diff --git a/README.md b/README.md index 9945c62..84cf6e0 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ onesixtyone oscanner smbclient smbmap -smtp-user-enum snmpwalk sslscan svwar @@ -69,7 +68,7 @@ wkhtmltopdf On Kali Linux, you can ensure these are all installed using the following command: ```bash -$ sudo apt install seclists curl enum4linux feroxbuster nbtscan nikto nmap onesixtyone oscanner smbclient smbmap smtp-user-enum snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf +$ sudo apt install seclists curl enum4linux feroxbuster nbtscan nikto nmap onesixtyone oscanner smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf ``` ## Installation diff --git a/plugins/misc.py b/plugins/misc.py index a682db5..adf570e 100644 --- a/plugins/misc.py +++ b/plugins/misc.py @@ -128,7 +128,14 @@ class SMTPUserEnum(ServiceScan): self.match_service_name('^smtp') async def run(self, service): - await service.execute('smtp-user-enum -M VRFY -U "' + self.get_global('username_wordlist') + '" -t {address} -p {port} 2>&1', outfile='{protocol}_{port}_smtp_user-enum.txt') + await service.execute('hydra smtp-enum://{address}:{port}/vrfy -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_vrfy.txt') + await service.execute('hydra smtp-enum://{address}:{port}/expn -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_expn.txt') + + def manual(self): + self.add_manual_command('Try User Enumeration using "RCPT TO". Replace with the target\'s domain name:', [ + 'hydra smtp-enum://{address}:{port}/rcpt -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -o "{scandir}/{protocol}_{port}_smtp_user-enum_hydra_rcpt.txt" -p ' + ]) + class NmapTelnet(ServiceScan):