tresacton · August 29, 2015 14:01
diff --git a/smtp_vrfy.rb b/smtp_vrfy.rb
 #!/usr/bin/env ruby
 require 'open3'
 require 'socket'

 ip 				= ARGV[0]
 start_of_range 	= ARGV[1]
 end_of_range 	= ARGV[2]
 @targets_to_scan = [] # if alive, add to this
 @targets = "#{ip}.#{start_of_range}-#{end_of_range}"
 @current_target = ""

 def ping_sweep_smtp_ports
 	# Ping sweep for live hosts, save to file with greppable formatting
 	cmd = "nmap -sT -p 25 #{@targets} -oG nmap-top-port-sweep.txt"
 	puts "[#] [MASTER]\t#{Time.now} Running CMD: #{cmd}"

 	while @targets_to_scan == []
 		Open3.popen3(cmd) do |stdin, stdout, stderr, wait_thr|
 	  		stdout.read.split("\n").each do |line|
 	    		#@the_output << "#{line}"
 	    		@current_target = line.split(' ').last if line.include?("Nmap scan report for ")
 	  			@targets_to_scan << @current_target if (line.include?('open') && line.include?("smtp"))
 	  		end
 	  	end
 	end
 	@targets_to_scan = @targets_to_scan.uniq
 	@targets_remaining = @targets_to_scan.count
 	puts "[!] [MASTER]\t#{@targets_to_scan.count} targets to be tested: #{@targets_to_scan}"
 	puts "[+] [MASTER]\t#{Time.now} Finished CMD: #{cmd}"
 end

 def do_smtp_scanning(target_ip, ports = [25]) 
 	if ports == []
 		puts "[?] [SMTP]\t#{Time.now} Skipping for #{target_ip}... nothing to scan"
 	else
 		ports.each do |p|
 			puts "[#] [SMTP]\t#{Time.now} Running SMTP Brute Force VRFY (just over 1900 usernames) for #{target_ip}"
 			results = []
 			# name_list = "/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/names/namelist.txt"
 			name_list = "/root/top100firstnames.txt"
 			Socket.tcp(target_ip.chomp, 25) do |s|
 				s.recv 1024 # the welcome message 
 	  			File.foreach(name_list) do |l|
 					s.send "VRFY #{l}", 0
 					response = s.recv 1024
 					puts response
 					results << response if ( (response.include?("250") || response.include?("252") ) && !response.include?("Cannot VRFY") )
 				end
 			end
 	        puts "RESULTS FOR: #{target_ip}\n#{results}\n"
 			puts "[#] [SMTP]\t#{Time.now} Finished  SMTP Brute Force VRFY (just over 1900 usernames)"
 		end
 	end
 end

 ping_sweep_smtp_ports
 @targets_to_scan.each {|t|do_smtp_scanning(t)}
	#!/usr/bin/env ruby
	require 'open3'
	require 'socket'

	ip = ARGV[0]
	start_of_range = ARGV[1]
	end_of_range = ARGV[2]
	@targets_to_scan = [] # if alive, add to this
	@targets = "#{ip}.#{start_of_range}-#{end_of_range}"
	@current_target = ""

	def ping_sweep_smtp_ports
	# Ping sweep for live hosts, save to file with greppable formatting
	cmd = "nmap -sT -p 25 #{@targets} -oG nmap-top-port-sweep.txt"
	puts "[#] [MASTER]\t#{Time.now} Running CMD: #{cmd}"

	while @targets_to_scan == []
	Open3.popen3(cmd) do \|stdin, stdout, stderr, wait_thr\|
	stdout.read.split("\n").each do \|line\|
	#@the_output << "#{line}"
	@current_target = line.split(' ').last if line.include?("Nmap scan report for ")
	@targets_to_scan << @current_target if (line.include?('open') && line.include?("smtp"))
	end
	end
	end
	@targets_to_scan = @targets_to_scan.uniq
	@targets_remaining = @targets_to_scan.count
	puts "[!] [MASTER]\t#{@targets_to_scan.count} targets to be tested: #{@targets_to_scan}"
	puts "[+] [MASTER]\t#{Time.now} Finished CMD: #{cmd}"
	end

	def do_smtp_scanning(target_ip, ports = [25])
	if ports == []
	puts "[?] [SMTP]\t#{Time.now} Skipping for #{target_ip}... nothing to scan"
	else
	ports.each do \|p\|
	puts "[#] [SMTP]\t#{Time.now} Running SMTP Brute Force VRFY (just over 1900 usernames) for #{target_ip}"
	results = []
	# name_list = "/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/names/namelist.txt"
	name_list = "/root/top100firstnames.txt"
	Socket.tcp(target_ip.chomp, 25) do \|s\|
	s.recv 1024 # the welcome message
	File.foreach(name_list) do \|l\|
	s.send "VRFY #{l}", 0
	response = s.recv 1024
	puts response
	results << response if ( (response.include?("250") \|\| response.include?("252") ) && !response.include?("Cannot VRFY") )
	end
	end
	puts "RESULTS FOR: #{target_ip}\n#{results}\n"
	puts "[#] [SMTP]\t#{Time.now} Finished SMTP Brute Force VRFY (just over 1900 usernames)"
	end
	end
	end

	ping_sweep_smtp_ports
	@targets_to_scan.each {\|t\|do_smtp_scanning(t)}
No results found