kali 下的郵件發送工具 swaks
Swaks 是一個功能強大,靈活,可撰寫腳本,面向事務的 SMTP 測驗工具,目前 Swaks 托管在私有 svn 存盤庫中,
官方專案 http://jetmore.org/john/code/swaks/
1.測驗郵箱的連通性
kali 自帶 swaks 工具,無需安裝
swaks --to [email protected]
拿我的 QQ 舉例
root@kali:~
? swaks --to [email protected] 01:59:06
=== Trying mx3.qq.com:25...
=== Connected to mx3.qq.com.
<- 220 newxmmxsza22.qq.com MX QQ Mail Server.
-> EHLO kali.lan
<- 250-newxmmxsza22.qq.com
<- 250-STARTTLS
<- 250-SIZE 73400320
<- 250 OK
-> MAIL FROM:<[email protected]>
<- 250 OK.
-> RCPT TO:<[email protected]>
<- 250 OK 1
-> DATA
<- 354 End data with <CR><LF>.<CR><LF>.
-> Date: Sat, 07 Dec 2019 01:59:07 -0500
-> To: [email protected]
-> From: [email protected]
-> Subject: test Sat, 07 Dec 2019 01:59:07 -0500
-> Message-Id: <[email protected]>
-> X-Mailer: swaks v20190914.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
->
-> .
<- 250 Ok: queued as
-> QUIT
<- 221 Bye.
=== Connection closed with remote host.
回傳 250 Ok,說明該郵箱可以正常通信,
2.開啟 SMTP 服務
QQ 的 或 163 官網的都可以,個人感覺 163 的還方便些
記住 smtp 的密碼
3.利用 SMTP 發送郵件
swaks --to 收件箱 --from 發件箱 --body 郵件內容 --header "Subject:hello" --server smtp.qq.com -p 25 -au 發件箱 -ap SMTP的密碼
引數說明:
--to //收件人郵箱;
--from //發件人郵箱;
--ehlo qq.com //偽造郵件的ehlo頭,即發件人郵箱的域名,身法認證;
--body "https://goobe.io" //引號內為郵件正文;
--header "Subject:hello" //郵件頭資訊,Subject為郵件標題;
--data email.txt //將正常郵件內容保存成TXT檔案,再作為正常郵件發出;
--help 顯示命令幫助
--verison 顯示版本資訊
輸出內容的含義:
“===”:swaks輸出的資訊行
“*“:swaks中產生的錯誤
” ->”:發送到目標的預期行(無錯誤)
“<- “:服務器的預期回復(無錯誤)
“<**”:服務器回傳的錯誤資訊
4.發送附件
swaks --to 收件箱 --from 發件箱 --body 郵件內容 --header "Subject:hello" --attach example.doc --server smtp.qq.com -p 25 -au 發件箱 -ap SMTP密碼
5.偽造郵件
--data email.txt //將正常郵件內容保存成TXT檔案,再作為正常郵件發出
發送內容為 email.txt (記得添加檔案路經) 里的全部內容
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
先找一分郵件,查看郵件原文,復制里面的內容,存為 .txt
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
去掉 Received 和 To 兩行 (發送時用 --from 和 --to 代替)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
swaks --data ./email.txt --to 收件箱 --from 發件箱 --server smtp.qq.com -p 25 -au 發件箱 -ap SMTP密碼
收件箱收到的是 email.txt 里的內容
好了,到這就結束了,其實理論上 swaks 可以偽造郵件里的任何一個引數
The_End
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/187323.html
標籤:其他