#!/usr/bin/python3
#
#   SMTP Server configuration black-box testing/audit tool, capable of auditing
# SPF/Accepted Domains, DKIM, DMARC, SSL/TLS, SMTP services, banner, Authentication (AUTH, X-EXPS)
# user enumerations (VRFY, EXPN, RCPT TO), and others.
#
# Currently supported tests:
#   01) 'spf'                           - SPF DNS record test
#           - 'spf-version'             - Checks whether SPF record version is valid
#           - 'all-mechanism-usage'     - Checks whether 'all' mechanism is used correctly
#           - 'allowed-hosts-list'      - Checks whether there are not too many allowed hosts
#   02) 'dkim'                          - DKIM DNS record test
#           - 'public-key-length'       - Tests whether DKIM Public Key is at least 1024 bits long
#   03) 'dmarc'                         - DMARC DNS record test
#           - 'dmarc-version'           - Checks whether DMARC record version is valid
#           - 'policy-rejects-by-default' - Checks whether DMARC uses reject policy
#           - 'number-of-messages-filtered' - Checks whether there are at least 20% messages filtered.
#   04) 'banner-contents'               - SMTP Banner sensitive informations leak test
#           - 'not-contains-version'    - Contains version information
#           - 'not-contains-prohibited-words'- Contains software/OS/or other prohibited name
#           - 'is-not-long-or-complex'  - Seems to be long and/or complex
#           - 'contains-hostname'       - Checks whether SMTP banner contains valid hostname
#   05) 'open-relay'                    - Open-Relay misconfiguration test
#           - 'internal-internal'
#           - 'internal-external'
#           - 'external-internal'
#           - 'external-external'
#           - And about 19 other variants
#                                       - (the above is very effective against Postfix)
#   06) 'vrfy'                          - VRFY user enumeration vulnerability test
#   07) 'expn'                          - EXPN user enumeration vulnerability test
#   08) 'rcpt-to'                       - RCPT TO user enumeration vulnerability test
#   09) 'secure-ciphers'                - SSL/TLS ciphers security weak configuration
#   10) 'starttls-offering'             - STARTTLS offering (opportunistic) weak configuration
#   11) 'auth-over-ssl'                 - STARTTLS before AUTH/X-EXPS enforcement weak configuration
#   12) 'auth-methods-offered'          - Test against unsecure AUTH/X-EXPS PLAIN/LOGIN methods.
#   13) 'tls-key-len'                   - Checks private key length of negotiated or offered SSL/TLS cipher suites.
#   14) 'spf-validation'                - Checks whether SMTP Server has been configured to validate sender's SPF 
#                                         or if it's Microsoft Exchange - that is uses Accepted Domains
#
# Tests obtain results in tri-state boolean, acordingly:
#   - 'secure'  - The test has succeeded and proved GOOD and SECURE configuration.
#   - 'unsecure'- The test has succeeded and proved BAD and UNSECURE configuration.
#   - 'unknown' - The test has failed and did not prove anything.
#
# ATTACKS offered (--attack option):
#   Currently the tool offers functionality to lift up user emails enumeration, by the use of 
#   RCPT TO, MAIL FROM and VRFY methods. 
#
# Requirements:
#   - Python 3.5+
#   - dnspython
#
# TODO:
#   - refactor all the code cause it's a mess at the moment
#   - modularize the code
#   - add support for Outlook's OWA, AutoDiscover, MAPI-over-HTTP, Exchange ActiveSync (EAC)
#   - add support for NTLM/Kerberos (GSSAPI) authentication when used from Domain-joined Windows box
#   - BUG: if smtpAudit.py connects with SMTP over non-encrypted channel (ssl: False) it should be alerted as 'unsecure', it is not atm
#   - test it more thoroughly against various SMTP setups and configurations
#   - fix the issue with hanged jobs doing DKIM lookup when they reach 99%
#   - introduce general program timeout
#   - improve output informations/messages, explanations
#   - implement options parsing, files passing, verbosity levels, etc
#   - add more options specifying various parameters, thresholds
#   - research other potential tests to implement
#   - add test for 'reject_multi_recipient_bounce' a.k.a. multi RCPT TO commands
#   - add more options and improve code for penetration-testing oriented usage (active attacks)
#
# Tested against:
#   - postfix 3.x
#   - Microsoft Exchange Server 2013
#
# Author:
#   Mariusz B. / mgeeky, '17-19, 
#   <mb@binary-offensive.com>
#

import re
import sys
import ssl
import time
import json
import math
import base64
import string
import socket
import pprint
import random
import inspect
import smtplib
import argparse
import datetime
import threading
import multiprocessing
from collections import Counter

try:
    from dns import name, resolver, exception
except ImportError:
    print('[!] Module "dnspython" not installed. Try: python3 -m pip install dnspython')
    sys.exit(-1)

if float(sys.version[:3]) < 3.5:
    print('[!] This program must be run with Python 3.5+')
    sys.exit(-1)


#
# ===================================================
# GLOBAL PROGRAM CONFIGURATION
#

VERSION = '0.7.7'

config = {
    # Enable script's output other than tests results.
    'verbose'   : False,

    # Turn on severe debugging facilities
    'debug'     : False,
    'smtp_debug': False,

    # Connection timeout threshold
    'timeout'   : 5.0,

    # Delay between consequent requests and connections.
    'delay'     : 2.0,

    # During the work of the program - the SMTP server will receive many of our incoming
    # connections. In such situation, the server may block our new connections due to 
    # exceeding conns limit/rate (like it does Postfix/anvil=count). Therefore it is crucial
    # to set up long enough interconnection-delay that will take of as soon as server 
    # responds with: "421 Too many connections". For most situations - 60 seconds will do fine.
    'too_many_connections_delay' : 60,

    # Perform full-blown, long-time taking DNS records enumeration (for SPF, DKIM, DMARC)
    #   Accepted values:
    #       - 'always'
    #       - 'on-ip' - do full enumeration only when given with server's IP address
    #       - 'never'
    'dns_full' : 'on-ip',

    # Specifies whether to do full, long-time taking DKIM selectors review.
    'dkim_full_enumeration' : True,

    # External domain used in Open-Relay and other tests
    'smtp_external_domain': 'gmail.com',

    # Pretend to be the following client host:
    'pretend_client_hostname': 'smtp.gmail.com',

    # Specifies whether to show results JSON unfolded (nested) or only when needed
    'always_unfolded_results': False,

    # Num of enumeration tries until test is considered completed (whether it succeeds or not).
    # Value -1 denotes to go with full spectrum of the test.
    'max_enumerations' : -1,

    # Use threading - may cause some issues with responsiveness, or cause program to hang.
    'threads' : True,

    # Uncommon words to have in DKIM selectors permutations list
    'uncommon_words' : (),

    # DO NOT CHANGE THIS ONE.
    'tests_to_carry' : 'all',
    'tests_to_skip' : '',

    # Maximum number of parallel process in DKIM enumeration test
    'parallel_processes' : 10,

    # When DNS resolver becomes busy handling thousands of DKIM queries, 
    # we can delay asking for more selectors iteratively.
    'delay_dkim_queries' : True,

    # Output format. Possible values: json, text
    'format' : 'text',

    # Colorize output
    'colors': True,

    # Attack mode 
    'attack': False,

    # Minimal key length to consider it secure
    'key_len' : 2048,

    # Maximum hosts in SPF considered secure:
    'spf_maximum_hosts' : 32,
}


#
# ===================================================
# PROGRAM IMPLEMENTATION
#

class colors:
    '''Colors class:
    reset all colors with colors.reset
    two subclasses fg for foreground and bg for background.
    use as colors.subclass.colorname.
    i.e. colors.fg.red or colors.bg.green
    also, the generic bold, disable, underline, reverse, strikethrough,
    and invisible work with the main class
    i.e. colors.bold
    '''
    reset = '\033[0m'
    bold = '\033[01m'
    disable = '\033[02m'
    underline = '\033[04m'
    reverse = '\033[07m'
    strikethrough = '\033[09m'
    invisible = '\033[08m'

    class fg:
        black = '\033[30m'
        red = '\033[31m'
        green = '\033[32m'
        orange = '\033[33m'
        blue = '\033[34m'
        purple = '\033[35m'
        cyan = '\033[36m'
        lightgrey = '\033[37m'
        darkgrey = '\033[90m'
        lightred = '\033[91m'
        lightgreen = '\033[92m'
        yellow = '\033[93m'
        lightblue = '\033[94m'
        pink = '\033[95m'
        lightcyan = '\033[96m'

    class bg:
        black = '\033[40m'
        red = '\033[41m'
        green = '\033[42m'
        orange = '\033[43m'
        blue = '\033[44m'
        purple = '\033[45m'
        cyan = '\033[46m'
        lightgrey = '\033[47m'

#
# Output routines.
#
def _out(x, toOutLine = False, col = colors.reset): 
    if config['colors']:
        text = '{}{}{}\n'.format(
            col, x, colors.reset
        )
    else:
        text = x + '\n'

    if config['debug'] or config['verbose']: 
        if config['debug']:
            caller = (inspect.getouterframes(inspect.currentframe(), 2))[2][3]
            if x.startswith('['):
                x = x[:4] + '  ' + caller + '(): ' + x[4:]
        sys.stderr.write(text)

    elif config['format'] == 'text' and \
        (toOutLine or 'SECURE: ' in x or 'UNKNOWN: ' in x): 
        if config['attack']:
            sys.stderr.write(text)
        else:
            sys.stdout.write(text)

def dbg(x):
    if config['debug']: 
        caller2 = (inspect.getouterframes(inspect.currentframe(), 2))[1][3]
        caller1 = (inspect.getouterframes(inspect.currentframe(), 2))[2][3]
        caller = '{}() -> {}'.format(caller1, caller2)
        text = x
        if config['colors']: text = '{}{}{}'.format(colors.fg.lightblue, x, colors.reset)
        sys.stderr.write('[dbg] ' + caller + '(): ' + text + '\n')

def out(x, toOutLine = False): _out('[.] ' + x, toOutLine)
def info(x, toOutLine = False):_out('[?] ' + x, toOutLine, colors.fg.yellow)
def err(x, toOutLine = False): _out('[!] ' + x, toOutLine, colors.bg.red + colors.fg.black)
def fail(x, toOutLine = False):_out('[-] ' + x, toOutLine, colors.fg.red + colors.bold)
def ok(x, toOutLine = False):  _out('[+] ' + x, toOutLine, colors.fg.green + colors.bold)


class BannerParser:
    softwareWeight = 3
    osWeight = 2

    # MTAs
    prohibitedSoftwareWords = (
        'Exim',
        'Postfix',
        'Maildrop',
        'Cyrus',
        'Sendmail',
        'Exchange',
        'Lotus Domino',
    )

    prohibitedOSWords = (
        'Windows',
        'Linux',
        'Debian',
        'Fedora',
        'Unix',
        '/GNU)',
        'SuSE',
        'Mandriva',
        'Centos',
        'Gentoo',
        'Red Hat',
        'Microsoft(R) Windows(R)',
    )

    # Certain words will have greater weight since they are more important to hide in banner.
    # Every word must be in it's own list.
    prohibitedWords = prohibitedSoftwareWords + prohibitedOSWords + (
        'Microsoft ESMTP',
        'MAIL service ready at ',
        'Version:',
        'qmail',
        'Ver.',
        '(v.',
        'build:',
    )

    wellKnownDefaultBanners = {
        'Microsoft Exchange' : 'Microsoft ESMTP MAIL service ready at ',
        'IBM Lotus Domino' : 'ESMTP Service (Lotus Domino ',
    }

    # Statistical banner's length characteristics
    lengthCharacteristics = {
        'mean': 66.08,
        'median': 58.5,
        'std.dev': 27.27
    }

    # Reduced entropy statistical characteristics after removing potential timestamp
    # (as being added by e.g. Exim and Exchange)
    reducedEntropyCharacteristics = {
        'mean': 3.171583046,
        'median': 3.203097614,
        'std.dev': 0.191227689
    }

    weights = {
        'prohibitedWord': 1,
        'versionFound': 2,
        'versionNearProhibitedWord': 3,
    }

    # Max penalty score to consider banner unsecure.
    maxPenaltyScore = 4.0

    localHostnameRegex = r'(?:[0-9]{3}\s)?([\w\-\.]+).*'

    def __init__(self):
        self.results = {
            'not-contains-version' : True,
            'not-contains-prohibited-words' : True,
            'is-not-long-or-complex' : True,
            'contains-hostname' : False,
        }

    @staticmethod
    def entropy(data, unit='natural'):
        '''
        Source: https://stackoverflow.com/a/37890790
        '''
        base = {
            'shannon' : 2.,
            'natural' : math.exp(1),
            'hartley' : 10.
        }

        if len(data) <= 1:
            return 0

        counts = Counter()
        for d in data:
            counts[d] += 1

        probs = [float(c) / len(data) for c in counts.values()]
        probs = [p for p in probs if p > 0.]

        ent = 0
        for p in probs:
            if p > 0.:
                ent -= p * math.log(p, base[unit])

        return ent

    @staticmethod
    def removeTimestamp(banner):
        rex = r'\w{3}, \d{1,2} \w{3} \d{4} \d{2}:\d{2}:\d{2}(?: .\d{4})?'
        return re.sub(rex, '', banner)

    def parseBanner(self, banner):
        if not banner:
            if config['always_unfolded_results']:
                return dict.fromkeys(self.results, None)
            else:
                return None

        penalty = 0
        versionFound = ''

        for service, wellKnownBanner in BannerParser.wellKnownDefaultBanners.items():
            if wellKnownBanner.lower() in banner.lower():
                fail('UNSECURE: Default banner found for {}: "{}"'.format(
                    service, banner
                ))
            return False

        penalty += self.analyseBannerEntropy(banner)
        penalty += self.checkForProhibitedWordsAndVersion(banner)
        penalty += self.checkHostnameInBanner(banner)

        ret = (penalty < BannerParser.maxPenaltyScore)
        if not ret:
            fail('UNSECURE: Banner considered revealing sensitive informations (penalty: {}/{})!'.format(
                penalty, BannerParser.maxPenaltyScore
            ))
            _out('\tBanner: ("{}")'.format(banner), toOutLine = True)
            
            return self.results
        else:
            ok('SECURE: Banner was not found leaking anything. (penalty: {}/{})'.format(
                penalty, BannerParser.maxPenaltyScore
            ))
            _out('\tBanner: ("{}")'.format(banner), toOutLine = True)
            
            if all(self.results.values()) and not config['always_unfolded_results']:
                return True
            else:
                return self.results

    def analyseBannerEntropy(self, banner):
        penalty = 0
        reducedBanner = BannerParser.removeTimestamp(banner)
        bannerEntropy = BannerParser.entropy(reducedBanner)

        dbg('Analysing banner: "{}"'.format(banner))
        dbg('Length: {}, reduced banner Entropy: {:.6f}'.format(len(banner), bannerEntropy))

        if len(reducedBanner) > (BannerParser.lengthCharacteristics['mean'] \
            + 1 * BannerParser.lengthCharacteristics['std.dev']):
            info('Warning: Banner seems to be very long. Consider shortening it.', toOutLine = True)
            self.results['is-not-long-or-complex'] = False
            penalty += 1

        if bannerEntropy > (BannerParser.reducedEntropyCharacteristics['mean'] \
            + 1 * BannerParser.reducedEntropyCharacteristics['std.dev']):
            info('Warning: Banner seems to be complex in terms of entropy.'
                    ' Consider generalising it.', toOutLine = True)
            self.results['is-not-long-or-complex'] = False
            penalty += 1

        return penalty

    def checkForProhibitedWordsAndVersion(self, banner):
        penalty = 0
        versionFound = ''
        regexVersionNumber = r'(?:(\d+)\.)?(?:(\d+)\.)?(?:(\d+)\.\d+)'
        
        match = re.search(regexVersionNumber, banner)
        if match:
            versionFound = match.group(0)
            fail('Sensitive software version number found in banner: "{}"'.format(
                versionFound
            ), toOutLine = True)
            self.results['not-contains-version'] = False
            penalty += BannerParser.weights['versionFound']
        
        alreadyFound = set()
        for word in BannerParser.prohibitedWords:
            if word.lower() in banner.lower():
                if not word.lower() in alreadyFound:
                    info('Prohibited word found in banner: "{}"'.format(
                        word
                    ), toOutLine = True)
                    self.results['not-contains-prohibited-words'] = True
                    alreadyFound.add(word.lower())

                mult = 1
                if word.lower() in BannerParser.prohibitedSoftwareWords:
                    mult = BannerParser.softwareWeight
                elif word.lower() in BannerParser.prohibitedOSWords:
                    mult = BannerParser.prohibitedOSWords

                penalty += (float(mult) * BannerParser.weights['prohibitedWord'])

                # Does the word immediately follow or precede version number?
                if versionFound:
                    surrounds = (
                        '{}{}'.format(word, versionFound),
                        '{}{}'.format(versionFound, word),
                        '{} {}'.format(word, versionFound),
                        '{} {}'.format(versionFound, word),
                        '{}/{}'.format(word, versionFound),
                        '{}/{}'.format(versionFound, word),
                    )
                    for surr in surrounds:
                        if surr in banner:
                            info('Word was found lying around version: "{}". '\
                                'Consider removing it.'.format(
                                surr
                            ), toOutLine = True)
                            penalty += BannerParser.weights['versionNearProhibitedWord']
                            break

        return penalty

    def checkHostnameInBanner(self, banner):
        penalty = 0
        matched = re.search(BannerParser.localHostnameRegex, banner)

        if matched:
            localHostname = matched.group(1)
            self.results['contains-hostname'] = True
            info('Extracted hostname from banner: "{}"'.format(localHostname))
        else:
            fail('SMTP Banner does not contain server\'s hostname. This may cause SPAM reports.', toOutLine = True)
            penalty = 1

        return penalty



class DmarcParser:
    def __init__(self):
        self.results = {
            'dmarc-version' : False,
            'policy-rejects-by-default': False,
            'number-of-messages-filtered': True,
        }

    def processDmarc(self, record):
        if not record:
            if config['always_unfolded_results']:
                return dict.fromkeys(self.results, None)
            else:
                return None

        for keyValue in record.split(' '):
            if not keyValue: break
            k, v = keyValue.split('=')
            k = k.strip()
            v = v.strip()

            if v.endswith(';'): 
                v = v[:-1]

            if k == 'v':
                self.results['dmarc-version'] = v.lower() == 'dmarc1'
                if not self.results['dmarc-version']:
                    fail('UNSECURE: Unknown version of DMARC stated: {}'.format(v))

            elif k == 'p':
                if v.lower() not in ('none', 'reject', 'quarantine'):
                    fail('UNSECURE: Unknown policy stated: {}'.format(v))
                    self.results['policy-rejects-by-default'] = False
                else:
                    self.results['policy-rejects-by-default'] = v.lower() == 'reject'

                    if not self.results['policy-rejects-by-default']:
                        fail('UNSECURE: DMARC policy does not reject unverified messages ({}).'.format(
                            v
                        ))
            elif k == 'pct':
                try:
                    perc = int(v)
                    self.results['number-of-messages-filtered'] = perc >= 20

                    if self.results['number-of-messages-filtered']:
                        info('Percentage of filtered messages is satisfiable ({})'.format(
                            perc
                        ))
                    else:
                        fail('UNSECURE: Unsatisfiable percentage of messages filtered: {}!'.format(
                            perc
                        ))

                except ValueError:
                    fail('Defined "pct" is not a valid percentage!')
                    self.results['number-of-messages-filtered'] = False

        if not config['always_unfolded_results'] and all(self.results.values()):
            return True
        else:
            return self.results

class DkimParser:
    minimumDkimKeyLength = 1024

    def __init__(self):
        self.results = {
            'public-key-length': True,
        }

    def process(self, record):
        self.testKeyLength(record)

        if not config['always_unfolded_results'] and all(self.results.values()):
            return True
        else:
            return self.results

    def testKeyLength(self, txt):
        tags = txt.split(';')
        dkim = {}

        for t in tags:
            k, v = t.strip().split('=')
            dkim[k] = v

        if 'p' not in dkim.keys(): return False

        pubkey = base64.b64decode(dkim['p'])
        keyLen = (len(pubkey) - 38) * 8 # 38 bytes is for key's metadata

        if keyLen < 0: 
            fail('Incorrect Public Key in DKIM!')
            keyLen = 0

        dbg('DKIM: version = {}, algorithm = {}, key length = {}'.format(
            dkim['v'], dkim['k'], keyLen
        ))

        if keyLen < DkimParser.minimumDkimKeyLength:
            fail('UNSECURE: DKIM Public Key length is insufficient: {}. ' \
                'Recommended at least {}'.format(
                keyLen, DkimParser.minimumDkimKeyLength
            ))

            self.results['public-key-length'] = False
        else:
            ok('SECURE: DKIM Public key is of sufficient length: {}'.format(keyLen))
            self.results['public-key-length'] = True

        return self.results['public-key-length']

class SpfParser:
    #maxAllowedNetworkMask = 28
    maxNumberOfDomainsAllowed = 3

    allowedHostsNumber = 0
    allowSpecifiers = 0

    mechanisms = ('all', 'ip4', 'ip6', 'a', 'mx', 'ptr', 'exists', 'include')
    qualifiers = ('+', '-', '~', '?')

    def __init__(self):
        self.results = {
            'spf-version': True,
            'all-mechanism-usage': True,
            'allowed-hosts-list': True,
        }

        self.addressBasedMechanism = 0

    def process(self, record):
        if not record:
            if config['always_unfolded_results']:
                return dict.fromkeys(self.results, None)
            else:
                return None

        record = record.lower()
        tokens = record.split(' ')

        dbg('Processing SPF record: "{}"'.format(record))

        for token in tokens:
            qualifier = ''
            if not token: continue

            dbg('SPF token: {}'.format(token))

            if token.startswith('v=spf'):
                self.results['spf-version'] = self.processVersion(token)
                continue

            if token[0] not in string.ascii_letters and token[0] not in SpfParser.qualifiers:
                fail('SPF record contains unknown qualifier: "{}". Ignoring it...'.format(
                    token[0]
                ))

                qualifier = token[0]
                token = token[1:]
            else:
                qualifier = '+'

            if 'all' in token:
                self.results['all-mechanism-correctly-used'] = \
                self.processAllMechanism(token, record, qualifier)
                continue

            if len(list(filter(lambda x: token.startswith(x), SpfParser.mechanisms))) >= 1:
                self.processMechanism(record, token, qualifier)

        if not self.results['allowed-hosts-list']:
            #maxAllowed = 2 ** (32 - SpfParser.maxAllowedNetworkMask)
            maxAllowed = config['spf_maximum_hosts']

            fail('UNSECURE: SPF record allows more than {} max allowed hosts: {} in total.'.format(
                    maxAllowed, self.allowedHostsNumber
            ))
            _out('\tRecord: ("{}")'.format(record))

        if not self.results['allowed-hosts-list']:
            fail('There are too many allowed domains/CIDR ranges specified in SPF record: {}.'.format(
                self.allowSpecifiers
            ))

        if not config['always_unfolded_results'] and all(self.results.values()):
            dbg('All tests passed.')
            return True
        else:
            if not all(self.results.values()):
                dbg('Not all tests passed.: {}'.format(self.results))
            else:
                dbg('All tests passed.')

            return self.results

    def areThereAnyOtherMechanismsThan(self, mechanism, record):
        tokens = record.split(' ')
        otherMechanisms = 0

        for token in tokens:
            if not token: continue
            if token.startswith('v='): continue
            if token[0] in SpfParser.qualifiers:
                token = token[1:]

            if token == mechanism: continue
            if ':' in token:
                for s in token.split(':'):
                    if s in SpfParser.mechanisms:
                        otherMechanisms += 1
                        break

            if '/' in token:
                for s in token.split('/'):
                    if s in SpfParser.mechanisms:
                        otherMechanisms += 1
                        break

            if token in SpfParser.mechanisms:
                otherMechanisms += 1

        dbg('Found {} other mechanisms than "{}"'.format(otherMechanisms, mechanism))
        return (otherMechanisms > 0)

    def processVersion(self, token):
        v, ver = token.split('=')
        validVersions = ('1')

        for version in validVersions:
            if 'spf{}'.format(version) == ver:
                dbg('SPF version was found valid.')
                return True

        fail('SPF version is invalid.')
        return False

    def processAllMechanism(self, token, record, qualifier):
        if not record.endswith(token):
            fail('SPF Record wrongly stated - "{}" mechanism must be placed at the end!'.format(
                token
            ))
            return False

        if token == 'all' and qualifier == '+':
            fail('UNSECURE: SPF too permissive: "The domain owner thinks that SPF is useless and/or doesn\'t care.": "{}"'.format(record))
            return False

        if not self.areThereAnyOtherMechanismsThan('all', record):
            fail('SPF "all" mechanism is too restrictive: "The domain sends no mail at all.": "{}"'.format(record), toOutLine = True)
            return False

        return True

    def getNetworkSize(self, net):
        dbg('Getting network size out of: {}'.format(net))
        m = re.match(r'[\w\.-:]+\/(\d{1,2})', net)
        if m:
            mask = int(m.group(1))
            return 2 ** (32 - mask)

        # Assuming any other value is a one host.
        return 1

    def processMechanism(self, record, token, qualifier):
        key, value = None, None
        addressBasedMechanisms = ('ip4', 'ip6', 'a', 'mx')
        numOfAddrBasedMechanisms = len(list(filter(lambda x: token.startswith(x), 
            addressBasedMechanisms)))

        # Processing address-based mechanisms.
        if numOfAddrBasedMechanisms >= 1:
            if self.addressBasedMechanism >= SpfParser.maxNumberOfDomainsAllowed:
                self.results['allowed-hosts-list'] = False
                self.allowSpecifiers += 1
            else:
                if qualifier == '+':
                    self.addressBasedMechanism += 1
                    self.checkTooManyAllowedHosts(token, record, qualifier)
                else:
                    dbg('Mechanism: "{}" not being passed.'.format(token))


    def checkTooManyAllowedHosts(self, token, record, qualifier):
        if self.results['allowed-hosts-list'] != True:
            return

        tok, val = None, None

        if ':' in token:
            tok, val = token.split(':')
        elif '/' in token and not ':' in token:
            tok, val = token.split('/')
            val = '0/{}'.format(val)
        elif token in SpfParser.mechanisms:
            tok = token
            val = '0/32'
        else:
            err('Invalid address-based mechanism: {}!'.format(token))
            return

        dbg('Processing SPF mechanism: "{}" with value: "{}"'.format(
            tok, val
        ))

        size = self.getNetworkSize(val)
        #maxAllowed = 2 ** (32 - SpfParser.maxAllowedNetworkMask)
        maxAllowed = config['spf_maximum_hosts']

        self.allowedHostsNumber += size
        if size > maxAllowed:
            self.results['minimum-allowed-hosts-list'] = False
            fail('UNSECURE: Too many hosts allowed in directive: {} - total: {}'.format(
                token, size
            ))


class SmtpTester:
    testsConducted = {
        'spf' : 'SPF DNS record test',
        'dkim' : 'DKIM DNS record test', 
        'dmarc' : 'DMARC DNS record test', 
        'banner-contents': 'SMTP Banner sensitive informations leak test', 
        'starttls-offering': 'STARTTLS offering (opportunistic) weak configuration', 
        'secure-ciphers': 'SSL/TLS ciphers security weak configuration', 
        'tls-key-len': 'Checks private key length of negotiated or offered SSL/TLS cipher suites.', 
        'auth-methods-offered': 'Test against unsecure AUTH/X-EXPS PLAIN/LOGIN methods.', 
        'auth-over-ssl': 'STARTTLS before AUTH/X-EXPS enforcement weak configuration', 
        'vrfy': 'VRFY user enumaration vulnerability test', 
        'expn': 'EXPN user enumaration vulnerability test', 
        'rcpt-to': 'RCPT TO user enumaration vulnerability test', 
        'open-relay': 'Open-Relay misconfiguration test',
        'spf-validation': 'Checks whether SMTP Server has been configured to validate sender\'s SPF or Accepted Domains in case of MS Exchange',
    }

    connectionLessTests = (
        'spf', 'dkim', 'dmarc'
    )

    # 25 - plain text SMTP
    # 465 - SMTP over SSL
    # 587 - SMTP-AUTH / Submission
    commonSmtpPorts = (25, 465, 587, )

    # Common AUTH X methods with sample Base64 authentication data.
    commonSmtpAuthMethods = {
        'PLAIN' : base64.b64encode('\0user\0password'.encode()),
        'LOGIN' : (
            (base64.b64encode('user'.encode()), base64.b64encode('password'.encode())), 
            ('user@DOMAIN.COM', base64.b64encode('password'.encode()))
        ),
        'NTLM' : (
            'TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==', 
            'TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==',
        ),
        'MD5' : '', 
        'DIGEST-MD5' : '',
        'CRAM-MD5' : '',
    }

    smtpAuthServices = ('AUTH', 'X-EXPS')
    authMethodsNotNeedingStarttls = ('NTLM', 'GSSAPI')

    # Pretend you are the following host:
    pretendLocalHostname = config['pretend_client_hostname']

    maxStarttlsRetries = 5

    # Source: SSLabs research: 
    #   https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
    secureCipherSuitesList = (
        'ECDHE-ECDSA-AES128-GCM-SHA256',
        'ECDHE-ECDSA-AES256-GCM-SHA384',
        'ECDHE-ECDSA-AES128-SHA',
        'ECDHE-ECDSA-AES256-SHA',
        'ECDHE-ECDSA-AES128-SHA256',
        'ECDHE-ECDSA-AES256-SHA384',
        'ECDHE-RSA-AES128-GCM-SHA256',
        'ECDHE-RSA-AES256-GCM-SHA384',
        'ECDHE-RSA-AES128-SHA',
        'ECDHE-RSA-AES256-SHA',
        'ECDHE-RSA-AES128-SHA256',
        'ECDHE-RSA-AES256-SHA384',
        'DHE-RSA-AES128-GCM-SHA256',
        'DHE-RSA-AES256-GCM-SHA384',
        'DHE-RSA-AES128-SHA',
        'DHE-RSA-AES256-SHA',
        'DHE-RSA-AES128-SHA256',
        'DHE-RSA-AES256-SHA256',
        'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
        'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
        'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
        'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
        'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
        'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
        'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
        'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
        'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
        'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
        'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
        'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
        'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
    )

    def __init__(self, 
        hostname, 
        port = None, 
        forceSSL = False, 
        dkimSelectorsList = None, 
        userNamesList = None,
        openRelayParams = ('', ''),
        connect = True,
        mailDomain = ''
    ):
        self.originalHostname = hostname
        self.hostname = hostname
        self.remoteHostname = self.localHostname = self.domain = self.resolvedIPAddress = ''
        self.port = port
        self.mailDomain = mailDomain
        self.ssl = None if not forceSSL else True
        self.forceSSL = forceSSL
        self.server = None
        self.starttlsFailures = 0
        self.starttlsSucceeded = False
        self.dkimSelectorsList = dkimSelectorsList
        self.userNamesList = userNamesList
        self.availableServices = set()
        self.banner = ''
        self.connected = False
        self.dumpTlsOnce = False
        self.connectionErrors = 0
        self.connectionErrorCodes = {}
        self.results = {}
        self.threads = {}
        self.stopEverything = False
        self.server_tls_params = {}
        self.openRelayParams = openRelayParams
        self.spfValidated = False

        if not hostname:
            fail('No hostname specified!')
            return

        assert config['dns_full'] in ('always', 'on-ip', 'never'), \
            "config['dns_full'] wrongly stated."

        if re.match(r'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}', hostname) and not mailDomain:
            spf = SmtpTester.checkIfTestToRun('spf')
            dkim = SmtpTester.checkIfTestToRun('dkim')
            dmarc = SmtpTester.checkIfTestToRun('dmarc')

            if spf or dkim or dmarc:
                out('Server\'s IP specified and no mail domain: SPF/DKIM/DMARC results may be inaccurate.', toOutLine = True)
                out('You may want to specify \'--domain\' and repeat those tests for greater confidence.', toOutLine = True)

            self.resolvedIPAddress = hostname
        
        needsConnection = False
        for test in SmtpTester.testsConducted.keys():
            if self.checkIfTestToRun(test) and test not in SmtpTester.connectionLessTests:
                needsConnection = True
                break

        try:
            if needsConnection and connect and not self.connect():
                sys.exit(-1)
        except KeyboardInterrupt:
            fail('Premature program interruption. Did not even obtained connection.')
            sys.exit(-1)

        self.connected = True
        if not self.resolveDomainName():
            sys.exit(-1)

    @staticmethod
    def getTests():
        return SmtpTester.testsConducted

    def stop(self):
        err('Stopping everything.')
        config['max_enumerations'] = 0
        self.stopEverything = True
        self.disconnect()

    def resolveDomainName(self):
        if self.hostname:
            resolutionFailed = False

            if re.match('^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$', self.hostname):
                resolved = None
                try:
                    resolved = socket.gethostbyaddr(self.hostname)
                    self.remoteHostname = repr(resolved[0]).replace("'", '')
                    info('Resolved DNS (A) name: "{}"'.format(
                        self.remoteHostname
                    ))

                except socket.herror as e:
                    dbg('IP address could not be resolved into hostname.')
                    resolutionFailed = True
            else:
                try:
                    resolved = socket.gethostbyname(self.hostname)
                    info('Resolved IP address / PTR: "{}"'.format(
                        resolved
                    ))
                    self.resolvedIPAddress = resolved
                except socket.herror as e:
                    dbg('DNS name could not be resolved into IP address.')

            matched = None
            if self.banner:
                matched = re.search(BannerParser.localHostnameRegex, self.banner)
                if matched:
                    self.localHostname = matched.group(1)
                    info('SMTP banner revealed server name: "{}".'.format(
                        self.localHostname
                    ))

            if resolutionFailed and not matched:
                fail("Could not obtain server's hostname from neither IP nor banner!")
                return False
            elif not resolutionFailed and not matched:
                info("Resolved IP but could not obtain server's hostname from the banner.")
                return True
            elif resolutionFailed and matched:
                info("It was possible to obtain server's hostname from the banner but not to resolve IP address.")
                return True

        return True

    def printDNS(getDNSValidHostname):
        def wrapper(self, noRemote = True):
            out = getDNSValidHostname(self, noRemote)
            if config['smtp_debug']:
                dbg('Using hostname: "{}" for DNS query.'.format(out))
            return out

        return wrapper

    @printDNS
    def getDNSValidHostname(self, noRemote = False):
        if self.localHostname: 
            return self.localHostname
        elif not noRemote and self.remoteHostname:
            return self.remoteHostname
        else:
            return self.hostname

    def getMailDomain(self):
        if self.mailDomain:
            return self.mailDomain

        hostname = self.getDNSValidHostname(noRemote = True)
        return '.'.join(hostname.split('.')[1:])

    def getAllPossibleDomainNames(self):
        allOfThem = [
            self.originalHostname,  # 0
            self.hostname,          # 1
            self.localHostname,     # 2
            self.getMailDomain(),   # 3
            self.remoteHostname,    # 4

            # 5. FQDN without first LLD
            '.'.join(self.originalHostname.split('.')[1:])
        ]
        uniq = set()
        ret = []

        # Workaround for having OrderedSet() alike collection w/o importing such modules
        for host in allOfThem:
            if host not in uniq:
                ret.append(host)
            uniq.add(host)

        return ret

    def getDomainsToReviewDNS(self):
        if self.mailDomain:
            return [self.mailDomain,]

        domainsToReview = [self.originalHostname]
        doFullReview = False
        ipRex = r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'

        if config['dns_full'] == 'always' or \
            (config['dns_full'] == 'on-ip' and re.match(ipRex, self.originalHostname)):
            doFullReview = True

        if doFullReview:
            domainsToReview = list(filter(
                lambda x: not re.match(ipRex, x),
                self.getAllPossibleDomainNames()
            ))

        # Get only domains, not subdomains.
        domainsToReview = set(map(
            lambda x: '.'.join(x.split('.')[-2:]),
            domainsToReview
        ))

        out = list(filter(None, domainsToReview))
        out = [x.replace('"', '').replace("'", "") for x in out]
        return out

    def disconnect(self):
        if self.server:
            try: 
                self.server.quit()
                del self.server
                self.server = None
                time.sleep(0.5)
            except: 
                pass

    def connect(self, quiet = False, sayHello = False):
        ret = False
        noBannerPreviously = self.banner == ''

        if self.stopEverything:
            return False

        self.disconnect()

        if self.port == None:
            ret = self.tryToConnectOnDifferentPorts(quiet)
        else:
            ret = self.reconnect(quiet)
        
        if noBannerPreviously and self.banner:
            _out('SMTP banner: "{}"'.format(self.banner), True, colors.fg.pink)

        if ret and sayHello:
            dbg('Saying HELO/EHLO to the server...')
            out = self.sendcmd('EHLO ' + SmtpTester.pretendLocalHostname)
            dbg('Server responded to HELO/EHLO with: {}'.format(out))

            if out[0]:
                self.parseHelpOutputAndUpdateServicesList(out[1].decode())
            else:
                err('Could not obtain response to EHLO/HELO. Fatal error.', toOutLine = True)
                sys.exit(-1)

        return ret

    def connectSocket(self, port, ssl, sayHello = True):
        if ssl:
            self.server = smtplib.SMTP_SSL(
                local_hostname = SmtpTester.pretendLocalHostname, 
                timeout = config['timeout']
            )
        else:
            self.server = smtplib.SMTP(
                local_hostname = SmtpTester.pretendLocalHostname, 
                timeout = config['timeout']
            )

        if config['smtp_debug']: 
            self.server.set_debuglevel(9)

        if config['delay'] > 0.0: 
            time.sleep(config['delay'])
                
        out = self.server.connect(self.hostname, port)
        if out[0] in (220, 250, ):
            dbg('Connected over {} to {}:{}'.format(
                'SSL' if ssl else 'Non-SSL', self.hostname, port
            ))

            self.banner = out[1].decode()
            self.port = port
            self.ssl = ssl

            if ssl:
                self.performedStarttls = True
                self.server_tls_params = {
                    'cipher' : self.server.sock.cipher(),
                    'version': self.server.sock.version(),
                    'shared_ciphers': self.server.sock.shared_ciphers(),
                    'compression': self.server.sock.compression(),
                    'DER_peercert': self.server.sock.getpeercert(True),
                    'selected_alpn_protocol': self.server.sock.selected_alpn_protocol(),
                    'selected_npn_protocol': self.server.sock.selected_npn_protocol(),
                }

            if sayHello:
                dbg('Saying HELO/EHLO to the server...')
                out = self.sendcmd('EHLO ' + SmtpTester.pretendLocalHostname)
                dbg('Server responded to HELO/EHLO with: {}'.format(out))

                self.parseHelpOutputAndUpdateServicesList(self.banner)
        else:
            if out[0] not in self.connectionErrorCodes.keys():
                self.connectionErrorCodes[out[0]] = 0
            else:
                self.connectionErrorCodes[out[0]] += 1

            if out[0] == 421:
                # 421 - Too many connections error
                pass

            elif out[0] == 450:
                # 450 - 4.3.2 try again later
                if self.connectionErrorCodes[out[0]] > 5:
                    err("We have sent too many connection requests and were temporarily blocked.\nSorry. Try again later.", toOutLine = True)
                    sys.exit(-1)
                else:
                    fail('Waiting 30s for server to cool down after our flooding...')
                    time.sleep(30)

            elif out[0] == 554:
                # 554 - 5.7.1 no reverse DNS
                out = False if self.connectionErrors > 0 else True
                err('Our host\'s IP does not have reverse DNS records - what makes SMTP server reject us.', toOutLine = out)
                if self.connectionErrors > 5:
                    err('Could not make the SMTP server, ccept us without reverse DNS record.', toOutLine = True)
                    sys.exit(-1)
            else:
                err('Unexpected response after connection, from {}:{}:\n\tCode: {}, Message: {}.'.format(
                    self.hostname, port, out[0], out[1]
                ))
            dbg('-> Got response: {}'.format(out))

            self.connectionErrors += 1
            if self.connectionErrors > 20:
                err('Could not connect to the SMTP server!')
                sys.exit(-1)

        return out

    def tryToConnectOnSSLandNot(self, port):
        try:
            # Try connecting over Non-SSL socket
            if self.forceSSL: 
                raise Exception('forced ssl')

            dbg('Trying non-SSL over port: {}'.format(port))
            self.connectSocket(port, False)
            return True

        except Exception as e:
            # Try connecting over SSL socket
            dbg('Exception occured: "{}"'.format(str(e)))
            try:
                dbg('Trying SSL over port: {}'.format(port))
                self.connectSocket(port, True)

                self.starttlsSucceeded = True
                return True

            except Exception as e:
                dbg('Both non-SSL and SSL connections failed: "{}"'.format(str(e)))

        return False

    def tryToConnectOnDifferentPorts(self, quiet):
        #
        # No previous connection.
        # Enumerate common SMTP ports and find opened one.
        #
        succeeded = False

        for port in SmtpTester.commonSmtpPorts:
            if self.stopEverything: break
            if self.tryToConnectOnSSLandNot(port):
                succeeded = True
                break

        if not quiet:
            if not succeeded:
                err('Could not connect to the SMTP server!')
            else:
                ok('Connected to the server over port: {}, SSL: {}'.format(
                    self.port, self.ssl
                ), toOutLine = True)

        return succeeded

    def reconnect(self, quiet, sayHello = True):
        #
        # The script has previously connected or knows what port to choose.
        #
        multiplier = 0

        for i in range(4):
            try:
                out = self.connectSocket(self.port, self.ssl, sayHello = sayHello)
                if out[0] == 421:
                    multiplier += 1
                    delay = multiplier * config['too_many_connections_delay']

                    info('Awaiting {} secs for server to close some of our connections...'.format(
                        delay
                    ))
                    time.sleep(delay)
                    continue
                else:
                    dbg('Reconnection succeeded ({})'.format(out))
                    return True

            except (socket.gaierror, 
                    socket.timeout, 
                    smtplib.SMTPServerDisconnected, 
                    ConnectionResetError) as e:
                dbg('Reconnection failed ({}/3): "{}"'.format(i, str(e)))

            dbg('Server could not reconnect after it unexpectedly closed socket.')

            return False

    def setSocketTimeout(self, timeout = config['timeout']):
        try:
            self.server.sock.settimeout(timeout)

        except (AttributeError, OSError):
            dbg('Socket lost somehow. Reconnecting...')

            if self.connect(True):
                try:
                    self.server.sock.settimeout(timeout)
                except (AttributeError, OSError): pass
            else:
                dbg('FAILED: Could not reconnect to set socket timeout.')


    def processOutput(sendcmd):
        def wrapper(self, command, nowrap = False):
            out = sendcmd(self, command, nowrap)

            if nowrap:
                return out

            if out and (out[0] == 530 and b'STARTTLS' in out[1]):
                if self.starttlsFailures >= SmtpTester.maxStarttlsRetries:
                    dbg('Already tried STARTTLS and it have failed too many times.')
                    return (False, False)

                dbg('STARTTLS reconnection after wrapping command ({})...'.format(command))

                if not self.performStarttls():
                    dbg('STARTTLS wrapping failed.')
                    return (False, 'Failure')

                dbg('Wrapping succeeded. Retrying command "{}" after STARTTLS.'.format(
                    command
                ))

                return sendcmd(self, command)

            elif out and (out[0] == 421):
                # 'Exceeded bad SMTP command limit, disconnecting.'
                dbg('Reconnecting due to exceeded number of SMTP connections...')
                if self.connect(quiet = True):
                    return sendcmd(self, command)
                else:
                    dbg('Could not reconnect after exceeded number of connections!')
                    return (False, False)

            self.checkIfSpfEnforced(out)

            return out
        return wrapper

    def performStarttls(self, sendEhlo = True):
        ret = True

        if self.ssl == True:
            dbg('The connection is already carried through SSL Socket.')
            return True

        if self.starttlsFailures > SmtpTester.maxStarttlsRetries:
            fail('Giving up on STARTTLS. There were too many failures...')
            return False

        out = self.sendcmd('STARTTLS')
        if out[0] == 220:
            dbg('STARTTLS engaged. Wrapping socket around SSL layer.')

            context = ssl.create_default_context()

            # Allow unsecure ciphers like SSLv2 and SSLv3
            context.options &= ~(ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
            context.check_hostname = False
            context.verify_mode = ssl.CERT_NONE

            if self.server and self.server.sock:
                self.setSocketTimeout(5 * config['timeout'])

            try:
                newsock = context.wrap_socket(
                    self.server.sock,
                    server_hostname = SmtpTester.pretendLocalHostname
                )

                # Re-initializing manually the smtplib instance
                self.server.sock = newsock
                self.server.file = None
                self.server.helo_resp = None
                self.server.ehlo_resp = None
                self.server.esmtp_features = {}
                self.server.does_esmtp = 0

                self.starttlsSucceeded = True

                self.server_tls_params = {
                    'cipher' : newsock.cipher(),
                    'version': newsock.version(),
                    'shared_ciphers': newsock.shared_ciphers(),
                    'compression': newsock.compression(),
                    'DER_peercert': newsock.getpeercert(True),
                    'selected_alpn_protocol': newsock.selected_alpn_protocol(),
                    'selected_npn_protocol': newsock.selected_npn_protocol(),
                }

                dbg('Connected to the SMTP Server via SSL/TLS.')
                if not self.dumpTlsOnce:
                    dbg('SSL Socket parameters:\n{}'.format(pprint.pformat(self.server_tls_params)))
                    self.dumpTlsOnce = True

                if sendEhlo:
                    dbg('Sending EHLO after STARTTLS...')
                    out = self.sendcmd('EHLO ' + SmtpTester.pretendLocalHostname)
                    if out[0]:
                        dbg('EHLO after STARTTLS returned: {}'.format(out))
                    else:
                        err('EHLO after STARTTLS failed: {}'.format(out))

            except (socket.timeout, ConnectionResetError) as e:
                err('SSL Handshake timed-out (Firewall filtering?). Fall back to plain channel.')
                dbg('STARTTLS exception: "{}"'.format(str(e)))
                
                self.starttlsFailures += 1
                if not self.connect(quiet = True, sayHello = False):
                    ret = False

            self.setSocketTimeout()
        elif out[0] == 500:
            info('The server is not offering STARTTLS.')
        else:
            fail('The server has not reacted for STARTTLS: ({}). Try increasing timeout.'.format(str(out)))

        return ret

    @processOutput
    def sendcmd(self, command, nowrap = False):
        out = (False, False)

        dbg('Sending command: "{}"'.format(command))
        self.setSocketTimeout(3 * config['timeout'])

        for j in range(3):
            try:
                if config['delay'] > 0.0: 
                    time.sleep(config['delay'])

                out = self.server.docmd(command)
                dbg('Command resulted with: {}.'.format(out))

                if out[0] in (503,) and b'hello first' in out[1].lower():
                        # 503: 5.5.2 Send hello first

                        dbg('Ok, ok - sending Hello first...')

                        if self.connect(quiet = True, sayHello = True):
                            dbg('Ok, reconnected and said hello. Trying again...')
                        else:
                            dbg('Failed reconnecting and saying hello.')
                            return (False, False)
                        continue
                break

            except (smtplib.SMTPServerDisconnected, socket.timeout) as e:
                if str(e) == 'Connection unexpectedly closed':
                    # smtplib.getreply() returns this error in case of reading empty line.
                    #dbg('Server returned empty line / did not return anything.')
                    #return (False, '')

                    dbg('Connection unexpectedly closed: {}'.format(str(e)))

                    if self.connect(quiet = True, sayHello = False):
                        continue
                else:
                    dbg('Server has disconnected ({}).'.format(str(e)))
                    if 'connect' in str(e).lower():
                        dbg('Attempting to reconnect and resend command...')
                        if self.connect(quiet = True, sayHello = False):
                            continue
                        else:
                            break

        if not out[0]:
            dbg('Could not reconnect after failure.')

        self.setSocketTimeout()
        return out[0], out[1]

    def parseHelpOutput(self, output):
        if len(output.split('\n')) >= 2:

            output = output.replace('\t', '\n')
            dbg('Parsing potential HELP output: "{}"'.format(
                output.replace('\n', '\\n')
            ))

            helpMultilineCommandsRegexes = (
                r'(?:\\n)([a-zA-Z- 0-9]{3,})',
                r'(?:\n)([a-zA-Z- 0-9]{3,})'
            )

            for rex in helpMultilineCommandsRegexes:
                out = re.findall(rex, output)
                if len([x for x in out if x != None]) > 0:
                    return out
        else:
            return ''

    def parseHelpOutputAndUpdateServicesList(self, out):
        outlines = self.parseHelpOutput(out)
        if outlines:
            self.availableServices.update(set(map(lambda x: x.strip(), outlines)))
            outlines = set()

            dbg('SMTP available services: {}'.format(pprint.pformat(self.availableServices)))
            return True

        return False

    def getAvailableServices(self):
        dbg('Acquiring list of available services...')
        
        out = False
        outlines = set()

        if self.banner:
            if self.parseHelpOutputAndUpdateServicesList(self.banner):
                return True

        out = self.sendcmd('EHLO ' + SmtpTester.pretendLocalHostname)
        if out[0]:
            dbg('EHLO returned: {}'.format(out))
            if self.parseHelpOutputAndUpdateServicesList(out[1].decode()):
                return True
            

        # We are about to provoke SMTP server sending us the HELP listing in result
        # of sending one of below collected list of commands.
        for cmd in ('HELP', '\r\nHELP', 'TEST'):
            try:
                out = self.sendcmd(cmd)
                if out[0] in (214, 220, 250):
                    ret = out[1].decode()

                    if self.parseHelpOutputAndUpdateServicesList(ret):
                        return True

                    outlines = self.parseHelpOutput(ret)
                    if len(outlines) < 2:
                        for line in ret.split('\\n'):
                            m = re.findall(r'([A-Z-]{3,})', line)
                            pos = ret.find(line)
                            if m and (pos > 0 and ret[pos-1] == '\n'):
                                dbg('Following line was found by 2nd method HELP parsing: "{}"'.format(
                                    line
                                ))

                                outlines = m
                                break
                if outlines:
                    break

            except Exception as e:
                continue

        if outlines:
            self.availableServices.update(set(map(lambda x: x.strip(), outlines)))

            dbg('SMTP available services: {}'.format(pprint.pformat(self.availableServices)))
            return True

        info('Could not collect available services list (HELP)')
        return False

    def getAuthMethods(self, service):
        if not self.availableServices:
            self.getAvailableServices()

        if not self.availableServices:
            fail('UNKNOWN: Could not collect available SMTP services')
            return None

        authMethods = set()
        authMethodsList = list(filter(
            lambda x: x.lower().startswith(service.lower()) and x.lower() != service.lower(), 
            self.availableServices
        ))

        # Conform following HELP format: "250-AUTH=DIGEST-MD5 CRAM-MD5 PLAIN LOGIN"
        if authMethodsList:
            dbg('List of candidates for {} methods: {}'.format(service, authMethodsList))

            for auth in authMethodsList:
                auth = auth.strip().replace('=', ' ')
                auth = auth.replace(service + ' ', '')

                if auth.count(' ') > 0:
                    s = set(['{}'.format(a) for a in auth.split(' ') \
                        if a.lower() != service.lower()])
                    authMethods.update(s)
                else:
                    authMethods.add(auth)
        else:
            dbg('The server does not offer any {} methods.'.format(service))

        if authMethods:
            dbg('List of {} methods to test: {}'.format(service, authMethods))

        return authMethods

    @staticmethod
    def ifMessageLike(out, codes = None, keywords = None, keywordsAtLeast = 0):
        codeCheck = False
        keywordCheck = False

        if not codes and not keywords:
            return False

        keywords2 = [k.lower() for k in keywords]
        msg = out[1].decode()
        found = 0
        for word in msg.split(' '):
            if word.lower() in keywords2:
                found += 1

        if codes != None and len(codes) > 0:
            codeCheck = out[0] in codes
        else:
            codeCheck = True

        if keywords != None and len(keywords) > 0:
            if keywordsAtLeast == 0:
                keywordCheck = found == len(keywords)
            else:
                keywordCheck = found >= keywordsAtLeast
        else:
            keywordCheck = True

        return codeCheck and keywordCheck

    @staticmethod
    def checkIfTestToRun(test):
        if (test in config['tests_to_skip']):
            return False

        if ('all' in config['tests_to_carry'] or test in config['tests_to_carry']):
            return True
        else:
            if config['smtp_debug']:
                dbg('Test: "{}" being skipped as it was marked as disabled.'.format(test))
            return False

    def runTests(self):
        dkimTestThread = None
        if SmtpTester.checkIfTestToRun('dkim'):
            dkimTestThread = self.dkimTestThread()
        
        results = [
            ('spf', None),
            ('dkim', None),
            ('dmarc', None),
            ('banner-contents', self.bannerSnitch),
            ('starttls-offering', self.starttlsOffer),
            ('secure-ciphers', self.testSecureCiphers),
            ('tls-key-len', self.testSSLKeyLen),
            ('auth-methods-offered', self.testSecureAuthMethods),
            ('auth-over-ssl', self.testSSLAuthEnforcement),
            ('vrfy', self.vrfyTest),
            ('expn', self.expnTest),
            ('rcpt-to', self.rcptToTests),
            ('open-relay', self.openRelayTest),
            ('spf-validation', self.spfValidationTest),
        ]

        if SmtpTester.checkIfTestToRun('spf'):
            self.results['spf'] = self.spfTest()

        once = True
        for res in results:
            test, func = res

            assert test in SmtpTester.testsConducted.keys(), \
                "The test: '{}' has not been added to SmtpTester.testsConducted!".format(test)

            if self.stopEverything: break
            if not SmtpTester.checkIfTestToRun(test):
                continue
                
            if not func: continue

            if config['delay'] > 0.0:
                time.sleep(config['delay'])

            if once:
                if not self.connected and not self.connect():
                    sys.exit(-1)
                else:
                    self.connected = True
                once = False

            dbg('Starting test: "{}"'.format(test))
            self.results[test] = func()

            if SmtpTester.checkIfTestToRun('auth-over-ssl') and \
                test == 'auth-over-ssl':
                dbg('Reconnecting after SSL AUth enforcement tests.')
                if self.stopEverything: break
                self.reconnect(quiet = True)

        testDmarc = False
        if SmtpTester.checkIfTestToRun('dkim') and \
            SmtpTester.checkIfTestToRun('spf') and \
            SmtpTester.checkIfTestToRun('dmarc'):
            testDmarc = True
            self.results['dmarc'] = None

        if SmtpTester.checkIfTestToRun('dmarc') and not testDmarc:
            err('To test DMARC following tests must be run also: SPF, DKIM.')

        if self.threads or dkimTestThread:
            if not self.stopEverything:
                info("Awaiting for threads ({}) to finish. Pressing CTRL-C will interrupt lookup process.".format(
                    ', '.join(self.threads.keys())
                ), toOutLine = True)

                try:
                    while (self.threads and all(self.threads.values())):
                        if self.stopEverything:
                            break
                        time.sleep(2)
                        if config['smtp_debug']:
                            dbg('Threads wait loop has finished iterating.')

                    if testDmarc:
                        self.results['dmarc'] = self.evaluateDmarc(
                            self.dmarcTest(), 
                            self.results['spf'], 
                            self.results['dkim']
                        )

                except KeyboardInterrupt:
                    err('User has interrupted threads wait loop. Returning results w/o DKIM and DMARC.')
        else:
            if testDmarc:
                self.results['dmarc'] = self.evaluateDmarc(
                    self.dmarcTest(), 
                    self.results['spf'], 
                    self.results['dkim']
                )
 
        # Translate those True and False to 'Secure' and 'Unsecure'
        self.results.update(SmtpTester.translateResultsDict(self.results))

        indent = 2
        return json.dumps(self.results, indent = indent)

    def runAttacks(self):
        attacksToBeLaunched = {
            'vrfy': self.vrfyTest, 
            'expn': self.expnTest, 
            'rcpt-to': self.rcptToTests,
        }

        results = []

        info('Attacks will be launched against domain: @{}'.format(self.getMailDomain()), toOutLine = True)
        info('If that\'s not correct, specify another one with \'--domain\'')

        for attack, func in attacksToBeLaunched.items():
            if not SmtpTester.checkIfTestToRun(attack):
                continue

            info('Launching attack: {} enumeration.'.format(attack), toOutLine = True)
            out = func(attackMode = True)

            if out and isinstance(out, list):
                info('Attack result: {} users found.'.format(len(out)), toOutLine = True)
                results.extend(out) 
            elif out:
                info('Attack most likely failed {}, result: {}'.format(attack, str(out)), toOutLine = True)
            else:
                fail('Attack {} failed.'.format(attack), toOutLine = True)

        return list(set(results))

    @staticmethod
    def translateResultsDict(results):
        for k, v in results.items():
                if isinstance(v, dict):
                    results[k] = SmtpTester.translateResultsDict(v)
                else:
                    if v == True:   results[k] = 'secure'
                    elif v == False:results[k] = 'unsecure'
                    else:           results[k] = 'unknown'

        return results

    #
    # ===========================
    # BANNER REVEALING SENSITIVIE INFORMATIONS TEST
    #
    def bannerSnitch(self):
        if not self.banner:
            info('Cannot process server\'s banner - as it was not possible to obtain one.')

        parser = BannerParser()
        return parser.parseBanner(self.banner)


    #
    # ===========================
    # SPF TESTS
    #
    def enumerateSpfRecords(self, domain):
        records = set()
        numberOfSpfRecords = 0
        once = True

        resv = resolver.Resolver()
        resv.timeout = config['timeout'] / 2.0

        info('Queried domain for SPF: "{}"'.format(domain))

        try:
            for txt in resv.query(domain, 'TXT'):
                txt = txt.to_text().replace('"', '')
                if txt.lower().startswith('v=spf') and txt not in records:
                    numberOfSpfRecords += 1
                    records.add(txt)

            if numberOfSpfRecords > 1 and once:
                err('Found more than one SPF record. One should stick to only one SPF record.')
                once = False

        except (resolver.NoAnswer, 
                resolver.NXDOMAIN,
                name.EmptyLabel, 
                resolver.NoNameservers) as e:
            pass

        return records

    def spfTest(self):
        records = {}
        txts = []
        for domain in self.getDomainsToReviewDNS():
            for txt in self.enumerateSpfRecords(domain):
                if txt not in records.keys():
                    txts.append(txt)
                    records[txt] = self.processSpf(txt)

        success = True
        if len(records):
            results = {}
            for txt, rec in records.items():
                origTxt, results = rec
                if isinstance(results, dict) and all(results.values()):
                    pass
                elif isinstance(results, bool) and results:
                    pass
                else:
                    fail('UNSECURE: SPF record exists, but not passed tests.')
                    _out('\tRecord: ("{}")'.format(origTxt))
                    return results

            ok('SECURE: SPF test passed.')
            _out('\tRecords: ("{}")'.format('", "'.join(txts)))
            if config['always_unfolded_results']:
                return results
        else:
            fail('UNSECURE: SPF record is missing.')
            success = False

        return success

    def processSpf(self, txt, recurse = 0):
        '''
        Code processing, parsing and evaluating SPF record's contents.
        '''
        maxRecursion = 3
        info('Found SPF record: "{}"'.format(txt))


        if recurse > maxRecursion:
            err('Too many SPF redirects, breaking recursion.')
            return None

        pos = txt.lower().find('redirect=')
        if pos > 0:
            for tok in txt.lower().split(' '):
                k, v = tok.split('=')
                if v.endswith(';'): v = v[:-1]
                if k == 'redirect':
                    info('SPF record redirects to: "{}". Following...'.format(v))
                    for txt in self.enumerateSpfRecords(v):
                        return (txt, self.processSpf(txt, recurse + 1))

        spf = SpfParser()
        return (txt, spf.process(txt))


    #
    # ===========================
    # DKIM TESTS
    #
    @staticmethod
    def _job(jid, domains, data, syncDkimThreadsStop, results, totalTested, dkimQueryDelay):
        try:
            if (results and sum([x != None for x in results]) > 0) or \
                SmtpTester.stopCondition(totalTested, syncDkimThreadsStop): 
                return
            results.append(SmtpTester.dkimTestWorker(domains, data, syncDkimThreadsStop, dkimQueryDelay, False, totalTested))
        except (ConnectionResetError, FileNotFoundError, BrokenPipeError, EOFError, KeyboardInterrupt):
            pass

    def dkimTestThread(self):
        self.results['dkim'] = None

        if not config['threads']:
            return self.dkimTest()

        poolNum = config['parallel_processes']
        t = threading.Thread(target = self._dkimTestThread, args = (poolNum, ))
        t.daemon = True
        t.start()
        return t

    def stopCondition(totalTested, syncDkimThreadsStop):
        if syncDkimThreadsStop.value:
            return True

        if config['max_enumerations'] > 0 and \
            totalTested.value >= config['max_enumerations']: 
            return True

        return False

    def _dkimTestThread(self, poolNum):
        def _chunks(l, n):
            return [l[i:i+n] for i in range(0, len(l), n)]

        self.threads['dkim'] = True
        dbg('Launched DKIM test in a new thread running with {} workers.'.format(poolNum))

        selectors = self.generateListOfCommonDKIMSelectors()
        info('Selectors to review: {}'.format(len(selectors)))

        jobs = []
        mgr = multiprocessing.Manager()
        totalTested = multiprocessing.Value('i', 0)
        syncDkimThreadsStop = multiprocessing.Value('i', 0)
        dkimQueryDelay = multiprocessing.Value('d', 0.0)

        results = mgr.list()
        slice = _chunks(selectors, len(selectors) // poolNum)
        domains = self.getDomainsToReviewDNS()

        try:
            for i, s in enumerate(slice):
                if SmtpTester.stopCondition(totalTested, syncDkimThreadsStop) or self.stopEverything: break
                proc = multiprocessing.Process(
                    target = SmtpTester._job, 
                    args = (i, domains, s, syncDkimThreadsStop, results, totalTested, dkimQueryDelay)
                )
                proc.start()
                jobs.append(proc)
            
            num = len(domains) * len(selectors)
            totals = []
            lastTotal = 0

            maxDelay = 4.0
            delayStep = 0.5
            smallStepToDelay = 50

            while totalTested.value < len(selectors) - 50:
                if SmtpTester.stopCondition(totalTested, syncDkimThreadsStop) or self.stopEverything: break

                totals.append(totalTested.value)
                js = '(jobs running: {})'.format(len(jobs))
                SmtpTester.dkimProgress(totalTested.value, selectors, num, syncDkimThreadsStop, True, js, dkimQueryDelay.value)

                if config['delay_dkim_queries']:
                    if totalTested.value - lastTotal < smallStepToDelay and dkimQueryDelay.value < maxDelay:
                        dkimQueryDelay.value += delayStep
                    elif totalTested.value - lastTotal >= smallStepToDelay and dkimQueryDelay.value > 0:
                        dkimQueryDelay.value -= delayStep

                lastTotal = totalTested.value

                # Wait 5*2 seconds for another DKIM progress message
                for i in range(15): 
                    if SmtpTester.stopCondition(totalTested, syncDkimThreadsStop) or self.stopEverything: break
                    time.sleep(2)

                if totals.count(totalTested.value) > 1:
                    syncDkimThreadsStop.value = 1
                    err('Stopping DKIM thread cause it seems to have stuck.', toOutLine = True)
                    break

            info('DKIM selectors enumerated. Stopping jobs...')
            for j in jobs:
                if SmtpTester.stopCondition(totalTested, syncDkimThreadsStop) or self.stopEverything: break
                for i in range(30):
                    if SmtpTester.stopCondition(totalTested, syncDkimThreadsStop) or self.stopEverything: break
                    j.join(2 * 60 / 30)
        except (KeyboardInterrupt, BrokenPipeError):
            pass

        try:
            if results and sum([x != None for x in results]) > 0:
                dbg('DKIM thread found valid selector.')
                self.results['dkim'] = [x for x in results if x != None][0]
            else:
                fail('UNSECURE: DKIM record is most likely missing, as proved after {} tries.'.format(
                    totalTested.value
                ))
        except FileNotFoundError:
            pass

        self.threads['dkim'] = False
        return self.results['dkim']

    def dkimTest(self, selectors = None):
        if not selectors:
            selectors = self.generateListOfCommonDKIMSelectors()
        
        ret = self.dkimTestWorker(self.getDomainsToReviewDNS(), selectors)
        self.results['dkim'] = ret
        return ret

    @staticmethod
    def dkimProgress(total, selectors, num, syncDkimThreadsStop, unconditional = False, extra = None, dkimQueryDelay = 0):
        if total < 100 or SmtpTester.stopCondition(total, syncDkimThreadsStop): 
            return

        progressStr = 'DKIM: Checked {:02.0f}% ({:05}/{:05}) selectors. Query delay: {:0.2f} sec.'.format(
            100.0 * (float(total) / float(len(selectors))),
            total,
            len(selectors),
            dkimQueryDelay
        )

        if extra: progressStr += ' ' + extra
        progressStr += '...'

        N = 10
        if (not config['debug'] and (unconditional or ((total % int(num // N)) == 0))):
            info(progressStr, toOutLine = True)

        elif (config['debug'] and (unconditional or (total % 250 == 0))):
            if config['threads']:
                dbg(progressStr)
            else:
                sys.stderr.write(progressStr + '\r')
                sys.stderr.flush()

    @staticmethod
    def dkimTestWorker(domainsToReview, selectors, syncDkimThreadsStop, dkimQueryDelay = None, reportProgress = True, totalTested = None):
        ret = False
        stopIt = False
        total = 0

        maxTimeoutsToAccept = int(0.3 * len(selectors))
        timeoutsSoFar = 0

        if SmtpTester.stopCondition(totalTested, syncDkimThreadsStop): return None

        num = len(domainsToReview) * len(selectors)
        if reportProgress:
            info('Checking around {} selectors. Please wait - this will take a while.'.format(
                num
            ))

        resv = resolver.Resolver()
        resv.timeout = 1.2

        for domain in domainsToReview:
            if stopIt or SmtpTester.stopCondition(totalTested, syncDkimThreadsStop): break
            if reportProgress:
                info('Enumerating selectors for domain: {}...'.format(domain))

            for sel in selectors:
                if stopIt or SmtpTester.stopCondition(totalTested, syncDkimThreadsStop): break
                dkimRecord = '{}._domainkey.{}'.format(sel, domain)
                total += 1
                if totalTested: totalTested.value += 1

                if reportProgress:
                    SmtpTester.dkimProgress(total, selectors, num)
                try:
                    if not dkimRecord: continue
                    if dkimQueryDelay and dkimQueryDelay.value > 0:
                        time.sleep(dkimQueryDelay.value)
                        
                    for txt in resv.query(dkimRecord, 'TXT'):
                        if stopIt or SmtpTester.stopCondition(totalTested, syncDkimThreadsStop): break

                        txt = txt.to_text().replace('"', '')
                        if config['max_enumerations'] > -1 and \
                            total >= config['max_enumerations']:
                            stopIt = True
                            break

                        if txt.lower().startswith('v=dkim'):
                            info('DKIM found at selector: "{}"'.format(sel))
                            ret = SmtpTester.processDkim(txt)

                            if ret: 
                                ok('SECURE: DKIM test passed.')
                            else: 
                                fail('UNSECURE: DKIM test not passed')

                            syncDkimThreadsStop.value = 1
                            return ret
                except (exception.Timeout) as e:
                    if timeoutsSoFar >= maxTimeoutsToAccept:
                        err('DNS enumeration failed: Maximum number of timeouts from DNS server reached.')
                        break
                    
                    timeoutsSoFar += 1

                except (AttributeError,
                        resolver.NoAnswer,
                        resolver.NXDOMAIN,
                        resolver.NoNameservers,
                        name.EmptyLabel, 
                        name.NameTooLong) as e:
                    continue

                except KeyboardInterrupt:
                    dbg('User has interrupted DKIM selectors enumeration test.')
                    return None

        if reportProgress:
            if total >= num:
                fail('UNSECURE: DKIM record is most likely missing. Exhausted list of selectors.')
            else:
                fail('UNSECURE: DKIM record is most likely missing. Process interrupted ({}/{}).'.format(
                    total, num
                ))

        return None

    @staticmethod
    def processDkim(txt):
        '''
        Code processing, parsing and evaluating DKIM record's contents.
        '''

        dkim = DkimParser()
        return dkim.process(txt)


    def generateListOfCommonDKIMSelectors(self):
        '''
        Routine responsible for generating list of DKIM selectors based on
        various permutations of the input words (like common DKIM selectors or other likely
        selector names).
        '''
        
        months = ('styczen', 'luty', 'marzec', 'kwiecien', 'maj', 'czerwiec', 'lipiec', 
            'sierpien', 'wrzesien', 'pazdziernik', 'listopad', 'grudzien', 'january', 
            'february', 'march', 'april', 'may', 'june', 'july', 'august', 'october', 
            'november', 'september', 'december', 'enero', 'febrero', 'marzo', 'abril', 
            'mayo', 'junio', 'agosto', 'septiembre', 'octubre', 'noviembre', 'diciembre', 
            'januar', 'februar', 'marz', 'mai', 'juni', 'juli', 'oktober', 'dezember')

        domains = self.domain.split('.')
        words = ('default', 'dkim', 'dk', 'domain', 'domainkey', 'test', 'selector', 
            'mail', 'smtp', 'dns', 'key', 'sign', 'signing', 'auth', 'sel', 'google', 
            'shopify.com'
        ) + tuple(domains) + config['uncommon_words']

        selectors = []

        # Set 0: All collected domains
        selectors.extend(self.getAllPossibleDomainNames())

        # Set 1: User-defined
        try:
            if self.dkimSelectorsList:
                with open(self.dkimSelectorsList, 'r') as f:
                    for l in f.readlines():
                        selectors.append(l.strip())
        except IOError:
            err('Could not open DKIM selectors list file.')
            sys.exit(-1)

        # Set 2: Common words permutations
        for w in words:
            selectors.append('{}'.format(w))
            selectors.append('_{}'.format(w))
            selectors.append('{}_'.format(w))

            for i in range(0, 11):
                if not config['dkim_full_enumeration']:
                    break

                selectors.append('{}{}'.format(w, i))
                selectors.append('{}{:02d}'.format(w, i))


        if config['dkim_full_enumeration']:
            nowTime = datetime.datetime.now()
            currYear = nowTime.year
            yearsRange = range(currYear - 2, currYear + 1)

            # Set 3: Year-Month text permutations
            for m in months:
                for yr in yearsRange:
                    ms = (
                        m[:3],
                        m,
                        '%d' % yr,
                        '%s%d' % (m, yr),
                        '%s%d' % (m[:3], yr),
                        '%s%d' % (m, (yr - 2000)),
                        '%s%d' % (m[:3], (yr - 2000)),
                        '%d%s' % (yr, m),
                        '%d%s' % (yr, m[:3]),
                        '%d%s' % ((yr - 2000), m),
                        '%d%s' % ((yr - 2000), m[:3]),
                    )
                    selectors.extend(ms)

            currTimeFormats = (
                '%Y%m%d',
                '%Y%d%m',
                '%d%m%Y',
                '%m%d%Y',
                '%Y',
                '%m',
                '%Y%m',
                '%m%Y'
            )

            # Set 4: Year-Month-Day date permutations
            for f in currTimeFormats:
                selectors.append(nowTime.strftime(f))

                for yr in yearsRange:
                    for j in range(1,13):
                        for k in range(1, 32):
                            try:
                                t = datetime.datetime(yr, j, k)
                                selectors.append(t.strftime(f))
                                selectors.append('%d' % (time.mktime(t.timetuple())))
                            except: 
                                pass

        dbg('Generated: {} selectors to review.'.format(len(selectors)))
        return selectors
        

    #
    # ===========================
    # DMARC TESTS
    #

    def evaluateDmarc(self, dmarc, spf, dkim):
        lack = []
        if not spf: lack.append('SPF')
        if not dkim: lack.append('DKIM')
        if dmarc and lack:
            fail('UNSECURE: DMARC cannot work without {} being set.'.format(', '.join(lack)))
            # Return anyway...
            #return False

        return dmarc

    def dmarcTest(self):
        ret = False
        found = False

        records = []
        
        for domain in self.getDomainsToReviewDNS():
            domain = '_dmarc.' + domain
            try:
                for txt in resolver.query(domain, 'TXT'):
                    txt = txt.to_text().replace('"', '')
                    if txt.lower().startswith('v=dmarc'):
                        info('Found DMARC record: "{}"'.format(txt))
                        ret = self.processDmarc(txt)
                        records.append(txt)
                        found = True
                        break

            except (resolver.NXDOMAIN, 
                resolver.NoAnswer, 
                resolver.NoNameservers):
                pass

            if ret: break

        if ret: 
            ok('SECURE: DMARC test passed.')
            _out('\tRecords: "{}"'.format('", "'.join(records)))

        elif found and not ret:
            fail('UNSECURE: DMARC tets not passed.')
        else: 
            fail('UNSECURE: DMARC record is missing.')

        return ret

    def processDmarc(self, record):
        parser = DmarcParser()
        return parser.processDmarc(record)

    def generateUserNamesList(self, permute = True):
        users = []

        common_ones = ('all', 'admin', 'mail', 'test', 'guest', 'root', 'spam', 'catchall', 
                    'abuse', 'contact', 'administrator', 'email', 'help', 'post', 'postmaster',
                    'rekrutacja', 'recruitment', 'pomoc', 'ayuda', 'exchange', 'relay',
                    'hilfe', 'nobody', 'anonymous', 'security', 'press', 'media', 'user', 
                    'foo', 'robot', 'av', 'antivirus', 'gate', 'gateway', 'job', 'praca', 
                    'it', 'auto', 'account', 'hr', 'db', 'web')

        if not permute:
            return common_ones

        words = common_ones + config['uncommon_words']

        # Set 1: User-defined
        try:
            if self.userNamesList:
                with open(self.userNamesList, 'r') as f:
                    for l in f.readlines():
                        users.append(l.strip())

            info('Read {} lines from users list.'.format(len(users)), toOutLine = True)
            return users

        except IOError:
            err('Could not open user names list file.', toOutLine = True)
            sys.exit(-1)

        # Set 2: Common words permutations
        for w in words:
            users.append('{}'.format(w))

            for i in range(0, 11):
                users.append('{}{}'.format(w, i))
                users.append('{}{:02d}'.format(w, i))

        dbg('Generated list of {} user names to test.'.format(len(users)))

        return users
        
    #
    # ===========================
    # EXPN TESTS
    #
    def expnTest(self, attackMode = False):
        i = 0
        maxFailures = 64
        failures = 0

        secureConfigurationCodes = (252, 500, 502)
        unsecureConfigurationCodes = (250, 251, 550, 551, 553)

        userNamesList = set(self.generateUserNamesList(permute = attackMode))
        foundUserNames = set()

        info('Attempting EXPN test, be patient - it may take a longer while...')

        try:
            for user in userNamesList:
                if config['max_enumerations'] > -1 and i >= config['max_enumerations']: 
                    dbg('Max enumerations exceeded accepted limit.')
                    if not attackMode: return False
                    else: return list(foundUserNames )

                if not attackMode and failures >= maxFailures:
                    err('FAILED: EXPN test failed too many times.')
                    return None

                out = self.sendcmd('EXPN {}'.format(user))

                if out[0] in secureConfigurationCodes \
                    or (out[0] == 550 and 'access denied' in out[1].lower()):
                    ok('SECURE: EXPN could not be used for user enumeration.')
                    _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                    if not attackMode: return True
                    else: return list(foundUserNames)

                elif out[0] in unsecureConfigurationCodes:
                    if not attackMode:
                        fail('UNSECURE: "EXPN {}": allows user enumeration!'.format(
                            user
                        ))
                        _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                        return False
                    else:
                        ok('Found new user: {}@{}'.format(rcptTo, self.getMailDomain()), toOutLine = True)
                        _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                        foundUserNames.add(rcptTo)

                elif (out[0] == False and out[1] == False) or not out[1]:
                    info('UNKNOWN: During EXPN test the server disconnected. This might be secure.')
                    if not attackMode: return None
                    else: return list(foundUserNames)

                else:
                    dbg('Other return code: {}'.format(out[0]))
                    failures += 1

                i += 1

        except KeyboardInterrupt:
            info('EXPN Attack interrupted.', toOutLine = True)

        if not attackMode:
            ok('SECURE: EXPN test succeeded, yielding secure configuration.')
            return True
        else:
            ok('EXPN Attack finished. Found: {} / {}'.format(
                len(foundUserNames), 
                len(userNamesList)
            ), toOutLine = True)
            return list(foundUserNames)
        

    #
    # ===========================
    # RCPT TO TESTS
    #
    def rcptToTests(self, attackMode = False):
        i = 0
        maxFailures = 256
        failures = 0

        unsecureConfigurationCodes = (250, )
        secureConfigurationCodes = (530, 553, 550)

        userNamesList = set(self.generateUserNamesList(permute = attackMode))
        foundUserNames = set()

        info('Attempting RCPT TO test, be patient - it takes a longer while...')

        for mailFrom in userNamesList:
            if not attackMode and failures >= maxFailures:
                err('FAILED: RCPT TO test failed too many times.')
                return None

            if config['max_enumerations'] > -1 and i >= config['max_enumerations']: 
                dbg('Max enumerations exceeded accepted limit.')
                if not attackMode: return False
                else: return list(foundUserNames )

            out = self.sendcmd('MAIL FROM: <{}@{}>'.format(
                mailFrom, self.getMailDomain()
            ))
            dbg('MAIL FROM returned: ({})'.format(out))

            if out and out[0] in (250,):
                dbg('Sender ok. Proceeding...')

            elif out[0] in (530, ):
                # 530: 5.7.1 Client was not authenticated
                ok('SECURE: SMTP server requires prior authentication when using RCPT TO.')
                _out('\tReturned: ("{}")'.format(out[1].decode()))
                if not attackMode: return True
                else: return list(foundUserNames)

            elif (out[0] == 503 and '5.5.1' in out[1] and 'sender' in out[1].lower() and 'specified' in out[1].lower()):
                # 503, 5.5.1 Sender already specified
                failures += 1
                continue
                
            elif out[0] in (503, ):
                # 503: 5.5.2 Send Hello first
                self.connect(quiet = True, sayHello = True)
                failures += 1
                continue

            elif (out[0] == False and out[1] == False) or not out[1]:
                info('UNKNOWN: During RCPT TO the server has disconnected. This might be secure.')
                if not attackMode: return None
                else: return list(foundUserNames)

            else:
                dbg('Server returned unexpected response in RCPT TO: {}'.format(out))
                failures += 1
                continue

            i = 0
            failures = 0

            try:
                for rcptTo in userNamesList:
                    if mailFrom == rcptTo: continue

                    if attackMode:
                        perc = float(i) / float(len(userNamesList)) * 100.0
                        if i % (len(userNamesList) / 10) == 0 and i > 0:
                            info('RCPT TO test progress: {:02.2f}% - {:04} / {:04}'.format(
                                perc, i, len(userNamesList)), toOutLine = True)

                    if config['max_enumerations'] > -1 and i >= config['max_enumerations']: 
                        dbg('Max enumerations exceeded accepted limit.')
                        if not attackMode: return None
                        else: return list(foundUserNames)

                    if not attackMode and failures >= maxFailures:
                        err('FAILED: RCPT TO test failed too many times.')
                        return None

                    out = self.sendcmd('RCPT TO: <{}@{}>'.format(
                        rcptTo, self.getMailDomain()
                    ))
                    dbg('RCTP TO returned: ({})'.format(out))

                    if out and out[0] in unsecureConfigurationCodes:
                        if not attackMode: 
                            fail('UNSECURE: "RCPT TO" potentially allows user enumeration: ({}, {})'.format(
                                out[0], out[1].decode()
                            ))
                            return False
                        elif rcptTo not in foundUserNames: 
                            ok('Found new user: {}@{}'.format(rcptTo, self.getMailDomain()), toOutLine = True)
                            _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                            foundUserNames.add(rcptTo)

                    elif out and out[0] in secureConfigurationCodes:
                        if SmtpTester.ifMessageLike(out, (550, ), ('user', 'unknown', 'recipient', 'rejected'), 2):
                            if not attackMode: 
                                info('Warning: RCPT TO may be possible: {} ({})'.format(out[0], out[1].decode()))
                        
                        #
                        # Can't decided, whether error code shall be treated as RCPT TO disabled message or
                        # as an implication that wrong recipient's address was tried. Therefore, we disable the below
                        # logic making it try every user name in generated list, until something pops up.
                        #
                        #else:
                        #    ok('SECURE: Server disallows user enumeration via RCPT TO method.')
                        #    _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                        #    if not attackMode: return False
                        #    else: return list(foundUserNames)

                    elif (out[0] == False and out[1] == False) or not out[1]:
                        info('UNKNOWN: During RCPT TO test the server has disconnected. This might be secure.')
                        if not attackMode: return None
                        else: return list(foundUserNames)

                    else:
                        dbg('Other return code: {}'.format(out[0]))
                        failures += 1

                    i += 1

                if attackMode:
                    break

            except KeyboardInterrupt:
                info('RCPT TO Attack interrupted.', toOutLine = True)
                break

            
        if not attackMode:
            ok('SECURE: RCPT TO test succeeded, yielding secure configuration.')
            return True
        else:
            ok('RCPT TO Attack finished. Found: {} / {}'.format(
                len(foundUserNames), 
                len(userNamesList)
            ), toOutLine = True)
            return list(foundUserNames)


    #
    # ===========================
    # VRFY TESTS
    #
    def vrfyTest(self, attackMode = False):
        i = 0
        maxFailures = 64
        failures = 0

        unsecureConfigurationCodes = (250, 251, 550, 551, 553)
        secureConfigurationCodes = (252, 500, 502, 535)

        userNamesList = set(self.generateUserNamesList(permute = attackMode))
        foundUserNames = set()

        info('Attempting VRFY test, be patient - it may take a longer while...')

        try:
            for user in userNamesList:
                if config['max_enumerations'] > -1 and i >= config['max_enumerations']: 
                    dbg('Max enumerations exceeded accepted limit.')
                    if not attackMode: return False
                    else: return list(foundUserNames)

                if not attackMode and failures >= maxFailures:
                    dbg('Failures exceeded maximum failures limit.')
                    return None

                out = self.sendcmd('VRFY {}'.format(user))

                if out[0] in secureConfigurationCodes \
                    or (out[0] == 550 and 'access denied' in out[1].lower()):
                    comm = ''
                    if out[0] == 535:
                        comm = 'unauthenticated '
                    ok('SECURE: VRFY disallows {}user enumeration.'.format(comm))
                    _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))

                    if not attackMode: return True
                    else: return list(foundUserNames)

                elif out[0] in unsecureConfigurationCodes:
                    if not attackMode:
                        fail('UNSECURE: "VRFY {}": allows user enumeration!'.format(
                            user
                        ))
                        _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                        return False
                    else:
                        ok('Found new user: {}@{}'.format(rcptTo, self.getMailDomain()), toOutLine = True)
                        _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
                        foundUserNames.add(rcptTo)

                elif (out[0] == False and out[1] == False) or not out[1]:
                    info('UNKNOWN: During VRFY test the server has disconnected. This might be secure.')
                    if not attackMode: return None
                    else: return list(foundUserNames)

                else:
                    dbg('Other return code: {}'.format(out[0]))
                    failures += 1

                i += 1

        except KeyboardInterrupt:
            info('Attack interrupted.', toOutLine = True)

        if not attackMode:
            ok('SECURE: VRFY test succeeded, yielding secure configuration.')
            return True
        else:
            ok('VRFY Attack finished. Found: {} / {}'.format(
                len(foundUserNames), 
                len(userNamesList)
            ), toOutLine = True)
            return list(foundUserNames)
        

    #
    # ===========================
    # OPEN-RELAY TESTS
    #
    def openRelayTest(self):
        if self.connect(quiet = True, sayHello = True):            
            results = {}

            internalDomain = self.getMailDomain()
            externalDomain = config['smtp_external_domain']

            ip = '[{}]'.format(self.resolvedIPAddress)
            if not self.resolvedIPAddress:
                ip = '[{}]'.format(self.originalHostname)

            srvname = self.localHostname
            domain = self.originalHostname

            if domain == srvname:
                domain = self.getMailDomain()

            dbg('Attempting open relay tests. Using following parameters:\n\tinternalDomain = {}\n\texternalDomain = {}\n\tdomain = {}\n\tsrvname = {}\n\tip = {}'.format(
                internalDomain, externalDomain, domain, srvname, ip
            ))

            domains = {
                'internal -> internal'  : [internalDomain, internalDomain],
                'srvname -> internal'   : [srvname, internalDomain],
                'internal -> external'  : [internalDomain, externalDomain],
                'external -> internal'  : [externalDomain, internalDomain],
                'external -> external'  : [externalDomain, externalDomain],

                'user@localhost -> external'  : ['localhost', externalDomain],

                #'empty -> empty'        : ['', ''],
                'empty -> internal'     : ['', internalDomain],
                'empty -> external'     : ['', externalDomain],
                'ip -> internal'        : [ip, internalDomain],
                'ip -> to%domain@[ip]'  : [ip, '<USER>%{}@{}'.format(domain, ip)],
                'ip -> to%domain@srvname': [ip, '<USER>%{}@{}'.format(domain, srvname)],
                'ip -> to%domain@[srvname]': [ip, '<USER>%{}@[{}]'.format(domain, srvname)],
                'ip -> "to@domain"'     : [ip, '"<USER>@{}"'.format(domain)],
                'ip -> "to%domain"'     : [ip, '"<USER>%{}"'.format(domain)],
                'ip -> to@domain@[ip]'  : [ip, '<USER>@{}@{}'.format(domain, ip)],
                'ip -> to@domain@'      : [ip, '<USER>@{}@'.format(domain)],
                'ip -> "to@domain"@[ip]': [ip, '"<USER>@{}"@{}'.format(domain, ip)],
                'ip -> to@domain@srvname': [ip, '<USER>@{}@{}'.format(domain,srvname)],
                'ip -> @[ip]:to@domain' : [ip, '@{}:<USER>@{}'.format(ip, domain)],
                'ip -> @srvname:to@domain': [ip, '@{}:<USER>@{}'.format(srvname, domain)],
                'ip -> domain!to'       : [ip, '{}!<USER>'.format(domain)],
                'ip -> domain!to@[ip]'  : [ip, '{}!<USER>@{}'.format(domain, ip)],
                'ip -> domain!to@srvname': [ip, '{}!<USER>@{}'.format(domain,srvname)],
            }

            dbg('Performing Open-Relay tests...')

            interrupted = False

            try:
                if (self.openRelayParams[0] != '' and self.openRelayParams[1] != '') and \
                    ('@' in self.openRelayParams[0] and '@' in self.openRelayParams[1]):
                        info('Running custom test: (from: <{}>) => (to: <{}>)'.format(
                            self.openRelayParams[0], self.openRelayParams[1]
                        ), toOutLine = True)
                        results['custom'] = self._openRelayTest('custom', self.openRelayParams)
                else:
                    avoidMailFrom = False
                    rollBackSenderOnce = False

                    num = 0
                    for k, v in domains.items():
                        if self.stopEverything: break
                        num += 1
                        results[k] = False

                        retry = 0
                        for i in range(2):
                            if self.stopEverything: break
                            dbg('Attempting Open-Relay test #{}: "{}"'.format(num, k))
                            results[k] = self._openRelayTest(k, v, avoidMailFrom, num)

                            if results[k] == 554 and not rollBackSenderOnce:
                                dbg('Rolling back to traditional sender\'s address: @{}'.format(internalDomain))
                                rollBackSenderOnce = True

                                for d, v in domains.items():
                                    if d.startswith('ip -> '):
                                        domains[d] = [internalDomain, v[1]]

                            #elif (results[k] == 503 or results[k] == 501) and not avoidMailFrom:
                            #    dbg('Will not send MAIL FROM anymore.')
                            #    avoidMailFrom = True

                            elif (results[k] == 501 or results[k] == 503):
                                results[k] = False
                                dbg('Reconnecting as SMTP server stuck in repeated/invalid MAIL FROM envelope.')
                                if self.stopEverything: break
                                self.reconnect(quiet = True)
                                results[k] = self._openRelayTest(k, v, avoidMailFrom, num)
                                continue
                            break
            except KeyboardInterrupt:
                interrupted = True
                info('Open-Relay tests interrupted by user!')

            if not config['always_unfolded_results'] and all(results.values()):
                ok('SECURE: Open-Relay seems not to be possible as proved after {} tests.'.format(len(results)))
                return True
            else:
                sumOfValues = 0
                for k, v in results.items():
                    dbg('Open-Relay test ({}) resulted with: {}'.format(
                        k, v
                    ))
                    if v == False: 
                        sumOfValues += 1

                appendix = ''
                if sumOfValues != len(results):
                    appendix = '\tThe rest of tests failed at some point, without any status.'

                if interrupted:
                    sumOfValues = 1 if sumOfValues < 1 else sumOfValues
                    appendix = '\tTests were interrupted thus dunno whether the server is open-relaying or not.'
                    _out('[?] UNKNOWN: Open-Relay were interrupted after {}/{} carried tests.'.format(
                        sumOfValues - 1, len(results)
                    ), True, colors.fg.pink)
                else:
                    fail('UNSECURE: Open-Relay MAY BE possible as turned out after {}/{} successful tests.'.format(
                        sumOfValues, len(results)
                    ))

                if appendix:
                    _out(appendix, True, colors.fg.pink)
                    
                return results
        else:
            fail('FAILED: Could not reconnect for Open-Relay testing purposes.')

        return None 

    @staticmethod
    def _extractMailAddress(param, baseName = ''):
        '''
        @param param    - specifies target SMTP domain
        @param baseName - specifies target mail username 
        '''

        surnames = ['John Doe', 'Mike Smith', 'William Dafoe', 'Henry Mitchell']

        if not param:
            return '', ''

        base = 'test{}'.format(random.randint(0, 9))
        if baseName:
            base = baseName

            # Format: test@test.com
            m = re.match(r"(^[a-zA-Z0-9_.+-]+)@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$", baseName)
            if m:
                base = m.group(1)

        if '<USER>' in param:
            param = param.replace('<USER>', base)

        addr = '{}@{}'.format(base, param)
        if '@' in param and param.count('@') == 1:
            addr = param
            param = param.split('@')[1]

        elif '@' in param and param.count('@') > 1:
            return param, param

        mail = '"{}" <{}>'.format(random.choice(surnames), addr)

        # Format: test@test.com
        m = re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", param)
        if m:
            addr = m.group(1)
            mail = '"{}" <{}>'.format(random.choice(surnames), addr)
            return addr, mail

        # Format: "John Doe" <test@test.com>
        m = re.match(r'(^\"([^\"]+)\"[\s,]+<([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)>$)', param)
        if m:
            addr = m.group(3)
            mail = '"{}" <{}>'.format(m.group(2), addr)
            return addr, mail

        return addr, mail

    @staticmethod
    def extractMailAddress(param, baseName = ''):
        dbg('Extracting mail address from parameter: "{}", according to base: "{}"'.format(
            param, baseName
        ))

        addr, mail = SmtpTester._extractMailAddress(param, baseName)

        dbg('After extraction: addr="{}", mail="{}"'.format(
            addr, mail
        ))

        return addr, mail


    def _openRelayTest(self, testName, twoDomains, avoidMailFrom = False, num = 0, doNotSendAndTest = False):
        secureConfigurationCodes = (221, 454, 500, 501, 503, 504, 530, 550, 554, )
        now = datetime.datetime.now()

        # If True - secure configuration, could not send via open-relay
        result = None

        fromAddr, fromMail = SmtpTester.extractMailAddress(twoDomains[0], self.openRelayParams[0])
        toAddr, toMail = SmtpTester.extractMailAddress(twoDomains[1], self.openRelayParams[1])

        if testName == 'custom':
            info('Performing custom Open-Relay test from: {}, to: {}'.format(
                fromMail, toMail
            ))

        dateNow = now.strftime("%a, %d %b %Y %H:%m:%S")
        subject = 'Open-Relay test #{}: {}'.format(num, testName)

        mailFromReturn = ''
        rcptToReturn = ''
        dataReturn = ''

        mailCommands = (
            'MAIL From: ' + fromAddr,
            'RCPT To: ' + toAddr,
            'DATA',
            '<HERE-COMES-MESSAGE>'
        )

        message = '''From: {fromMail}
To: {toMail}
Subject: {subject}
Date: {dateNow}

Warning!

This is a test mail coming from 'smtpAudit.py' tool.

If you see this message it means that your SMTP server is *vulnerable* to Open-Relay spam technique (https://en.wikipedia.org/wiki/Open_mail_relay). Unauthorized users will be able to make your server send messages in a name of other mail users.

You may want to contact with your mail administrator and pass him with the following informations:

--------------------8<--------------------
Open-Relay test name: "{testName}"

MAIL From: {fromAddr}
    Server response: {mailFromReturn}
RCPT To: {toAddr}
    Server response: {rcptToReturn}
DATA
    Server response: {dataReturn}

Subject: "{subject}"
Date: {dateNow}
--------------------8<--------------------

smtpAudit.py ({VERSION}) - SMTP Server penetration testing / audit tool,
(https://gist.github.com/mgeeky/ef49e5fb6c3479dd6a24eb90b53f9baa)
by Mariusz B. / mgeeky (<mb@binary-offensive.com>)
.
'''

        n = 0
        out = None
        for line in mailCommands:
            if self.stopEverything: break

            if avoidMailFrom and line.startswith('MAIL From:'):
                dbg('Skipping MAIL From: line.')
                continue

            n += 1

            if line.startswith('DATA') and doNotSendAndTest:
                break

            if line == '<HERE-COMES-MESSAGE>':
                line = message.format(
                    fromMail = fromMail, 
                    toMail = toMail, 
                    subject = subject, 
                    dateNow = dateNow, 
                    fromAddr = fromAddr, 
                    toAddr = toAddr, 
                    testName = testName, 
                    VERSION = VERSION,
                    mailFromReturn = mailFromReturn,
                    rcptToReturn = rcptToReturn,
                    dataReturn = dataReturn
                )

            out = self.sendcmd(line)
            msg = out[1].decode().lower()

            if line.startswith('MAIL From'): 
                mailFromReturn = '{} ({})'.format(out[0], out[1].decode())
            if line.startswith('RCPT To'): 
                rcptToReturn = '{} ({})'.format(out[0], out[1].decode())
            if line.startswith('DATA'): 
                dataReturn = '{} ({})'.format(out[0], out[1].decode())

            if 'rcpt to' in line.lower():
                _out('[>] Open-Relay test (from: <{}>) => (to: <{}>); returned: {} ({})'.format(
                    fromAddr, toAddr, out[0], out[1].decode()
                ), False, colors.fg.pink)

            elif out[0] == 221 and 'can' in msg and 'break' in msg and 'rules' in msg:
                # 221 (2.7.0 Error: I can break rules, too. Goodbye.)
                result = True

            if out[0] == 501 and 'mail from' in msg and 'already' in msg:
                # 501 (5.5.1 MAIL FROM already established)
                return 501

            elif out[0] == 503 and 'nested' in msg and 'mail' in msg:
                # 503 (5.5.1 Error: nested MAIL command)
                return 503

            elif out[0] == 503 and 'already' in msg and 'specified' in msg:
                # 503 (5.5.1 Sender already specified)
                #return 503
                continue

            elif out[0] == 554 and 'bad' in msg and 'sender' in msg and 'addr' in msg:
                # 554 (5.7.1 Bad senders system address)
                dbg('Bad sender\'s address. Rolling back.')
                return 554

            elif (out[0] == 550 or out[0] == 530) and self.processResponseForAcceptedDomainsFailure(out):
                # 530 (5.7.1 Client was not authenticated).
                # 550 (5.7.1 Client does not have permissions to send as this sender).
                info('Microsoft Exchange Accepted Domains mechanism properly rejects us from relaying. Splendid.')
                result = True

            elif out[0] == 550 and self.processResponseForSpfFailure(out):
                # 550 (5.7.1 Recipient address rejected: Message rejected due to: SPF fail - not authorized).
                info('SPF properly rejects us from relaying. Splendid.')
                result = True

            elif not out or not out[0] or not out[1] or out[0] in secureConfigurationCodes:
                if line.startswith('From: '):
                    info('Open-Relay {} MAY be possible: the server hanged up on us after invalid "From:" (step: {})'.format(
                        testName, n
                    ), toOutLine = True)
                    info('\tThis means, that upon receiving existing From/To addresses - server could allow for Open-Relay.', toOutLine = True)
                    info('\tTo further analyse this issue - increase verbosity and choose another "--from" or "--to" parameters.', toOutLine = True)
                    result = None
                else:
                    dbg('Open-Relay {} test failed at step {}: {}.'.format(
                        testName, n, line.strip()
                    ))
                    result = True
                break

            dbg('Open-Relay {} test DID NOT failed at step {}: {}. Response: {}'.format(
                testName, n, line.strip(), str(out)
            ))

        verdict = 'most likely'
        if out[0] == 250:
            verdict = 'TOTALLY'

        if doNotSendAndTest:
            return True

        if result != True and out[0] < 500:
            fail('UNSECURE: Open-Relay {} is {} possible.'.format(
                testName, verdict
            ))
            _out('\tReturned: {} ("{}")'.format(out[0], out[1].decode()))

            result = False

        elif (result == False and not out[0]) or result == None:
            fail('UNKNOWN: Server has disconnected after the Open-Relay ({}) test. Most likely secure.'.format(testName))
            result = None

        else:
            if 'relaying denied' in out[1].decode().lower():
                #  (550, b'5.7.1 Relaying denied')
                ok('SECURE: Open-Relay attempt "{}" was denied.'.format(testName))
            else:
                info('Open-Relay "{}" seems not to be possible.'.format(
                    testName
                ))
            try:
                _out('\tReturned: {} ({})'.format(out[0], out[1].decode()))
            except:
                _out('\tReturned: ({})'.format(str(out)))

            result = True

        return result


    #
    # ===========================
    # SSL AUTH ENFORCEMENT TESTS
    #
    def starttlsOffer(self):
        if not self.availableServices:
            self.getAvailableServices()
            if not self.availableServices:
                fail('UNKNOWN: Could not collect available SMTP services')
                return None

        ret = ('starttls' in map(lambda x: x.lower(), self.availableServices))

        if ret or self.ssl: 
            ok('SECURE: STARTTLS is offered by SMTP server.')
        else:
            dbg('Trying to send STARTTLS by hand')
            out = self.sendcmd('STARTTLS', nowrap = True)

            if out[0] == 220:
                ok('SECURE: STARTTLS is supported, but not offered at first sight.')
                ret = True

                self.connect(quiet = True)

            else:
                fail('UNSECURE: STARTTLS is NOT offered by SMTP server.')

        return ret

    #
    # ===========================
    # SSL AUTH ENFORCEMENT TESTS
    #

    def testSSLAuthEnforcement(self):
        for service in SmtpTester.smtpAuthServices:
            ret = self.testSSLAuthEnforcementForService(service)
            if ret == False:
                return ret

        return True

    def testSSLAuthEnforcementForService(self, service):
        authMethods = self.getAuthMethods(service)
        ret = True
        emptyMethods = False

        notSupportedCodes = (500, 502, 503, 504, 535)
        unsecureConfigurationCodes = ()

        for authMethod in authMethods:
            if authMethod.upper() == 'NTLM':
                _out('[?] This may be a Microsoft Exchange receive connector offering Integrated Windows Authentication service.', True, colors.fg.pink)

            if authMethod.upper() == 'GSSAPI':
                _out('[?] This may be a Microsoft Exchange receive connector offering Exchange Server authentication service over Generic Security Services application programming interface (GSSAPI) and Mutual GSSAPI authentication.', True, colors.fg.pink)

        if not authMethods:
            emptyMethods = True
            authMethods = SmtpTester.commonSmtpAuthMethods.keys()

        for authMethod in authMethods:
            dbg("Checking authentication method: {}".format(authMethod))

            if authMethod.upper() in SmtpTester.authMethodsNotNeedingStarttls:
                dbg('Method {} does not need to be issued after STARTTLS.'.format(
                    authMethod.upper()
                ))
                #continue

            auths = []
            _auth = '{} {}'.format(service, authMethod)

            if authMethod in SmtpTester.commonSmtpAuthMethods.keys():
                param = SmtpTester.commonSmtpAuthMethods[authMethod]

                if isinstance(param, bytes): param = param.decode()

                if isinstance(param, str):
                    _auth += ' ' + param
                    auths.append(_auth)
                elif isinstance(param, list) or isinstance(param, tuple):
                    for n in param:
                        if isinstance(param, bytes): n = n.decode()

                        if isinstance(n, str):
                            auths.append(_auth)
                            n = base64.b64encode(n.replace('DOMAIN.COM', self.originalHostname).encode())
                            auths.append(n)
                        elif isinstance(n, list) or isinstance(n, tuple):
                            auths.append(_auth)
                            for m in n:
                                if isinstance(m, bytes): m = m.decode()

                                if 'DOMAIN.COM' in m:
                                    m = base64.b64encode(m.replace('DOMAIN.COM', self.originalHostname).encode())
                                auths.append(m)

            index = 0
            for index in range(len(auths)):
                auth = auths[index]
                out = self.sendcmd(auth, nowrap = True)

                dbg('The server responded for {} command with: ({})'.format(auth, str(out)))

                if not out or out[0] == False:
                    dbg('Something gone wrong along the way.')

                elif out and out[0] in notSupportedCodes:
                    dbg('The {} {} method is either not supported or not available.'.format(
                        service, authMethod
                    ))
                    index += 1

                elif not out[0] and not out[1]:
                    info('The server disconnected during {} {}, this might be secure.'.format(
                        service, authMethod
                    ))

                elif out[0] == 454:
                    # 4.7.0 TLS not available due to local problem
                    fail('UNSECURE: STARTTLS seems to be not available on the server side.')
                    _out('\tReturned: {} ("{}")'.format(out[0], out[1].decode()))
                    return False

                elif out[0] == 334:
                    # 334 base64 encoded User then Password prompt
                    if out[1].decode() == 'VXNlcm5hbWU6':
                        dbg('During LOGIN process the server enticed to carry on')

                    elif out[1].decode() == 'UGFzc3dvcmQ6':
                        if not self.ssl:
                            fail('UNSECURE: Server allowed authentication over non-SSL channel via "{} {}"!'.format(
                                service, authMethod
                            ))
                            _out('\tReturned: {} ("{}")'.format(out[0], out[1].decode()))
                            return False

                    else:
                        dbg('The {} {} method is not understood.: ({})'.format(
                            service, authMethod, str(out)
                        ))

                elif out and not (out[0] in (530, ) and b'starttls' in out[1].lower()):
                    fail('UNSECURE: For method "{} {}" the server did not required STARTTLS!'.format(
                        service, authMethod
                    ))
                    _out('\tReturned: {} ("{}")'.format(out[0], out[1].decode()))
                    return False

                elif out and (out[0] == 530 and b'STARTTLS' in out[1]):
                    ok('SECURE: Server enforces SSL/TLS channel negotation before {}.'.format(
                        service
                    ))
                    _out('\tReturned: {} ("{}")'.format(out[0], out[1].decode()))
                    return True

        if set(authMethods) <= set(SmtpTester.authMethodsNotNeedingStarttls):
            ok('SECURE: There were no {} methods requiring STARTTLS.'.format(service))
            return True

        if emptyMethods:
            info('The server does not offer any {} methods to enforce.'.format(
                service
            ))
        else:
            info('UNKNOWN: None of tested {} methods yielded any result (among: {}).'.format(
                service, ', '.join(authMethods)
            ))

        return None


    #
    # ===========================
    # SSL/TLS UNSECURE CIPHERS TESTS
    #
    def testSecureCiphers(self):
        performedStarttls = False
        if not self.starttlsSucceeded:
            dbg('STARTTLS session has not been set yet. Setting up...')
            performedStarttls = self.performStarttls()

        if not self.ssl and not performedStarttls and not self.starttlsSucceeded:
            err('Could not initiate successful STARTTLS session. Failure')
            return None

        try:
            cipherUsed = self.server_tls_params['cipher']
            version = self.server_tls_params['version']
        except (KeyError, AttributeError):
            err('Could not initiate successful STARTTLS session. Failure')
            return None
        
        dbg('Offered cipher: {} and version: {}'.format(cipherUsed, version))

        if cipherUsed[0].upper() in SmtpTester.secureCipherSuitesList:
            ok('SECURE: Offered cipher is considered secure.')
            _out('\tCipher: {}'.format(cipherUsed[0]))
            return True


        for secureCipher in SmtpTester.secureCipherSuitesList:
            ciphers = set(secureCipher.split('-'))
            cipherUsedSet = set(cipherUsed[0].upper().split('-'))

            intersection = ciphers.intersection(cipherUsedSet)
            minWords = min(len(ciphers), len(cipherUsedSet))
            if minWords >= 3 and len(intersection) >= (minWords - 1):
                ok('SECURE: Offered cipher is having secure structure.')
                _out('\tCipher: {}'.format(cipherUsed))

                return True

        unsecureCiphers = ('RC4', '3DES', 'DES', )
        usedUnsecureCipher = ''
        
        for cipher in unsecureCiphers:
            if cipher in cipherUsed[0].upper():
                fail('SMTP Server offered unsecure cipher.')
                _out('\tCipher: {}'.format(cipher))
                return False

        usedSSL = 'ssl' in version.lower()

        unsecureSSLs = ('sslv2', 'sslv3')
        if 'shared_ciphers' in self.server_tls_params.keys():
            unsecureProtocolsOffered = set()
            for s in self.server_tls_params['shared_ciphers']:
                dbg('Offered cipher (22222): {}'.format(s[1]))
                if s[1].lower() in unsecureSSLs:
                    unsecureProtocolsOffered.add(s[1])

            if len(unsecureProtocolsOffered) > 0:
                out = ', '.join(unsecureProtocolsOffered)

                fail('SMTP Server offered unsecure SSL/TLS protocols: {}'.format(out))
                return False
        else:
            fail('No server TLS parameters obtained yet.')

        if not usedSSL and not usedUnsecureCipher:
            ok('SECURE: SMTP Server did not offered unsecure encryption suite.') 
            return True

        else:
            fail('UNSECURE: SMTP Server offered unsecure encryption suite.')
            _out('\tCipher: {}'.format(usedUnsecureCipher))
            return False


    #
    # ===========================
    # UNSECURE AUTH METHODS TESTS
    #
    def testSecureAuthMethods(self):
        success = None
        for service in SmtpTester.smtpAuthServices:
            ret = self.testSecureAuthMethodsForService(service)
            if ret == False:
                return ret
            elif ret == True:
                # ret may be also 'None'
                success = True

        return success

    def testSecureAuthMethodsForService(self, service):
        authMethods = self.getAuthMethods(service)

        unsecureAuthMethods = ('PLAIN', 'LOGIN')
        ret = True
        methods = set()

        if not authMethods:
            authMethods = SmtpTester.commonSmtpAuthMethods
            foundMethods = []

            dbg('The server is not offering any {} method. Going to try to discover ones.'.format(
                service
            ))

            for authMethod in authMethods:
                if authMethod in SmtpTester.authMethodsNotNeedingStarttls:
                    dbg('Method: {} {} is considered not needing STARTTLS.'.format(
                        service, authMethod
                    ))
                    continue

                auth = '{} {}'.format(service, authMethod)
                out = self.sendcmd(auth)

                if out[0] == (500, 503) or \
                    (out[1] and (b'not available' in out[1].lower() or \
                    b'not recognized' in out[1].lower())):
                    info('UNKNOWN: {} method not available at all.'.format(service))
                    return None

                elif out and out[0] in (334, ):
                    dbg('Authentication via {} is supported'.format(auth))
                    foundMethods.append(authMethod)

                    if authMethod.upper() in unsecureAuthMethods:
                        if not self.ssl:
                            fail('UNSECURE: SMTP offers plain-text authentication method: {}!'.format(
                                auth
                            ))
                        else:
                            ok('SECURE: SMTP offered plain-text authentication method over SSL: {}!'.format(
                                auth
                            ))

                        _out('\tOffered reply: {} ("{}")'.format(out[0], out[1].decode()))

                        ret = False
                        break

                if out[0] == False and out[1] == False:
                    info('UNKNOWN: The server has disconnected while checking'\
                        ' {}. This might be secure'.format(
                        auth
                    ))
                    return None

                methods = foundMethods
        else:
            for authMethod in authMethods:
                if authMethod.upper() in unsecureAuthMethods:
                    if not self.ssl:
                        fail('UNSECURE: SMTP server offers plain-text authentication method: {}.'.format(
                            authMethod
                        ))
                    else:
                        ok('SECURE: SMTP server offered plain-text authentication method over SSL: {}.'.format(
                            authMethod
                        ))

                    ret = False
                    break

            methods = authMethods

        if ret and methods:
            ok('SECURE: Among found {} methods ({}) none was plain-text.'.format(
                service, ', '.join(methods)
            ))
        elif not ret:
            pass
        elif not methods:
            info('UNKNOWN: The server does not offer any {} methods.'.format(
                service
            ))

            return None

        dbg('ret = {}, methods = {}'.format(ret, methods))

        return ret
    

    #
    # ===========================
    # SSL/TLS PRIVATE KEY LENGTH
    #
    def testSSLKeyLen(self):
        performedStarttls = False
        if not self.server_tls_params or not self.starttlsSucceeded:
            dbg('STARTTLS session has not been set yet. Setting up...')
            performedStarttls = self.performStarttls()

        if not performedStarttls and not self.starttlsSucceeded:
            err('Could not initiate successful STARTTLS session. Failure')
            return None

        try:
            cipherUsed = self.server_tls_params['cipher']
            version = self.server_tls_params['version']
            sharedCiphers = self.server_tls_params['shared_ciphers']
        except (KeyError, AttributeError):
            err('Could not initiate successful STARTTLS session. Failure')
            return None
        
        dbg('Offered cipher: {} and version: {}'.format(cipherUsed, version))

        keyLen = cipherUsed[2] * 8
        if keyLen < config['key_len']:
            fail('UNSECURE: SSL/TLS negotiated cipher\'s ({}) key length is insufficient: {} bits'.format(
                cipherUsed[0], keyLen
            ))
        elif sharedCiphers != None and len(sharedCiphers) > 0:
            for ciph in sharedCiphers:
                name, ver, length = ciph
                if length * 8 < 1024:
                    fail('UNSECURE: SMTP server offers SSL/TLS cipher suite ({}) which key length is insufficient: {} bits'.format(
                        name, keyLen
                    ))
                    return False

            ok('SECURE: SSL/TLS negotiated key length is sufficient ({} bits).'.format(
                keyLen
            ))
        else:
            fail('UNKNOWN: Something went wrong during SSL/TLS shared ciphers negotiation.')
            return None

        return keyLen >= config['key_len']


    #
    # ===========================
    # SPF VALIDATION CHECK
    #    
    def spfValidationTest(self):

        if not self.spfValidated:
            dbg('Sending half-mail to domain: "{}" to trigger SPF/Accepted Domains'.format(self.mailDomain))
            self._openRelayTest('spf-validation', ['test@' + self.getMailDomain(), 'admin@' + self.getMailDomain()], False, 0, True)

        if self.spfValidated:
            ok('SECURE: SMTP Server validates sender\'s SPF record')
            info('\tor is using MS Exchange\'s Accepted Domains mechanism.')
            _out('\tReturned: {}'.format(self.spfValidated))
            return True
        else:
            fail("UNKNOWN: SMTP Server has not been seen validating sender's SPF record.")
            info("\tIf it is Microsoft Exchange - it could have reject us via Accepted Domains mechanism using code 550 5.7.1")
            return None

    def processResponseForAcceptedDomainsFailure(self, out):
        try:
            msg = out[1].lower()

            #if out[0] == 530 and '5.7.1' in msg and 'was not authenticated' in msg:
            #    info('Looks like we might be dealing with Microsoft Exchange')
            #    return True

            if out[0] == 550 and '5.7.1' in msg and 'does not have permissions to send as this sender' in msg:
                info('Looks like we might be dealing with Microsoft Exchange')
                return True
        except:
            pass

        return False

    def processResponseForSpfFailure(self, out):
        spfErrorCodes = (250, 451, 550, 554, )
        spfErrorKnownSentences = (
            'Client host rejected: Access denied',
        )
        spfErrorKeywords = ('validat',  'host rejected', 'fail', 'reject', 'check', 'soft', 'not auth', 'openspf.net/Why')
        
        if out[0] in spfErrorCodes:
            msg = out[1].decode().strip()

            # Maybe this error is already known?
            for knownSentence in spfErrorKnownSentences:
                if knownSentence in msg:
                    dbg('SPF validation found when received well-known SPF failure error: {} ({})'.format(
                        out[0], msg
                    ))
                    return True

            found = 0
            for word in msg.split(' '):
                for k in spfErrorKeywords:
                    if k.lower() in word:
                        found += 1
                        break

            if 'spf' in msg.lower() and found >= 2:
                return True

            if found > 0:
                dbg('SPF validation possibly found but unsure ({} keywords related): {} ({})'.format(
                    found, out[0], msg
                ))

        return False

    def checkIfSpfEnforced(self, out):
        if self.spfValidated:
            return True

        if self.processResponseForSpfFailure(out):
            info('SPF validation found: {} ({})'.format(out[0], out[1].decode()))
            self.spfValidated = '{} ({})'.format(out[0], out[1].decode())
            return True

        if self.processResponseForAcceptedDomainsFailure(out):
            info('SPF validation not found but found enabled Microsoft Exchange Accepted Domains mechanism: {} ({})'.format(out[0], out[1].decode()))
            self.spfValidated = '{} ({})'.format(out[0], out[1].decode())
            return False

        return False


class ParseOptions:
    def __init__(self, argv):
        self.argv = argv
        self.domain = ''
        self.port = None
        self.userslist = ''
        self.selectors = ''
        self.forceSSL = False
        self.fromAddr = ''
        self.toAddr = ''

        self.parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <hostname[:port]|ip[:port]>')

        self.parser.add_argument('hostname', metavar='<domain|ip>', type=str,
            help='Domain address (server name, or IPv4) specifying SMTP server to scan (host:port).')

        self.parser.add_argument('-d', '--domain', metavar='DOMAIN', dest='maildomain', default='', help = 'This option can be used to specify proper and valid mail (MX) domain (what comes after @, like: example.com). It helps avoid script confusion when it automatically tries to find that mail domain and it fails (like in case IP was passed in first argument).')

        self.parser.add_argument('-v', '--verbose', dest='verbose', 
            action = 'count', default = 0, help='Increase verbosity level (use -vv or more for greater effect)')
        self.parser.add_argument('-T', '--list-tests', dest='testsHelp', action='store_true', help='List available tests.')
        self.parser.add_argument('-u', '--unfolded', dest='unfolded', default=False, action='store_true',
            help = 'Always display unfolded JSON results even if they were "secure".')
        self.parser.add_argument('-C', '--no-colors', dest = 'colors', default = True, action = 'store_false', help = 'Print without colors.')
        self.parser.add_argument('-f', '--format', metavar='FORMAT', dest='format',
            default = 'text', choices = ['text', 'json'],
            help = 'Specifies output format. Possible values: text, json. Default: text.')
        
        self.parser.add_argument('-m', '--tests', metavar='TEST', dest='testToCarry', 
            type=str,
            default = 'all', help = 'Select specific tests to conduct. For a list of tests'\
            ', launch the program with option: "{} -T tests". Add more tests after colon. (Default: run all tests).'.format(
                argv[0]
            ))

        self.parser.add_argument('-M', '--skip-test', metavar='TEST', dest='testToSkip', 
            type=str,
            default = '', help = 'Select specific tests to skip. For a list of tests'\
            ', launch the program with option: "{} -T tests". Add more tests after colon. (Default: run all tests).'.format(
                argv[0]
            ))
        
        self.parser.add_argument('-t', '--timeout', metavar="TIMEOUT", type=float, dest='timeout',
            default = config['timeout'], help='Socket timeout. (Default: {})'.format(
                config['timeout']
            ))

        self.parser.add_argument('--delay', metavar="DELAY", dest='delay', type=float,
            default = config['delay'], 
            help='Delay introduced between subsequent requests and connections. '\
            '(Default: {} secs)'.format(
                config['delay']
            ))

        # Attack options
        attack = self.parser.add_argument_group('Attacks')
        attack.add_argument('--attack', dest='attack', action='store_true', help = 'Switch to attack mode in which only enumeration techniques will be pulled off (vrfy, expn, rcpt to). You can use --tests option to specify which of them to launch.')

        attack.add_argument('-U', '--users', metavar="USERS", type=str, dest='userslist',
            default = '', help='Users list file used during enumeration tests.')

        # DKIM options
        dkim = self.parser.add_argument_group('DKIM Tests')
        dkim.add_argument('-w', '--wordlist', dest='words', default='', type=str,
           help = 'Uncommon words to be used in DKIM selectors dictionary generation. Comma separated.')
        dkim.add_argument('-D', '--selectors', metavar="SELECTORS", type=str, dest='selectors',
            default = '', help='DKIM selectors list file with custom selectors list to review.')
        dkim.add_argument('-y', '--tries', metavar="TRIES", type=int, dest='tries',
            default = -1, help='Maximum number of DNS tries/enumerations in DKIM test. (Default: all of them)')

        dkim.add_argument('--dkim-enumeration', metavar="TYPE", type=str,
            choices = ['never', 'on-ip', 'full'], dest = 'dnsenum',
            default = config['dns_full'], 
            help='When to do full-blown DNS records enumeration. Possible values: '\
            'always, on-ip, never. When on-ip means when DOMAIN was IP address. '\
            '(Default: "{}")'.format(
                config['dns_full']
            ))


        # Open-Relay options
        openRelay = self.parser.add_argument_group('Open-Relay Tests')
        openRelay.add_argument('-x', '--external-domain', dest='external_domain', metavar='DOMAIN',
            default = config['smtp_external_domain'], type=str,
            help = 'External domain to use in Open-Relay tests. (Default: "{}")'.format(
                config['smtp_external_domain']
            ))
        openRelay.add_argument('--from', dest='fromAddr', default='', type=str,
           help = 'Specifies "From:" address to be used in Open-Relay test. Possible formats: (\'test\', \'test@test.com\', \'"John Doe" <test@test.com>\'). If you specify here and in \'--to\' full email address, you are going to launch your own custom test. Otherwise, those values will be passed into username part <USER>@domain.')
        openRelay.add_argument('--to', dest='toAddr', default='', type=str,
           help = 'Specifies "To:" address to be used in Open-Relay test. Possible formats: (\'test\', \'test@test.com\', \'"John Doe" <test@test.com>\'). If you specify here and in \'--from\' full email address, you are going to launch your own custom test. Otherwise, those values will be passed into username part <USER>@domain.')

        if len(sys.argv) < 2:
            self.usage()
            sys.exit(-1)

        if config['verbose']:
            ParseOptions.banner()

        if not self.parse():
            sys.exit(-1)

    @staticmethod
    def banner():
        sys.stderr.write('''
    :: SMTP Black-Box Audit tool.
    v{}, Mariusz B. / mgeeky, '17

'''.format(VERSION))

    def usage(self):
        ParseOptions.banner()
        self.parser.print_help()

    def parse(self):
        global config

        testsHelp = ''
        for k, v in SmtpTester.testsConducted.items():
            testsHelp += '\n\t{:20s} - {}'.format(k, v)

        if len(sys.argv) >= 2:
            if (sys.argv[1].lower() == '--list-tests') or \
                (sys.argv[1] == '-T' and len(sys.argv) >= 3 and sys.argv[2] == 'tests') or \
                (sys.argv[1] == '-T') or \
                (sys.argv[1] == '--list-tests' and len(sys.argv) >= 3 and sys.argv[2] == 'tests'):
                print('Available tests:{}'.format(testsHelp))
                sys.exit(0)

        args = self.parser.parse_args()

        if args.testsHelp:
            print('Available tests:{}'.format(testsHelp))
            sys.exit(0)

        self.domain = args.hostname
        self.userslist = args.userslist
        self.selectors = args.selectors
        self.maildomain = args.maildomain
        self.attack = args.attack

        if args.fromAddr: self.fromAddr = args.fromAddr
        if args.toAddr: self.toAddr = args.toAddr

        if ':' in args.hostname:
            self.domain, self.port = args.hostname.split(':')
            self.port = int(self.port)

        if args.verbose >= 1: config['verbose'] = True
        if args.verbose >= 2: config['debug'] = True
        if args.verbose >= 3: config['smtp_debug'] = True

        config['timeout'] = args.timeout
        config['delay'] = args.delay
        config['max_enumerations'] = args.tries
        config['dns_full'] = args.dnsenum
        config['always_unfolded_results'] = args.unfolded
        config['format'] = args.format
        config['colors'] = args.colors
        config['attack'] = args.attack

        if args.words:
            config['uncommon_words'] = args.words.split(',')

        if args.testToCarry:
            config['tests_to_carry'] = args.testToCarry.split(',')
            for c in config['tests_to_carry']:
                if c == 'all': continue
                if c not in SmtpTester.testsConducted.keys():
                    err('There is no such test as the one specified: "{}"'.format(
                        c
                    ))
                    print('\nAvailable tests:{}'.format(testsHelp))
                    sys.exit(-1)

            l = list(filter(lambda x: x != 'all', config['tests_to_carry']))
            if l:
                info('Running following tests: ' + ', '.join(l))

        if args.testToSkip:
            config['tests_to_skip'] = args.testToSkip.split(',')
            for c in config['tests_to_skip']:
                if c == '': break
                if c not in SmtpTester.testsConducted.keys():
                    err('There is no such test as the one specified: "{}"'.format(
                        c
                    ))
                    print('\nAvailable tests:{}'.format(testsHelp))
                    sys.exit(-1)

            l = list(filter(lambda x: x != '', config['tests_to_skip']))
            if l:
                info('Skipping following tests: ' + ', '.join(l))

        return True


def printResults(results, auditMode):
    if auditMode:
        if config['format'] == 'json':
            out = json.dumps(results, indent = 4)
            out = out[1:-1]
            out = out.replace('\\n', '\n')
            out = out.replace('\\', '')
            print(out)

        elif config['format'] == 'text':
            pass
    else:
        info('Results:')
        if config['format'] == 'json':
            out = json.dumps(results, indent = 4)
            out = out[1:-1]
            out = out.replace('\\n', '\n')
            out = out.replace('\\', '')
            print(out)

        else:
            for found in results:
                print(found)

    if not config['verbose'] and not config['debug']:
        sys.stderr.write('\n---\nFor more detailed output, consider enabling verbose mode.\n')


def main(argv):
    opts = ParseOptions(argv)
    domain = opts.domain
    port = opts.port 
    userslist = opts.userslist
    selectors = opts.selectors

    if config['format'] == 'text':
        sys.stderr.write('''
    :: SMTP configuration Audit / Penetration-testing tool
    Intended to be used as a black-box tool revealing security state of SMTP.
    Mariusz B. / mgeeky, '17-19
    v{}

'''.format(VERSION))

    prev = datetime.datetime.now()
    info('SMTP Audit started at: [{}], on host: "{}"'.format(
        prev.strftime('%Y.%m.%d, %H:%M:%S'),
        socket.gethostname()
    ))
    info('Running against target: {}{}{}'.format(
        opts.domain, ':'+str(opts.port) if opts.port != None else '', 
        ' (...@' + opts.maildomain + ')' if opts.maildomain != '' else '',
    toOutLine = True))

    results = {}
    tester = SmtpTester(
        domain, 
        port, 
        dkimSelectorsList = selectors, 
        userNamesList = userslist,
        openRelayParams = (opts.fromAddr, opts.toAddr),
        mailDomain = opts.maildomain
    )

    try:
        if opts.attack:
            results = tester.runAttacks()
        else:
            results = tester.runTests()

    except KeyboardInterrupt:
        err('USER HAS INTERRUPTED THE PROGRAM.')
        if tester: 
            tester.stop()

    after = datetime.datetime.now()
    info('Audit finished at: [{}], took: [{}]'.format(
        after.strftime('%Y.%m.%d, %H:%M:%S'),
        str(after - prev)
    ), toOutLine = True)

    if config['verbose'] and config['format'] != 'text': 
        sys.stderr.write('\n' + '-' * 50 + '\n\n')

    printResults(results, not opts.attack)

if __name__ == '__main__':
    main(sys.argv)