Sniffing for plaintexters

I hope you enjoy this little piece i wrote to sniff for people that check their e-mail via insecure POP or IMAP ports. In my case, i ran this via cron each morning on weekdays for two minutes inside a LAN with a couple hundred users. If “plaintexters” where found, it would send the list of people to the IT Team, basically a mail group on Exchange. They would then contact the User and make sure their mail settings where right.

#!/usr/local/bin/bash
 
LOGFILE="/var/run/sniff_for_plaintexters.txt"
 
touch $LOGFILE
 
/usr/local/sbin/dsniff -ni em0 > $LOGFILE &
task_pid=$!
sleep 120
kill $task_pid
 
function report(){
echo "Hello IT Team! These Users seem to be checking their Mail plaintext,
meaning Passwords can be read easily by third Parties. Please fix.
 
Thanks for making our Network more secure!"
 
echo
echo "Userlist Report `date`"
echo
awk '/USER /{print $2}' $LOGFILE | sed 's/\.\.//g' | sort | uniq
}
 
FOUND_COUNT=$(awk '/USER /{print $2}' $LOGFILE | wc -l | sed 's/ //g')
 
if [[ $FOUND_COUNT != "0" ]]; then
        report | mutt -s "Plaintexters detected" it@domain.com
fi

Speak Your Mind

*