BASH - Script to verify if a user or mailbox exists on a mailserver - PosteXplo - Computer Security, Physical Security, Social Engineering & Hacking

Resheph

Administrator

Join Date: Jan 2016

Posts: 513
- Share
- Tweet
#1

BASH - Script to verify if a user or mailbox exists on a mailserver

10-01-2016, 11:26 AM

This small script connects to a mailservice and executes the VRFY command to verify if a user in the provided userlist exists on the mail server.
It is a very simple bash script and uses a bit of output cutting while grepping for the SMTP status code 252.

File: mailusers.sh

Code:

#!/bin/bash # By Resheph # Execute it with ./mailusers.sh <userlist> <mailserver> > output.txt for user in $(cat $1); do # echo "vrfy $user" | nc -q 2 $2 25 | grep "^252 " | cut -f3 -d" " & # echo "vrfy $user" | proxychains ncat $2 25 #| grep "^252 " | cut -f3 -d" " & echo "vrfy $user" | proxychains nc -n -w 5 $2 25 | grep "^252 " | cut -f3 -d" " & # echo "vrfy $user" | nc -q 2 $2 25 #| grep "^252 " | cut -f3 -d" " & # echo "vrfy $user" | ncat -nv $2 25 #| grep "^252 " | cut -f3 -d" " & done

As you can see most commands are remarked and I did consider removing them but I wanted to show the thought process of this tiny script.
I started out using NetCat (nc) as the connecting tool but I wanted to try out ncat also. Even though it is not completely reliable the script will use Tor as a proxy for connecting. Of course it will require Tor to be configured for it to work.
Most scripts like this are done on-the-fly to cover an urgent need for automation. Next time the script comes in handy small changes might be made to it anyway. It is just part of the toolbox.
Note that SMTP servers should have the VRFY command disabled but that does not guarantee it actually has.

Certified Security Geek
Tags: bash, script, smtp, users

Announcement

BASH - Script to verify if a user or mailbox exists on a mailserver

BASH - Script to verify if a user or mailbox exists on a mailserver