Add smtp module

Author: nodauf

go.mod

@@ -3,6 +3,9 @@ module GoMapEnum
 go 1.16
 
 require (
+	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
 	github.com/fatih/color v1.13.0
+	github.com/nodauf/net-smtp v0.0.0-20220123142515-ae3aa26fb163
 	github.com/spf13/cobra v1.2.1
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de // indirect
 )

go.sum

@@ -37,6 +37,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/P4ZwUYSdNCWsMEI0VeyrFoI2rAhJQ=
+github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -192,6 +194,8 @@ github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/nodauf/net-smtp v0.0.0-20220123142515-ae3aa26fb163 h1:ibyr4sPQNrPAK4fGuJxdIyX8tC8ytoTe/ryoQ5YpIRk=
+github.com/nodauf/net-smtp v0.0.0-20220123142515-ae3aa26fb163/go.mod h1:bpKTQ3KO0V60W040bsyRGv/w7HxFYDQHGmBwgB4copE=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -248,6 +252,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

src/cmd/enum/smtp.go

@@ -0,0 +1,46 @@
+package enum
+
+import (
+	"GoMapEnum/src/logger"
+	"GoMapEnum/src/modules/smtp"
+	"GoMapEnum/src/orchestrator"
+
+	"github.com/spf13/cobra"
+)
+
+var smtpOptions smtp.Options
+
+// smtpCmd represents the smtp command
+var smtpCmd = &cobra.Command{
+	Use:   "smtp",
+	Short: "Enumerate email address by connection to the smtp port of the target.",
+	Long: ` 
+	Credits: https://github.com/cytopia/smtp-user-enum`,
+	Example: `go run main.go userenum smtp -u users  -t mail.contoso.com -o validUsers`,
+	Run: func(cmdCli *cobra.Command, args []string) {
+		log := logger.New("Enumeration", "SMTP", smtpOptions.Target)
+		log.SetLevel(level)
+		log.Info("Starting the module SMTP")
+		smtpOptions.Log = log
+		smtpOptions.Proxy = proxy
+
+		orchestratorOptions := orchestrator.Orchestrator{}
+		orchestratorOptions.PreActionUserEnum = smtp.PrepareSMTPConnections
+		orchestratorOptions.UserEnumFunc = smtp.UserEnum
+		orchestratorOptions.PostActionUserEnum = smtp.CloseSMTPConnections
+		validUsers = orchestratorOptions.UserEnum(&smtpOptions)
+
+	},
+}
+
+func init() {
+
+	smtpCmd.Flags().StringVarP(&smtpOptions.Domain, "domain", "d", "", "Targeted domain ")
+	smtpCmd.Flags().StringVarP(&smtpOptions.Mode, "mode", "m", "", "RCPT, VRFY, EXPN (default: RCPT)")
+	smtpCmd.Flags().StringVarP(&smtpOptions.Users, "user", "u", "", "Username or file containing the usernames")
+	smtpCmd.Flags().StringVarP(&smtpOptions.Target, "target", "t", "", "Host pointing to the OWA service")
+	smtpCmd.Flags().IntVar(&smtpOptions.Thread, "thread", 2, "Number of threads")
+	smtpCmd.MarkFlagRequired("user")
+	smtpCmd.MarkFlagRequired("target")
+	smtpCmd.MarkFlagRequired("domain")
+}

src/modules/smtp/struct.go

@@ -0,0 +1,21 @@
+package smtp
+
+import (
+	"GoMapEnum/src/utils"
+
+	smtp "github.com/nodauf/net-smtp"
+)
+
+// Options for o365 module
+type Options struct {
+	Target string
+	Domain string
+	Mode   string
+	utils.BaseOptions
+
+	connectionsPool chan *smtp.Client
+}
+
+func (options *Options) GetBaseOptions() *utils.BaseOptions {
+	return &options.BaseOptions
+}

src/modules/smtp/userEnum.go

@@ -0,0 +1,101 @@
+package smtp
+
+import (
+	"GoMapEnum/src/utils"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	smtp "github.com/nodauf/net-smtp"
+)
+
+func PrepareSMTPConnections(optionsInterface *interface{}) {
+	options := (*optionsInterface).(*Options)
+	options.connectionsPool = make(chan *smtp.Client, options.Thread)
+	var nbConnectionsRequired int
+	nbConnectionsRequired = options.Thread
+	if len(options.UsernameList) < options.Thread {
+		nbConnectionsRequired = len(options.UsernameList)
+	}
+	options.Log.Debug("Preparing a pool of " + strconv.Itoa(nbConnectionsRequired) + " connections")
+	for i := 1; i <= nbConnectionsRequired; i++ {
+		client, err := smtp.Dial(options.Target + ":25")
+		if err != nil {
+			options.Log.Error("Failed to establish a connection " + err.Error())
+			continue
+		}
+		err = client.Hello(utils.RandomString(6))
+		if err != nil {
+			fmt.Println("hello" + err.Error())
+		}
+		err = client.Mail(utils.RandomString(6) + "@" + options.Domain)
+		if err != nil {
+			fmt.Println("mail" + err.Error())
+		}
+		options.connectionsPool <- client
+	}
+}
+
+func UserEnum(optionsInterface *interface{}, username string) bool {
+	options := (*optionsInterface).(*Options)
+	valid := false
+	smtpConnection := <-options.connectionsPool
+	switch strings.ToLower(options.Mode) {
+	case "rcpt", "":
+		err := smtpConnection.Rcpt(username)
+		if err == nil {
+			options.Log.Success(username)
+			valid = true
+		} else {
+			options.Log.Debug(username + " => " + err.Error())
+			options.Log.Fail(username)
+		}
+	case "vrfy":
+		err := smtpConnection.Verify(username)
+		if err == nil {
+			options.Log.Success(username)
+			valid = true
+		} else {
+			options.Log.Debug(username + " => " + err.Error())
+			options.Log.Fail(username)
+		}
+	case "expn":
+		err := smtpConnection.Expand(username)
+		if err == nil {
+			options.Log.Success(username)
+			valid = true
+		} else {
+			code := strings.Split(err.Error(), " ")[0]
+			options.Log.Debug(username + " => " + err.Error())
+			options.Log.Fail(username)
+			// If the command is not implemented no need to pursue
+			if code == "502" {
+				CloseSMTPConnections(optionsInterface)
+				options.Log.Fatal("The command is not implemented. No need to pursue using this method.")
+			}
+			fmt.Println(code)
+		}
+	default:
+		CloseSMTPConnections(optionsInterface)
+		options.Log.Fatal("Unrecognised mode: " + options.Mode + ". Only RCPT, VRFY and EXPN are supported.")
+	}
+
+	options.connectionsPool <- smtpConnection
+	return valid
+}
+
+func CloseSMTPConnections(optionsInterface *interface{}) {
+	options := (*optionsInterface).(*Options)
+	options.Log.Debug("Closing the pool of connections")
+	for i := 1; i <= options.Thread; i++ {
+		select {
+		case smtpConnection := <-options.connectionsPool:
+			smtpConnection.Close()
+		case <-time.After(1 * time.Second):
+			options.Log.Debug("Something went wrong0 A connection seems already closed")
+		}
+
+	}
+	close(options.connectionsPool)
+}