taibeihacker
Moderator
0x00 swaks简介
Swaks是一個功能強大,靈活,可編寫腳本,面向事務的SMTP測試工具,由John Jetmore編寫和維護。目前Swaks託管在私有svn存儲庫中。官方項目頁面是http://jetmore.org/john/code/swaks/
下載安裝:(kali系統下自帶,如果出錯,可使用以下地址下載安裝)
v20181104.0發行版:http://jetmore.org/john/code/swaks/files/swaks-20181104.0.tar.gz
前提條件:yum install perl (centos下)
tar zxvf swaks-20181104.0.tar.gz
cd swaks-20181104.0.
./swaks
0x01 Swaks使用
1.基本使用語法:1).swaks --to [email protected] //測試郵箱的連通性;
root@localhost swaks-20181104.0]# ./swaks --to [email protected]
*** MX Routing not available: requires Net
NS. Using localhost as mail server===Trying localhost:25.
===Connected to localhost.
- 220 localhost.localdomain ESMTP Postfix
- EHLO localhost
- 250-localhost.localdomain
- 250-PIPELINING
- 250-SIZE 10240000
- 250-VRFY
- 250-ETRN
- 250-ENHANCEDSTATUSCODES
- 250-8BITMIME
- 250 DSN
- MAIL FROM:root@localhost
- 250 2.1.0 Ok
- RCPT TO:[email protected]
- 250 2.1.5 Ok
- DATA
- 354 End data with CRLF.CRLF
- Date: Thu, 09 May 2019 18:24:15 +0800
- To: [email protected]
- From: root@localhost
- Subject: test Thu, 09 May 2019 18:24:15 +0800
- Message-Id: 20190509182415.044457@localhost
- X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/
-
- This is a test mailing
-
-
- .
- 250 2.0.0 Ok: queued as 056576152155
- QUIT
- 221 2.0.0 Bye
===Connection closed with remote host.
前面都返回250ok,說明該郵箱存在,並且可以正常收信。最後可以看到qq郵箱返回550錯誤,qq官方給出的出錯原因:該郵件內容涉嫌大量群發,並且被多數用戶投訴為垃圾郵件
2).參數說明(這裡只是簡單的羅列了一些,至於更加具體的內容可以使用--help進行查看了解)
--from [email protected] //發件人郵箱;
--ehlo qq.com //偽造郵件ehlo頭,即是發件人郵箱的域名。提供身份認證
--body 'http://www.baidu.com' //引號中的內容即為郵件正文;
--header 'Subject:hello' //郵件頭信息,subject為郵件標題
--data ./Desktop/email.txt //將正常源郵件的內容保存成TXT文件,再作為正常郵件發送
2.偽造發送:
1)發送簡單內容(QQ的郵箱被SPF攔截,網易的可發送成功)
[root@localhost swaks-20181104.0]# ./swaks --to backli×@163.com --from wenqi×@gmail.com --body 諸葛先生,別來無恙~ --header 'Subject: 來自大司馬的問候' --server mail.smtp2go.com -p 2525 -au 用戶名-ap 密碼#這裡需要到www.smtp2go.com下註冊一個免費的發送的郵箱服務器的賬號。如果不加--server則會顯示錯誤“MX路由不可用: 使用localhost作為郵件服務器,需要設置Net : DNS。
===Trying mail.smtp2go.com:2525.
===Connected to mail.smtp2go.com.
- 220 mail.smtp2go.com ESMTP Exim 4.91 Thu, 09 May 2019 10:42:22 +0000
- EHLO localhost
- 250-mail.smtp2go.com Hello localhost [171.223.206.218]
- 250-SIZE 52428800
- 250-8BITMIME
- 250-DSN
- 250-PIPELINING
- 250-AUTH CRAM-MD5 PLAIN LOGIN
- 250-CHUNKING
- 250-STARTTLS
- 250-PRDR
- 250 HELP
- AUTH LOGIN
- 334 VXNlcm5hbWU6
- YmFja2xpb24=
- 334 UGFzc3dvcmQ6
- YWpWMmVtTnljRFp5ZWpobw==
- 235 Authentication succeeded
- MAIL FROM:[email protected]
- 250 OK
- RCPT TO:[email protected]
- 250 Accepted [email protected]
- DATA
- 354 Enter message, ending with '.' on a line by itself
- Date: Thu, 09 May 2019 18:42:21 +0800
- To: [email protected]
- From: [email protected]
- Subject: 來自大司馬的問候
- Message-Id: 20190509184221.044782@localhost
- X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/
-
- 諸葛先生,別來無恙~
-
-
- .
- 250 OK id=1hOgVO-RyuJx4-LX
- QUIT
- 221 mail.smtp2go.com closing connection
===Connection closed with remote host.
2)發送郵件模板
模板文件由郵箱中'顯示郵件原文' ,另存為readmail.txt,刪除Received,To相關內容,具體參考高級用法。
[root@localhost swaks-20181104.0]# ./swaks --to backli×@163.com --from wenqin×@gamil.com --data test.eml --header 'Subject: 網上購票系統-用戶密碼找回' --server mail.smtp2go.com -p 2525 -au 用戶名-ap 密碼
3)附加附件
[root@localhost swaks-20181104.0]# ./swaks --to backli×@163.com --from wenqi×@gmail.com --body 諸葛先生,別來無恙~ --header 'Subject: 來自大司馬的問候' --attach 等級保護.docx --server mail.smtp2go.com -p 2525 -au 用戶名-ap 密碼
4).複雜郵件
swaks --to 要測試的郵箱--from 被偽造的郵箱--ehlo 網址--body 郵件內容--header 郵件標題
[root@localhost swaks-20181104.0]# ./swaks --to [email protected] --from [email protected] --ehlo freebuf.com --body hello --header 'Subject: hello'
–from 要顯示的發件人郵箱
–ehlo 偽造的郵件ehlo頭
–body 郵件正文
–header 郵件頭信息,subject為郵件標題
在你ip沒有被qq郵箱band的情況下,郵件可以正常發送,返回250 ok
5)如果您的localhost無法發送郵件,您可以使用以下命令指定可靠的SMTP服務器:
swaks --to [email protected] --server smtp.example.com
3.高級用法
點擊查看郵件原文,然後將郵件原文複製,另存為test.eml文件
對test.eml文件進行修改:to:後面的目標郵箱即可
[root@localhost swaks-20181104.0]# ./swaks --to backli×@163.com --from wenqin×@gamil.com --data test.eml --header 'Subject: 網上購票系統-用戶密碼找回' --server mail.smtp2go.com -p 2525 -au 用戶名-ap 密碼
===Trying mail.smtp2go.com:2525.
===Connected to mail.smtp2go.com.
- 220 mail.smtp2go.com ESMTP Exim 4.91 Thu, 09 May 2019 11:33:21 +0000
- EHLO localhost
- 250-mail.smtp2go.com Hello localhost [171.223.206.218]
- 250-SIZE 52428800
- 250-8BITMIME
- 250-DSN
- 250-PIPELINING
- 250-AUTH CRAM-MD5 PLAIN LOGIN
- 250-CHUNKING
- 250-STARTTLS
- 250-PRDR
- 250 HELP
- AUTH LOGIN
- 334 VXNlcm5hbWU6
- YmFja2x×
- 334 UGFzc3dvcmQ6
- YWpWMmVtTnljRFp5Z×
- 235 Authentication succeeded
- MAIL FROM:wenqin×@gamil.com
- 250 OK
- RCPT TO:back×@163.com
- 250 Accepted bac×@163.com
- DATA
- 354 Enter message, ending with '.' on a line by itself
- Received: from mail.12306.cn (unknown [124.127.44.247])
- by newmx31.qq.com (NewMx) with SMTP id
- for 601462×@qq.com; Sun, 06 Jan 2019 12:40:30 +0800
- X-QQ-FEAT: y37167hFrfVQgRwaJgHKCRxOzlAGmr/AUask8Gt3aaw=
- X-QQ-MAILINFO: MHG2h55yn1llklKTjNwQJdtfp46IVGVTPzA2xPoaUP1h+EXLeI+swrHhT
- mpCCV5gt0hGnIzMreYVhczG4URIQzkNwhHU6RpKU98dM9WIcUCqTnKVA+/bP9Cm4+epY5N1
- rCpl5zs0xdiDi/Z/GS/ebiwHPp6QSatTZA==
- X-QQ-mid: mx31t1546749631tggruynog
- X-QQ-ORGSender: [email protected]
- Received: from mail.12306.cn (unknown [10.1.214.138])
- by mail.12306.cn (Postfix) with ESMTP id 4C16720797
- for 6014×[email protected]; Sun, 6 Jan 2019 12:40:32 +0800 (CST)
- Date: Sun, 6 Jan 2019 12:40:30 +0800 (CST)
- From: '[email protected]' [email protected]
- To: 'backl×@163.com' backlio×@163.com
- Message-ID: [email protected]
- Subject: 網上購票系統-用戶密碼找回
- MIME-Version: 1.0
- Content-Type: multipart/alternative;
- boundary='----=_Part_18623781_1540198882.1546749630360'
-
- ------=_Part_18623781_1540198882.1546749630360
- Content-Type: text/html; charset=gbk
- Content-Transfer-Encoding: quoted-printable
-
- !DOCTYPE html
- html
- head
- meta charset=3D'utf-8'
- meta http-equiv=3D'X-UA-Compatible' content=3D'IE=3Dedge,chrome=3D1'
- title12306=CD=A8=D6=AA=D3=CA=BC=FE/title
- meta name=3D'description' content=3D''
- meta name=3D'keywords' content=3D''
- link href=3D'' rel=3D'stylesheet'
- /head
- body
-=09table cellspacing=3D'0' cellpadding=3D'0' width=3D'760px'
-=09=09style=3D'border-spacing: 0; color: #333333; border: 1px solid #f1f1f1=
- ; margin-left: auto; margin-right: auto;'
-=09=09tr
-=09=09=09td width=3D'760'
-=09=09=09=09img src=3D'http://mobile.12306.cn/weixin/resources/weixin/imag=
- es/mail/mail_top.jpg' width=3D'760' height=3D'275'
-=09=09=09/td
-=09=09/tr
-=09=09tr
-=09=09=09td width=3D'720'
-=09=09=09=09style=3D'padding-left: 20px; padding-right: 20px; background: u=
- rl(http://mobile.12306.cn/weixin/resources/weixin/images/mail/mail_train.jp=
- g); background-position: bottom right; background-repeat: no-repeat;'
-=09=09=09=09table cellspacing=3D'0' cellpadding=3D'0' width=3D'720px'
-=09=09=09=09=09style=3D'border-spacing: 0; color: #333333;'
-=09=09=09=09=09tr
-=09=09=09=09=09=09td width=3D'720'
-=09=09=09=09=09=09=09style=3D'font-size: 16px; height: 40px; font-weight: b=
- old;'
-=09=09=09=09=09=09=09=D7=F0=BE=B4=B5=C4 span style=3D'color: #ff764c;'=CE=
-=C4=BA=A3=B8=D5=CF=C8=C9=FA=A3=BA/span
-=09=09=09=09=09=09/td
-=09=09=09=09=09/tr
-=09=09=09=09=09tr
-=09=09=09=09=09=09td width=3D'720'
-=09=09=09=09=09=09=09div style=3D'line-height: 20px; font-size: 12px;'=C4=
-=FA=BA=C3=A3=A1/div
-=09=09=09=09=09=09=09div style=3D'line-height: 20px; font-size: 12px;'=C4=
-=FA=D4=DA2019=C4=EA01=D4=C206=C8=D5 12=CA=B140=B7=D6=CC=E1=BD=BB=D5=D2=BB=
-=D8=C3=DC=C2=EB=C7=EB=C7=F3=A3=AC=C7=EB=B5=E3=BB=F7=CF=C2=C3=E6=B5=C4=C1=B4=
-=BD=D3=D0=DE=B8=C4=D3=C3=BB=A7wen129=B5=C4=C3=DC=C2=EB:/div