开发者

Assist with Python script

问答 作者:

I have written a code in Python, and I want to change it. I use it when I am performing a penetration tests in my organization and I want to make my script better. The script gets a username that I entering and it connect to the SMTP server over port 25 and check if the user exists or not. Here is the script:

#!/usr/bin/python

import socket
import sys

if len(sys.argv) != 2:
 print "Usage: vrfy.py <username>"
        sys.exit(0)

# Create a Socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Connect to the Server
connect=s.connect(('192.168.0.10',25))

# Recieve the banner
banner=s.recv(1024)
print banner

# VRFY 开发者_Go百科a user
s.send('VRFY ' + sys.argv[1] + '\r\n')
result=s.recv(1024)
print result

# Close the socket
s.close()

The changes that I want to perform are the following: Instead of entering only one username to check, I want to mention a location of a txt file and the script will read all the usernames it contains.

Also, I what that the IP address at the script wont be hard coded and I will need to insert it every time I am using the script. Many thanks in advance,

Bar Aviv

You're not really supposed to use the low-level socket send() and recv() directly like that. They're not guaranteed to send/receive any particular amount of data. It might just happen to work the way you want talking to one particular mail server, but as soon as commands/responses don't fit one-to-one into IP packets, you're going to get weird results.

If you want a simple blocking conversational stream, try the file interface you get from socket.makefile.

You should probably implement a little more of SMTP as well... at least say helo!

The below reads usernames from standard input, so you can direct a file of usernames to it by saying:

python vrfy.py 127.0.0.1 < usernames.txt

though you could change it to read sys.argv[2] for another filename parameter if you wanted.

users= []
for line in sys.stdin:
    line= line.strip()
    if line!='':
        users.append(line)

s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 25))
fp= s.makefile('rwb')

fp.readline() # ignore banner
fp.write('HELO test.example.com\r\n')
fp.flush()
fp.readline() # ignore response

for user in users:
    fp.write('VRFY %s\r\n' % user)
    fp.flush()
    print '%s: %s' % (user, fp.readline().strip())

fp.write('QUIT\r\n')
fp.flush()
s.close()

Use something like the following:

with open(sys.argv[1]) as f:
    for line in f:
        username = line.replace('\n', '')
        print 'Testing with user: %s' % user

For the IP address, you can pass it as a second argument -- verify.py username-list-file server-ip-address -- and reference as sys.argv[2].

You can also do something like:

try:
    userlist = sys.argv[1]
    server_address = sys.argv[2]
except IndexError:
    print 'Usage: verify.py username-list-file server-ip-address'
    sys.exit(-1)

继续阅读:python

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9