User Tools

Site Tools


smtp-user-enum

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

smtp-user-enum [2019/05/01 14:51] (current)
admin created
Line 1: Line 1:
 +====== smtp-user-enum Package Description ======
  
 +smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail). Enumeration is performed by inspecting the responses to VRFY, EXPN and RCPT TO commands. It could be adapted to work against other vulnerable SMTP daemons, but this hasn’t been done as of v1.0.
 +
 +Installation
 +smtp-user-enum is just a stand alone PERL script, so installation is as simple as copying it to your path (e.g. /​usr/​local/​bin). It has only been tested under Linux so far.
 +
 +It depends on the following PERL modules which you may need to install first:
 +
 +Socket
 +IO::Handle
 +IO::Select
 +IO::​Socket::​INET
 +Getopt::Std
 +If you have PERL installed, you should be able to install the modules from CPAN:
 +
 + # perl -MCPAN -e shell
 + ​cpan>​ install Getopt::Std
 +Usage
 +smtp-user-enum simply needs to be passed a list of users and at least one target running an SMTP service.
 +
 + ​smtp-user-enum v1.0 ( http://​pentestmonkey.net/​tools/​smtp-user-enum ) 
 +
 + ​Usage:​ smtp-user-enum.pl [options] (-u username|-U file-of-usernames) (-t host|-T file-of-targets) ​
 +
 + ​options are:
 +         -m n     ​Maximum number of processes (default: 5)
 +         -M mode  Method to use for username guessing EXPN, VRFY or RCPT (default: VRFY)
 +         -u user  Check if user exists on remote system
 +         -f addr  From email address to use for "RCPT TO" guessing (default: user@example.com)
 +        -D dom   ​Domain to append to supplied user list to make email addresses (Default: none)
 +                 Use this option when you want to guess valid email addresses instead of just usernames
 +                 e.g. "-D example.com"​ would guess foo@example.com,​ bar@example.com,​ etc.  Instead of
 +                      simply the usernames foo and bar.
 +         -U file  File of usernames to check via smtp service
 +         -t host  Server host running smtp service
 +         -T file  File of hostnames running the smtp service
 +         -p port  TCP port on which smtp service runs (default: 25)
 +         ​-d ​      ​Debugging output
 +         -t n     Wait a maximum of n seconds for reply (default: 5)
 +         ​-v ​      ​Verbose
 +         ​-h ​      This help message
 +
 +
 +Source: http://​pentestmonkey.net/​tools/​user-enumeration/​smtp-user-enum
 +
 +[[http://​pentestmonkey.net/​tools/​user-enumeration/​smtp-user-enum|smtp-user-enum Homepage]] | [[https://​hackpedia.org:​3000/​BlackWeb/​smtp-user-enum|BlackWeb sparta Repo]]
smtp-user-enum.txt · Last modified: 2019/05/01 14:51 by admin

(C) BlackWeb Security 2017 - 2019