SMTP servers and DNS

April 21, 2012 Leave a comment

Have you ever noticed that when you send a HELO <hostname> command to a SMTP server, and you just type random characters for the host name it takes quite some time for the SMTP server to respond? The reason for this is that some mail serversĀ  actually perform a dns lookup of the name you specified. It gets even better, I’ve found mail servers that also do this for internal host-names…

So, I decided to make a little host-name scanner:

from socket import *

def checkhost(hostname, sck):
   try:
      data=sck.recv(1024)
      cmd_helo= 'helo ' + hostname +'\r\n'
      cmd_rset= 'rset\r\n'
      sck.settimeout(1)
      sck.send(cmd_helo.encode('utf-8'))
      data=sck.recv(1024)
      if data:
         print(hostname)
      sck.send(cmd_rset.encode('utf-8'))
   except: return 0

#end def

s = socket(AF_INET, SOCK_STREAM)
s.connect(("name of mailserver here",25))
s.settimeout(5)
data=s.recv(1)

#scan
hosts = open('D:\Own_development\Python\SIDScan.lst').read()
hosts.replace('\r','\n')
hosts.replace('\n\n','\n')
for lohost in hosts.split('\n'):
   checkhost(lohost,s)

#end for
About these ads

Filed under scripts, Security

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this: