From: Marco Ivaldi (raptor@0xdeadbeef.info)
Date: Sun Nov 13 2005 - 13:26:35 EST
> Hello list.
Hey,
> First off all congratulate every one for always sharing their knowledge
> for free and for the... well lets get to the point :) I'm wondering if
> any one knows a tool that can gather email addresses of the users inside
> a domain, from the email server.
My brutus.pl script supports usernames gathering through Sendmail-style
RCPT TO answers, as well as the old-fashioned VRFY/EXPN dictionary attack.
Still very useful during the information gathering phase of penetration
tests, IMHO. You can download it at (Net-Telnet is required):
http://www.0xdeadbeef.info/code/brutus.pl
Have fun,
-- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:10 EDT