How To Send An HTML E-mail Using Python Code

How To Send An HTML E-mail Using Python Code

Python is a fully-functional programming language that can do anything almost any other language can do, at comparable speeds. "Modules" are pre-written Python code that you "import" in your Python program.

Simple Mail Transfer Protocol (SMTP) is a protocol, which handles sending e-mail and routing e-mail between mail servers.

Python provides smtplib module, which defines an SMTP client session object that can be used to send mail to any Internet machine with an SMTP or ESMTP listener daemon.


Here is a simple syntax to create one SMTP object, which can later be used to send an e-mail −

import smtplib
smtpObj = smtplib.SMTP( [host [, port [, local_hostname]]] )

Here is the detail of the parameters:

host: This is the host running your SMTP server. You can specifiy IP address of the host or a domain name like tutorialspoint.com. This is optional argument.

port: If you are providing host argument, then you need to specify a port, where SMTP server is listening. Usually this port would be 25.

local_hostname:  If your SMTP server is running on your local machine, then you can specify just localhost as of this option.

An SMTP object has an instance method called sendmail, which is typically used to do the work of mailing a message. It takes three parameters −

• The sender - A string with the address of the sender.
• The receivers - A list of strings, one for each recipient.
• The message - A message as a string formatted as specified in the various RFCs.

Example

Here is a simple way to send one e-mail using Python script. Try it once

#!/usr/bin/python

import smtplib

sender = 'from@anydomain.com'
receivers = ['to@toanydomain.com']

message = """From: From Person <from@anydomain.com>
To: To Person <to@toanydomain.com>
Subject: SMTP e-mail test

This is a test e-mail message.
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Here, you have placed a basic e-mail in message, using a triple quote, taking care to format the headers correctly. An e-mail requires a From, To, and Subject header, separated from the body of the e-mail with a blank line.

To send the mail you use smtpObj to connect to the SMTP server on the local machine and then use the sendmail method along with the message, the from address, and the destination address as parameters (even though the from and to addresses are within the e-mail itself, these aren't always used to route mail).

If you are not running an SMTP server on your local machine, you can use smtplibclient to communicate with a remote SMTP server. Unless you are using a webmail service (such as Hotmail or Yahoo! Mail), your e-mail provider must have provided you with outgoing mail server details that you can supply them, as follows −

smtplib.SMTP('mail.your-domain.com', 25)

Sending an HTML e-mail using Python

When you send a text message using Python, then all the content are treated as simple text. Even if you include HTML tags in a text message, it is displayed as simple text and HTML tags will not be formatted according to HTML syntax. But Python provides option to send an HTML message as actual HTML message.

While sending an e-mail message, you can specify a Mime version, content type and character set to send an HTML e-mail.

Example

Following is the example to send HTML content as an e-mail. Try it 

#!/usr/bin/python

import smtplib

message = """From: From Person <from@anydomain.com>
To: To Person <to@toanydomain.com>
MIME-Version: 1.0
Content-type: text/html
Subject: SMTP HTML e-mail test

This is an e-mail message to be sent in HTML format

<b>This is HTML message.</b>
<h1>This is headline.</h1>
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Sending Attachments as an E-mail

To send an e-mail with mixed content requires to set Content-type header to multipart/mixed. Then, text and attachment sections can be specified within boundaries.

A boundary is started with two hyphens followed by a unique number, which cannot appear in the message part of the e-mail. A final boundary denoting the e-mail's final section must also end with two hyphens.

Attached files should be encoded with the pack("m") function to have base64 encoding before transmission.

Example

Following is the example, which sends a file /tmp/test.txt as an attachment. Try it once −

#!/usr/bin/python

import smtplib
import base64

filename = "/tmp/test.txt"

# Read a file and encode it into base64 format
fo = open(filename, "rb")
filecontent = fo.read()
encodedcontent = base64.b64encode(filecontent)  # base64

sender = 'webmaster@anydomain.com'
reciever = 'xyz@gmail.com'

marker = "AUNIQUEMARKER"

body ="""
This is a test email to send an attachment.
"""
# Define the main headers.
part1 = """From: From Person <me@domain.com>
To: To Person <xyz@gmail.com>
Subject: Sending Attachement
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=%s
--%s
""" % (marker, marker)

# Define the message action
part2 = """Content-Type: text/plain
Content-Transfer-Encoding:8bit

%s
--%s
""" % (body,marker)

# Define the attachment section
part3 = """Content-Type: multipart/mixed; name=\"%s\"
Content-Transfer-Encoding:base64
Content-Disposition: attachment; filename=%s

%s
--%s--
""" %(filename, filename, encodedcontent, marker)
message = part1 + part2 + part3

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, reciever, message)
   print "Successfully sent email"
except Exception:
   print "Error: unable to send email"

Enjoy the Code..

Source

DMitry A Deepmagic Information Gathering Tool

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU) Linux Command Line Application coded in C language.

DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The information are gathered with following methods:

• Perform an Internet Number whois lookup.
• Retrieve possible uptime data, system and server data.
• Perform a SubDomain search on a target host.
• Perform an E-Mail address search on a target host.
• Perform a TCP Portscan on the host target.
• A Modular program allowing user specified modules

Download and installation

DMitry can be downloaded by issuing following commands:

$ cd /data/src/
$ wget http://mor-pah.net/code/DMitry-1.3a.tar.gz


For installation, issue following commands:

$ tar xzvf DMitry-1.3a.tar.gz
$ cd DMitry-1.3a/
$ ./configure
$ make
$ sudo make install

Then optionally create a symbolic link to your /pentest/ directory:

$ mkdir -p /pentest/enumeration/dmitry/
$ ln -s /usr/local/bin/dmitry /pentest/enumeration/dmitry/dmitry

Use

help
DMitry help can be displayed by issuing:

$ dmitry --help

Download 

A2SV: Auto Scanning Tool To Find SSL Vulnerability

A2SV: Auto Scanning Tool To Find SSL Vulnerability

What is A2SV?
Its an Auto Scanning tool to find SSL Vulnerability and its featured with HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc

A. Support Vulnerability

[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack
[CVE-2016-0703] SSLv2 DROWN
B. Dev Plan

[PLAN] SSL ACCF

2. How to Install?

A. Download(clone) & Unpack A2SV

git clone https://github.com/hahwul/a2sv.git
cd a2sv
B. Install Python Package / OpenSSL

pip install argparse
pip install netaddr

apt-get install openssl
C. Run A2SV

python a2sv.py -h

3. How to Use?

usage: a2sv.py [-h] [-t TARGET] [-p PORT] [-m MODULE] [-v]

Optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Target URL/IP Address
-p PORT, --port PORT  Custom Port / Default: 443
-m MODULE, --module MODULE
                      Check SSL Vuln with one module
                      [h]: HeartBleed
                      [c]: CCS Injection
                      [p]: SSLv3 POODLE
                      [f]: OpenSSL FREAK
                      [l]: OpenSSL LOGJAM
                      [d]: SSLv2 DROWN
-u, --update          Update A2SV (GIT)
-v, --version         Show Version

[Scan SSL Vulnerability]
python a2sv.py -t 127.0.0.1
python a2sv.py -t 127.0.0.1 -m heartbleed
python a2sv.py -t 127.0.0.1 -p 8111

[Update A2SV]
python a2sv.py -u
python a2sv.py --update

Download 

CuckooDroid - Automated Android Malware Analysis Tool

CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application.

CuckooDroid featured with VM-detection techniques, encryption key extraction, SSL inspection, API call trace, basic behavioural signatures. Also provides both static and dynamic APK inspection.

Installation - Easy integration script:

git config --global user.email "you@example.com"

 

 

git config --global user.name "Your Name"
git clone --depth=1 https://github.com/cuckoobox/cuckoo.git cuckoo -b 1.2
cd cuckoo
git remote add droid https://github.com/idanr1986/cuckoo-droid
git pull --no-edit -s recursive -X theirs droid master 
cat conf-extra/processing.conf >> conf/processing.conf
cat conf-extra/reporting.conf >> conf/reporting.conf
rm -r conf-extra
echo "protobuf" >> requirements.txt

Download

Hack QR Code Through QRLJacking Attack

Hack QR Code Through QRLJacking Attack

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking. This tool is launched by Information Security Researcher Mohamed Abdelbasset Elnouby from Seekurity Labs.

What are the requirements to achieve a successful QRLJacking attack?

QRLJacking attack consists of two sides:

• Server Side: A server side script is needed to serve and shape the final look to the victim.
• Client Side: Cloning the QR and pushing it to the phishing page.

Example: WhatsApp Web Application!

Server Setup (Attacker's hosting):

Upload "qrHandler.php" to your server, this php file is used to convert the base64 qr code string into a valid .JPG file

Now we have a valid generated QR image named "tmp.jpg" residing in the same root folder of your files and will be updated whenever that php file will be called, So we can put it anywhere "for example a fake WhatsApp page, a scam page with an offer related to WhatsApp, etc... depending on your creativity"

Now update the "phishing.html" file your prefered phishing page source code.

Client Side Setup (Attacker's browser):

1. Open your Firefox browser!
2. Write "about:config" in the url area, click the "i'll be careful, i promise" confirmation button.
3. Search for a preference named "security.csp.enable" and change it's value to "false" by double clicking it to allow performing an XHR Request over a different domain (We're not supporting leaving this preference disabled, you may do that while testing, but after that you should set the preference to its original state).
4. Instal Greasemonkey addon (https://addons.mozilla.org/en-US/firefox/addon/greasemonkey) and be sure that the module file "WhatsAppQRJackingModule.js" is loaded and already running!
5. Now We're Ready, Browse to our example "https://web.whatsapp.com" on your side, Wait for a WhatsApp session to be loaded, Greasemonkey should now inject our WhatsApp module file to catch and .
6. Send the direct link of the final phishing page to a victim "Once the QR scanned, Victim's session is yours now"

Video:

Attacking WhatsApp Web Application and performing MiTM attack to inject a bogus ad including WhatsApp QR Code Demo Video.



Download

A Simple Static Malware Analyzer SSMA Tool Written in Python 3

SSMA is a simple malware analyzer written in Python 3. 

Features: 

1. Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.) 
2. Searches for possible domains, e-mail addresses, IP addresses in the strings of the file. 
3. Checks if domain is blacklisted based on abuse.ch’s Ransomware Domain Blocklist and malwaredomains.com’s blocklist. 
4. Looks for Windows functions commonly used by malware. 
5. Get results from VirusTotal and/or upload files. 
6. Malware detection based on Yara-rules 
7. Detect well-known software packers. 
8. Detect the existence of cryptographic algorithms. 
9. Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis. 
10. Find if documents have been crafted to leverage malicious code. 

Usage: 

git clone https://github.com/secrary/SSMA
cd SSMA
sudo pip3 install -r requirements.txt
python3 ssma.py -h
python3 ssma.py -k api-key file.exe

You can just statically scan the file or upload to VirustTotal using your API-KEY.

python3 ssma.py file.exe
python3 ssma.py -k api-key file.exe

Download