PIRANA: A SMTP content filter penetration tool.


1- INTRODUCTION

Email has become an essential service for most people - who doesn't own an 
email address today?  With time, it seemed obvious that numerous threats 
would come to light and propagate through this communication channel.

Some people, always seeking ways of making money, saw email as an 
excellent means of reaching a potential commercial market and solicitation 
by email (SPAM) was born.  Virus writers also took advantage of this 
attack vector as a springboard for better infection.  Thieves also got in 
on things, especially given the recent threat of phishing.

In order to protect themselves from attacks, system administrators 
implemented multiple technologies to protect their users, but are those 
programs as secure as the administrators would like them to be?  And is 
the software ready to face all the malicious content found on the Internet 
today?


2- DEPENDENCIES

PIRANA depends on an external library to build the email and attach the 
different files.  This library was published by zeegee.com and it is 
called MIME::Lite.  PIRANA includes a version of this library under the 
directory MIME/ .  You can get the complete package there:

http://www.zeegee.com/code/perl/MIME-Lite/

PIRANA depend on the BinHex library.  A copy of this module was included
with PIRANA.  You can get the original version at:

http://search.cpan.org/~eryq/Convert-BinHex-1.119/lib/Convert/BinHex.pm

PIRANA also depends on the great shellcode generator from metasploit.  The 
version 2.5 is included with PIRANA.  You can get the package there:

http://www.metasploit.org/



3- INSTRUCTIONS

type "man docs/pirana.1" to learn how to use PIRANA.


4- WARNING

PIRANA is a tool to test your SMTP content filter's security.
It should not be used on servers that you are not authorized on.  It was 
created to help in auditing the security of your OWN network.
