Skip to content

Commit

Permalink
feat: additional Gmail validation
Browse files Browse the repository at this point in the history
- check the validity of `gmail.com`/`googlemail.com` email addresses via
  the method outlined
  [here](https://blog.0day.rocks/abusing-gmail-to-get-previously-unlisted-e-mail-addresses-41544b62b2).
- run only via the `--gmail-use-api`/`gmail_use_api` flags (defaulting
  to `false`.)

relates reacherhq#937
  • Loading branch information
PsypherPunk authored and PsypherPunk committed Oct 4, 2022
1 parent 0707bb4 commit 36deb1f
Show file tree
Hide file tree
Showing 7 changed files with 134 additions and 1 deletion.
4 changes: 4 additions & 0 deletions cli/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,10 @@ OPTIONS:
--yahoo-use-api <YAHOO_USE_API>
For Yahoo email addresses, use Yahoo's API instead of connecting directly to their SMTP
servers [env: YAHOO_USE_API=] [default: true]
--gmail-use-api <GMAIL_USE_API>
For Gmail email addresses, use Gmail's API instead of connecting directly to their SMTP
servers [env: GMAIL_USE_API=] [default: false]
```
**💡 PRO TIP:** To show debug logs when running the binary, run:
Expand Down
8 changes: 7 additions & 1 deletion cli/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ pub struct Cli {
#[clap(long, env, default_value = "true", parse(try_from_str))]
pub yahoo_use_api: bool,

/// For Gmail email addresses, use Gmail's API instead of connecting
/// directly to their SMTP servers.
#[clap(long, env, default_value = "false", parse(try_from_str))]
pub gmail_use_api: bool,

/// The email to check.
pub to_email: String,
}
Expand All @@ -76,7 +81,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
.set_from_email(CONF.from_email.clone())
.set_hello_name(CONF.hello_name.clone())
.set_smtp_port(CONF.smtp_port)
.set_yahoo_use_api(CONF.yahoo_use_api);
.set_yahoo_use_api(CONF.yahoo_use_api)
.set_gmail_use_api(CONF.gmail_use_api);
if let Some(proxy_host) = &CONF.proxy_host {
input.set_proxy(CheckEmailInputProxy {
host: proxy_host.clone(),
Expand Down
1 change: 1 addition & 0 deletions core/src/smtp/connect.rs
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,7 @@ pub async fn check_smtp_with_retry(
#[cfg(feature = "headless")]
Err(SmtpError::HotmailError(_)) => result,
Err(SmtpError::YahooError(_)) => result,
Err(SmtpError::GmailError(_)) => result,
// Only retry if the SMTP error was unknown.
Err(err) if err.get_description().is_none() => {
if count <= 1 {
Expand Down
9 changes: 9 additions & 0 deletions core/src/smtp/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.

use super::gmail::GmailError;
#[cfg(feature = "headless")]
use super::hotmail::HotmailError;
use super::parser;
Expand All @@ -39,6 +40,8 @@ pub enum SmtpError {
TimeoutError(future::TimeoutError),
/// Error when verifying a Yahoo email via HTTP requests.
YahooError(YahooError),
/// Error when verifying a Gmail email via a HTTP request.
GmailError(GmailError),
/// Error when verifying a Hotmail email via headless browser.
#[cfg(feature = "headless")]
HotmailError(HotmailError),
Expand All @@ -62,6 +65,12 @@ impl From<YahooError> for SmtpError {
}
}

impl From<GmailError> for SmtpError {
fn from(e: GmailError) -> Self {
SmtpError::GmailError(e)
}
}

#[cfg(feature = "headless")]
impl From<HotmailError> for SmtpError {
fn from(e: HotmailError) -> Self {
Expand Down
92 changes: 92 additions & 0 deletions core/src/smtp/gmail.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
// check-if-email-exists
// Copyright (C) 2018-2022 Reacher

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.

// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.

use super::SmtpDetails;
use crate::util::{
constants::LOG_TARGET, input_output::CheckEmailInput, ser_with_display::ser_with_display,
};
use async_smtp::EmailAddress;
use reqwest::Error as ReqwestError;
use serde::Serialize;
use std::fmt;

const GLXU_PAGE: &str = "https://mail.google.com/mail/gxlu";

/// Possible errors when checking Gmail email addresses.
#[derive(Debug, Serialize)]
pub enum GmailError {
/// Error when serializing or deserializing HTTP requests and responses.
#[serde(serialize_with = "ser_with_display")]
ReqwestError(ReqwestError),
}

impl fmt::Display for GmailError {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self)
}
}

impl From<ReqwestError> for GmailError {
fn from(error: ReqwestError) -> Self {
GmailError::ReqwestError(error)
}
}

/// Helper function to create a reqwest client, with optional proxy.
fn create_client(input: &CheckEmailInput) -> Result<reqwest::Client, ReqwestError> {
if let Some(proxy) = &input.proxy {
log::debug!(
target: LOG_TARGET,
"[email={}] Using proxy socks://{}:{} for gmail API",
input.to_email,
proxy.host,
proxy.port
);

let proxy = reqwest::Proxy::all(&format!("socks5://{}:{}", proxy.host, proxy.port))?;
reqwest::Client::builder().proxy(proxy).build()
} else {
Ok(reqwest::Client::new())
}
}

/// Use HTTP request to verify if a Gmail email address exists.
/// See: <https://blog.0day.rocks/abusing-gmail-to-get-previously-unlisted-e-mail-addresses-41544b62b2>
pub async fn check_gmail(
to_email: &EmailAddress,
input: &CheckEmailInput,
) -> Result<SmtpDetails, GmailError> {
let response = create_client(input)?
.head(GLXU_PAGE)
.query(&[("email", to_email)])
.send()
.await?;

let email_exists = response.headers().contains_key("Set-Cookie");

log::debug!(
target: LOG_TARGET,
"[email={}] gmail response: {:?}",
to_email,
response
);

Ok(SmtpDetails {
can_connect_smtp: true,
is_deliverable: email_exists,
..Default::default()
})
}
8 changes: 8 additions & 0 deletions core/src/smtp/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

mod connect;
mod error;
mod gmail;
#[cfg(feature = "headless")]
mod hotmail;
mod parser;
Expand Down Expand Up @@ -62,6 +63,13 @@ pub async fn check_smtp(
.await
.map_err(|err| err.into());
}
if input.gmail_use_api
&& (host_lowercase.contains("gmail") || host_lowercase.contains("googlemail"))
{
return gmail::check_gmail(to_email, input)
.await
.map_err(|err| err.into());
}
#[cfg(feature = "headless")]
if let Some(webdriver) = &input.hotmail_use_headless {
if host_lowercase.contains("outlook") {
Expand Down
13 changes: 13 additions & 0 deletions core/src/util/input_output.rs
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,11 @@ pub struct CheckEmailInput {
///
/// Defaults to true.
pub yahoo_use_api: bool,
/// For Gmail email addresses, use Gmail's API instead of connecting
/// directly to their SMTP servers.
///
/// Defaults to false.
pub gmail_use_api: bool,
/// For Hotmail/Outlook email addresses, use a headless navigator
/// connecting to the password recovery page instead of the SMTP server.
/// This assumes you have a WebDriver compatible process running, then pass
Expand Down Expand Up @@ -122,6 +127,7 @@ impl Default for CheckEmailInput {
smtp_security: SmtpSecurity::Opportunistic,
smtp_timeout: None,
yahoo_use_api: true,
gmail_use_api: false,
retries: 2,
}
}
Expand Down Expand Up @@ -229,6 +235,13 @@ impl CheckEmailInput {
self
}

/// Set whether to use Gmail's API or connecting directly to their SMTP
/// servers. Defaults to false.
pub fn set_gmail_use_api(&mut self, use_api: bool) -> &mut CheckEmailInput {
self.gmail_use_api = use_api;
self
}

/// Set whether or not to use a headless navigator to navigate to Hotmail's
/// password recovery page to check if an email exists. If set to
/// `Some(<endpoint>)`, this endpoint must point to a WebDriver process,
Expand Down

0 comments on commit 36deb1f

Please sign in to comment.