Mail.Rip v2 – SMTP checker / SMTP Cracker for Mailpass Combolists

Admin
smtp

Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support (SOCKS4 / SOCKS5) with automatic proxy-scraper, e-mail delivery test for valid combos (inbox check) and DNS lookup for unknown SMTP-hosts.

Overview

Legal Notices

You are allowed to use the following code for educational purposes only! Mail.Rip v2 shall not be used for any kind of illegal activity nor law enforcement at any time. This restriction applies to all cases of usage, no matter whether the code as a whole or only parts of it are being used.

By downloading and / or using any part of the code and / or any file of this repository, you agree to these restrictions without remarks.

Features

Mail.Rip v2 is a SMTP checker / SMTP cracker written in Python 3.8. Using the “smtplib”, it allows you to check common mailpass combolists for valid SMTP logins. It has included dictionaries and lists containing server details of common e-mail providers as well as most common subdomains and ports used for SMTP servers. Besides that, “dnspython” is used to lookup unknown SMTP hosts in MX records. In case it fails, the cracker / checker will try to find the target-server by using the most common subdomains and ports in a connection-test by trial and error.

Moreover, Mail.Rip v2 comes with SOCKS-proxy support and a proxy-scraper function. If the proxy-support is activated, the checker / cracker scrapes SOCKS4 or SOCKS5 proxys from common online sources. The scraped proxys will be used randomly. And you can add new sources by editing the library.json.

Last but not least, Mail.Rip v2 includes an e-mail delivery test for found SMTP logins. For every valid combo, it tries to send a plain text e-mail with the found SMTP login. All test messages are sent to your user-defined receiving address. This way, the cracker / checker provides an easy verification of so called “hits” together with an inbox test.

Mail.Rip v2 is already full functional and ready to use!

How-to use Mail.Rip v2

Mail.Rip v2 has been written and tested with Python 3.8. It should run on any OS as long as Python and all dependencies are installed.
Just follow the steps below!

Installing needed Python modules

All Python modules / packages needed are listed in the txt-file requirements.txt. For an easy installation, type:

pip3 install -r requirements.txt

Installing any missing dependencies may take some time. Be patient, please.

Start the Checker / Cracker

With all dependencies being installed, you can start Mail.Rip v2 with:

python3 MailRipV2.py

No extra arguments are needed. You only need to copy your combofile into the same directory before starting the checker / cracker. After starting it, just follow the steps from (1) to (4). For more information see “Options in Main Menu”.

Please regard:
Your combofile needs to be encoded with utf-8!

Options in Main Menu

[1] Set Default Values

Use this option to edit the default values for Mail.Rip v2. You can edit the following ones here:

  • Amount of threads to use for checking / cracking.
  • Default timeout for connections.
  • De-/activate the blacklist check for e-mail domains.
  • Your e-mail address as receiver for the e-mail delivery test.

[2] De-/Activate Proxy-Support

This option allows you to activate or deactivate the proxy-support. If activated, you will be asked for the proxy type to use. Just enter SOCKS4 or SOCKS5. The scraper starts automatically then. You can add more sources by editing the library.json.

[3] Load Combos

Option #3 starts the Comboloader. Enter the name of your combofile, for example: combos.txt. All combos in the file will be loaded and prepared for an attack. Therefor, the Comboloader performs the following steps:

  • Any other separator than “:” is replaced.
  • The e-mail address in the combo is verified by its format using regular expressions.
  • For verified e-mail addresses, the domain is checked against the blacklist included in library.json.
  • The Comboloader checks whether the combo has already been loaded (no duplicates check).

All combos passing the checks will be loaded for an attack and temporarily saved to a txt-file called targets.txt. Please make sure that your combofile is encoded with utf-8 or errors may occur when loading it.

[4] Start Attack

This one is obvious.

Various

See the sections below for any tips, hints and other information.

SMTP cracking / SMTP checking process

Mail.Rip v2 uses the smtplib for the checking / cracking process. The “magic” is done this way:

  1. The SMTP cracker / SMTP checker reads the next combo from the list loaded before.
  2. It looks up the e-mail domain in the “smtphost” dictionary for the SMTP-host to attack.
  3. For unknown hosts, it will try to get from the MX records of the e-mail domain.
  4. If still no host is found, it trys to establish a connection to guessed hosts using most common subdomains one by one.
  5. Same for the connection port.
  6. Afterwards it establishes a connection to the SMTP host (trying SSL first and non-SSL on errors as well as TLS)
  7. and sends the login data using the target e-mail address and the given password the combo contained.
  8. If the login is denied, the cracker / checker will try to login with the user-ID (e-mail without @…) and the password.
  9. In case the login data is valid, the so-called “hit” will be saved to a txt-file.
  10. In the end Mail.Rip v2 will try to send a test message using the found SMTP.

For best results every user should edit the host information in the library.json before starting Mail.Rip v2 for the first time. Adding the data of the most common e-mail providers in a combolist will always speed up the checking / cracking process. And it will raise less security flags on the server-side.

Other ways to improve your results are: deactivating the proxy-support and adjusting default values.

Notes on the e-mail delivery test (inbox check)

The e-mail template is loaded from the email_template.txt. Edit that file for your needs. If the file cannot be loaded, the default template within the code will be used.

Always regard that the e-mail delivery test may return false negative results for many reasons. It just confirms that the given SMTP host can be used for sending e-mails with any software. Well-known e-mail providers may block or restrict access to SMTP accounts for tools like Mail.Rip v2. Moreover, free proxys may be blacklisted as well as the certain SMTP account itself. You should test valid logins for which the delivery test failed at a later time again.

Notes on the blacklist check

The library.json includes a blacklist for e-mail domains. More than 500 trashmail domains have been added to it. But there are also some very popular e-mail providers on it. Those e-mail providers are most often a waste of time when you check or crack mailpass combolists. Sometimes they just block the access, sometimes they ask for further verification.

That is not bad – it is good! It proves the importance of 2FA methods. Nevertheless, if you want to attack those providers, too, just edit the blacklist for your needs.

Download: https://github.com/DrPython3/MailRipV2

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *