User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active
 

Sometimes during different tests you need to send test emails, below will be shown  python script that sends email with word document attached. Its very useful during pentest to send email with malicious word document.

Below example with SMTP+TLS, tcp/587

 cat email_send.py

------------------------------------------------------------------------------------------------------------------------------

import smtplib
import email
from email import encoders
import os
from email.MIMEMultipart import MIMEMultipart
from email.Utils import COMMASPACE
from email.MIMEBase import MIMEBase
from email.parser import Parser
from email.MIMEImage import MIMEImage
from email.MIMEText import MIMEText
from email.MIMEAudio import MIMEAudio
import mimetypes

// Enter your host address/hostname and port here
smtp_host = 'IP ADDRESS/HOSTNAME'
smtp_port = 587


server = smtplib.SMTP()
server.connect(smtp_host,smtp_port)
server.ehlo()
server.starttls()

// Enter here smtp credentials and sender/recipient addresses, subject etc
server.login('login','password')
msg = email.MIMEMultipart.MIMEMultipart()
msg['From'] = 'This email address is being protected from spambots. You need JavaScript enabled to view it.';
msg['To'] = 'This email address is being protected from spambots. You need JavaScript enabled to view it.';
msg['Subject'] = 'Important info';
msg.attach(MIMEText('Email', 'plain'))

// Enter path to your file with filename, in example docm is located in the same directory as script
filename = 'contract.docm';
f = open(filename,'rb')

part = MIMEBase('application', 'vnd.openxmlformats-officedocument.wordprocessingml.document')
part.set_payload(f.read())

part.add_header('Content-Disposition', 'attachment; filename="%s"' % os.path.basename(filename))
encoders.encode_base64(part)
msg.attach(part)
f.close()

server.sendmail('This email address is being protected from spambots. You need JavaScript enabled to view it.','This email address is being protected from spambots. You need JavaScript enabled to view it.',msg.as_string())

------------------------------------------------------------------------------------------------------------------------------

Dont forget to add run permessions and simply run it with command: python email_send.py

Add comment


Security code
Refresh