SMTP

Simple Mail Transfer Protocol

Check if sender could be forged with an domain user:

$ telnet mail.example.com 25
HELO example.com
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>

Check if sender could be forged with a non-domain user:

$ telnet mail.example.com 25
HELO example.com
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>

Check if domain users could be enumerated with VRFY and EXPN:

$ telnet mail.example.com 25
HELO example.com
VRFY [email protected]
EXPN [email protected]

Check if users could be enumerated with RCPT TO:

$ telnet mail.example.com 25
HELO example.com
MAIL FROM: <...>
RCPT TO: <[email protected]>
DATA
From: <...>
To: <[email protected]>
Subject: Job offer
Hello, I would like to offer you a great job!
.
QUIT

RCPT

smtp-enum

https://github.com/z0mbiehunt3r/smtp-enum

$ ./main.py -d megacorp.com -s 10.10.13.37 -f accounts.txt -m rcptto -o valid.txt

smtp-user-enum

https://github.com/pentestmonkey/smtp-user-enum

$ smtp-user-enum -M RCPT -f '<[email protected]>' -u '<[email protected]>' -t mx.megacorp.com
$ smtp-user-enum -M RCPT -D megacorp.com -U users.txt -t mx.megacorp.com

SPF/DKIM/DMARC

Tools

swaks

https://github.com/jetmore/swaks

$ swaks --to [email protected] --from [email protected] --header 'Subject: Hello, friend' --body 'Hack the Planet!' --server 192.168.1.11 --attach hello.doc

Last updated 3 years ago

hashtagRCPT

hashtagsmtp-enum

hashtagsmtp-user-enum

hashtagSPF/DKIM/DMARC

hashtagTools

hashtagswaks