使用metasploit收集邮箱

 来源:milsec.com

作者:影子牛
转载开始。

发现这个还是蛮有用处的，如果感到蛋疼你就拍拍手，至于收集到邮箱之后做什么用途，各位就可以自己随意发挥了

[root@sms framework3]# ./msfconsole

888                           888        d8b888
888                           888        Y8P888
888                           888           888
88888b.d88b.  .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888
888 “888 “88bd8P  Y8b888       “88b88K     888 “88b888d88″”88b888888
888  888  88888888888888   .d888888″Y8888b.888  888888888  888888888
888  888  888Y8b.    Y88b. 888  888     X88888 d88P888Y88..88P888Y88b.
888  888  888 “Y8888  “Y888″Y888888 88888P’88888P” 888 “Y88P” 888 “Y888
888
888
888

=[ metasploit v3.3.4-dev [core:3.3 api:1.0]
+ — –=[ 534 exploits – 252 auxiliary
+ — –=[ 259 payloads – 23 encoders – 8 nops
=[ svn r8821 updated today (2010.03.15)

msf > use auxiliary/gather/search_email_collector
ok，我们看一下描述。
msf auxiliary(search_email_collector) > info

Name: Search Engine Domain Email Address Collector
Version: 7613
License: Metasploit Framework License (BSD)
Rank: Normal

Provided by:
Carlos Perez <carlos_perez@darkoperator.com>

Basic options:
Name           Current Setting  Required  Description
—-           —————  ——–  ———–
DOMAIN                          yes       The domain name to locate email addresses for
OUTFILE                         no        A filename to store the generated email list
SEARCH_BING    true             yes       Enable Bing as a backend search engine
SEARCH_GOOGLE  true             yes       Enable Google as a backend search engine
SEARCH_YAHOO   true             yes       Enable Yahoo! as a backend search engine

Description:
This module uses Google, Bing and Yahoo to create a list of valid
email addresses for the target domain.
恩，其实就是用Google，yahoo和bing搜索网站的邮件地址，不管怎么样，还是可以测试一下的了，我们找个蛋疼的网站，邮件不能太多了，就随便找一个吧，试试古城热线www.xaonline.com

ine.comliary(search_email_collector) > set DOMAIN xaon
DOMAIN => xaonline.com
trueuxiliary(search_email_collector) > set SEARCH_BING
SEARCH_BING => true
LE trueiliary(search_email_collector) > set SEARCH_GOOGL
SEARCH_GOOGLE => true
O truexiliary(search_email_collector) > set SEARCH_YAHOO
SEARCH_YAHOO => true
msf auxiliary(search_email_collector) > run

Harvesting emails …..
Searching Google for email addresses from xaonline.com
Extracting emails from Google search results…
Searching Bing email addresses from xaonline.com
Extracting emails from Bing search results…
Searching Yahoo for email addresses from xaonline.com
Extracting emails from Yahoo search results…
Located 3 email addresses for xaonline.com
mingren@xaonline.com
webmaster@xaonline.com
xaonline@xaonline.com
Auxiliary module execution completed
msf auxiliary(search_email_collector) >
ok，蛋疼，收集到的很少，不过你可以换个网站试试，经过测试，貌似只有yahoo搜索能正常的搜索出来邮件地址。

本文转sinojelly51CTO博客，原文链接：http://blog.51cto.com/pnig0s1992/346213，如需转载请自行联系原作者