get weird results.
If you want a simple blocking conversational stream, try the file interface you get from socket.makefile.
You should probably implement a little more of SMTP as well... at least say helo!
The below reads usernames from standard input, so you can direct a file of usernames to it by saying:
python vrfy.py 127.0.0.1 < usernames.txt
though you could change it to read sys.argv[2] for another filename parameter if you wanted.
users= []
for line in sys.stdin:
line= line.strip()
if line!='':
users.append(line)
s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 25))
fp= s.makefile('rwb')
fp.readline() # ignore banner
fp.write('HELO test.example.com\r\n')
fp.flush()
fp.readline() # ignore response
for user in users:
fp.write('VRFY %s\r\n' % user)
fp.flush()
print '%s: %s' % (user, fp.readline().strip())
fp.write('QUIT\r\n')
fp.flush()
s.close()
Use something like the following:
with open(sys.argv[1]) as f:
for line in f:
username = line.replace('\n', '')
print 'Testing with user: %s' % user
For the IP address, you can pass it as a second argument -- verify.py username-list-file server-ip-address -- and reference as sys.argv[2].
You can also do something like:
try:
userlist = sys.argv[1]
server_address = sys.argv[2]
except IndexError:
print 'Usage: verify.py username-list-file server-ip-address'
sys.exit(-1)
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论