Kali Linux

MailRipV2 : Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features

MailRipV2 is a SMTP checker / SMTP cracker written in Python 3.8. Using the “smtplib”, it allows you to check common mailpass combolists for valid SMTP logins. It has included dictionaries and lists containing details of common email providers as well as most common ports used for SMTP servers. In case any data is missing, “dnspython” is used to lookup unknown SMTP hosts in MX records.

Moreover, Mail.Rip V2 comes with SOCKS-proxy support including a proxy-scraper and checker function. If the proxy-support is activated, the checker / cracker scrapes SOCKS4 or SOCKS5 proxys from common online sources and will check the results, then.. The working proxys will be used randomly. And you can add new sources by editing the library.json at any time.

Last but not least, Mail.Rip V2 includes an email delivery test / inbox check for found SMTP logins. For every valid combo, it tries to send a plain text email with the found SMTP login. All test messages are sent to your own user-defined receiving address whereby the content of the test emails is generated randomly. The templates can be edited in the “library.json”, too.

Mail.Rip V2 is full functional and ready to use!

How To Use Mail.Rip V2

Mail.Rip V2 has been written and tested with Python 3.8. It should run on any OS as long as Python and all dependencies are installed.
Just follow the steps below!

Installing Needed Python Modules

All Python modules / packages needed are listed in the txt-file requirements.txt. For an easy installation, type:

pip3 install -r requirements.txt

Installing any missing dependencies may take some time. Be patient, please.

Start the Checker / Cracker

With all dependencies being installed, you can start Mail.Rip V2 with:

python3 MailRipV2.py

No extra arguments are needed. You only need to copy your combofile into the same directory before starting the checker / cracker. After starting it, just follow the steps from (1) to (4). For more information see “Options in Main Menu”.

Please regard:
Your combofile needs to be encoded with utf-8! Any other encoding may cause errors.

Options in Main Menu

Set Default Values

Use this option to edit the default values for Mail.Rip V2. You can edit the following here:

  • Amount of threads to use for checking / cracking.
  • Default timeout for connections.
  • De-/activate the blacklist check for email domains.
  • Set your email address as receiver for test messages.

De-/Activate Proxy-Support

This option allows you to activate or deactivate the proxy-support. If activated, you will be asked for the proxy-type to use. Just enter SOCKS4 or SOCKS5. The scraper starts automatically then. You can add more sources by editing the library.json. After the scraping is done, you will be asked whether you want to skip the checker. DO NOT SKIP THE CHECKER except you really, really need to start an attack immediately.

Load Combos

Option #3 starts the Comboloader. Enter the name of your combofile, for example: combos.txt. All combos in the file will be loaded and prepared for an attack. Therefor, the Comboloader performs the following steps:

  • Any other separator than “:” is replaced.
  • The email address in the combo is verified by its format using regular expressions.
  • For verified email addresses, the domain is checked against the blacklist included in library.json.
  • Then, the loader checks whether it has already loaded the given combo before (duplicates check).

All combos passing the checks will be loaded for an attack and saved to a txt-file called targets.txt. Please make sure that your combofile is encoded with utf-8 or errors may occur.

Start Attack

This one is obvious.

Various

See the sections below for any tips, hints and other information.

SMTP cracking / SMTP checking process

Mail.Rip V2 uses the smtplib for the checking / cracking process. The “magic” is done this way:

  1. The SMTP cracker / SMTP checker reads the next combo from the list loaded.
  2. It looks up the email domain in the “smtphost” dictionary for the SMTP-host to attack.
  3. For unknown hosts, it will try to get the address from the MX records of the email domain.
  4. The connection port for host found in MX records is searched using the most common ones in a trial and error process.
  5. Afterwards it establishes a connection to the SMTP host (trying SSL and non-SSL as well as TLS)
  6. and sends the login data using the target email address and the given password from the combo.
  7. If the login is denied, the cracker / checker will try to login with the user-ID (email without @…) and the password.
  8. In case the login data is valid, the so-called “hit” will be saved to a txt-file.
  9. In the end Mail.Rip V2 will try to send a test message to you using the found SMTP.

For best results every user should edit the host information in the library.json before starting Mail.Rip V2 the first time. Adding the data of the most common e-mail providers in a combolist will always speed up the checking / cracking process. And it will probably raise less security flags on the server-side.

Other ways to improve your results are: deactivating the proxy-support and adjusting default values. In fact, IT IS RECOMMENDED TO LEAVE THE PROXY-SUPPORT DEACTIVATED. Without using proxys, you will receive much better results – for the checker as well as for the inbox check.

Notes on the email delivery test (inbox check)

The email content is generated randomly using templates in the “library.json”. Edit those templates for your needs. Editing the templates from time to time will provide a higher success rate.

Always regard that the email delivery test may return false negative results for many reasons. It just confirms that the given SMTP host can be used for sending emails with any software. Well-known email providers may block or restrict access to SMTP accounts, especially for tools like Mail.Rip V2. Moreover, free proxys may be blacklisted as well as the certain SMTP account itself. You should test valid logins for which the delivery test failed again after the attack has been finished.

Notes on the blacklist check

The library.json includes a blacklist for email domains. More than 500 trashmail domains have been added to it. But there are also some very popular email providers on it. Those email providers are most often a waste of time when you check or crack mailpass combolists. Sometimes they just block the access, sometimes they ask for further verification.

If you want to attack those providers, too, edit the blacklist for your needs.

R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

3 minutes ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

12 minutes ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

21 minutes ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

1 day ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

1 day ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

1 day ago