Skip to content

Instantly share code, notes, and snippets.

@davidlares

davidlares/smtp-enumeration.md

Created July 19, 2021 03:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save davidlares/1b6dddf53b0687ec02180eb17e5063b4 to your computer and use it in GitHub Desktop.
Save davidlares/1b6dddf53b0687ec02180eb17e5063b4 to your computer and use it in GitHub Desktop.
Download ZIP
SMTP Enumeration script
Raw
smtp-enumeration.md

SMTP Enumeration

SMTP is a text protocol used to send emails, it allows you to send commands so a server can understand.

it uses port 25 and certainly, it does not support packet encryption when exchanging.

There's also a bunch of commands that are used in a restrictive mode, it can expose sensitive data.

Example:

First: start a connection

> nc -nv [Metasploitable 2 IP] 25
>> vrfy msfadmin
>> mail from: david
>> rcpt to: david

If the user is registered, it will receive the 250 or the 252 code.

How to run it:

python smtp.py [Metasplotable 2 IP] vrfy

Raw
smtp.py
#!/usr/bin/python
import socket
import sys
try:
# socket instance
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# connection
sock.connect((sys.argv[1], 25))
# setting timeout
sock.settimeout(10)
# banner
banner = sock.recv(1024)
# evaluating success
if '220' in banner:
# opening users
with open('users.txt', 'r') as f:
for user in f:
sock.send(sys.argv[2] + " " + user)
result = sock.recv(1024)
# evaluating response code
if '252' in str(result) or '250' in str(result):
print('[*] valid user found: %s' % user)
# file close
f.close()
# socket close
sock.close()
# custom exception
except socket.timeout as e:
print("Timeout for: %s" % sys.argv[1])
# general exception
except Exception as e:
print("Timeout for: %s" % sys.argv[1])
Raw
users.txt
msfadmin
root
david
kevin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment