Sniffing for plaintexters

I hope you enjoy this little piece i wrote to sniff for people that check their e-mail via insecure POP or IMAP ports. In my case, i ran this via cron each morning on weekdays for two minutes inside a LAN with a couple hundred users. If “plaintexters” where found, it would send the list of people to the IT Team, basically a mail group on Exchange. They would then contact the User and make sure their mail settings where right.

touch $LOGFILE
/usr/local/sbin/dsniff -ni em0 > $LOGFILE &
sleep 120
kill $task_pid
function report(){
echo "Hello IT Team! These Users seem to be checking their Mail plaintext,
meaning Passwords can be read easily by third Parties. Please fix.
Thanks for making our Network more secure!"
echo "Userlist Report `date`"
awk '/USER /{print $2}' $LOGFILE | sed 's/\.\.//g' | sort | uniq
FOUND_COUNT=$(awk '/USER /{print $2}' $LOGFILE | wc -l | sed 's/ //g')
if [[ $FOUND_COUNT != "0" ]]; then
        report | mutt -s "Plaintexters detected"

Speak Your Mind