SMTP User Enumeration Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...

SideFX: Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's.

Port 587 SMTP open. Attacker can send emails remotely to company email addresses. This allows phishing, spamming, or other malicious emails to be sent from what appears to be a legitimate internal company email account...

SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers

SMTPTester is a python3 tool to test SMTP server for 3 common vulnerabilities: Spoofing - The ability to send a mail on behalf of an internal user Relay - Using this SMTP server to send email to other address outside of the organization user enumeration - using the SMTP VRFY command to check if...

Zendesk: SMTP user enumeration via mail.zendesk.com

Several methods exist that can be used to ██████████ SMTP to enumerate valid usernames and addresses; namely VRFY, EXPN, and RCPT TO. mail.zendesk.com does not reply to EXPN or RCPT TO so we will concentrate on VRFY in this report. The VRFY command will request that the receiving SMTP server veri...

LocalTapiola: Abusing and Hacking the SMTP Server secure.lahitapiola.fi

Issue The reporter found one SMTP-server secure.lahitapiola.fi in the LocalTapiola network which had some issues. The SMTP server had some options turned on that could potentially lead to leaking information about email-addresses using the VRFY-command. The ETRN was also found to be - at least to...

Medusa - Speedy, Parallel and Modular Login Brute-Forcer

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...

Nmap NSE net: smtp-enum-users

Attempts to enumerate the users on a SMTP server by issuing the VRFY, EXPN or RCPT TO commands. The goal of this script is to discover all the user accounts in the remote system. The script will output the list of user names that were found. The script will stop querying the SMTP server if...

smtp-enum-users NSE Script

Attempts to enumerate the users on a SMTP server by issuing the VRFY, EXPN or RCPT TO commands. The goal of this script is to discover all the user accounts in the remote system. The script will output the list of user names that were found. The script will stop querying the SMTP server if...

Check if Mailserver answer to VRFY and EXPN requests

The Mailserver on this host answers to VRFY and/or EXPN requests. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MailEnable SMTP Service VRFY/EXPN Command Buffer Overflow DoS

Exploit for unknown platform in category dos / poc ============================================================= MailEnable SMTP Service VRFY/EXPN Command Buffer Overflow DoS ============================================================= !/usr/bin/python MailEnable SMTP Service VRFY/EXPN Command...

MailEnable SMTP Service VRFY/EXPN Command Buffer Overflow DoS

No description provided by source. !/usr/bin/python MailEnable SMTP Service VRFY/EXPN Command Buffer Overflow DoS Bug discovered by Matteo Memelli aka ryujin http://www.gray-world.net http://www.be4mind.com Affected Versions : Standard Edition all versions Professional Edition all versions...

CVE-2008-1275

Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service crash via crafted 1 EXPN or 2 VRFY commands...

VRFY Command Information Disclosure

Binary data 2022.prm...

CVE-1999-0819

NTMail contains a vulnerability where the VRFY command is not disabled even when an administrator disables it. This can expose user verification handling to the network, with partial confidentiality impact as indicated in the CVSS metrics (Network access, low attack complexity, no authentication ...

CVE-1999-0819

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it...

CVE-1999-0531

The connected documents describe a vulnerability class where an SMTP service that supports commands like VRFY and EXPN can enumerate valid user accounts (revealing aliases or mailing lists). The evidence includes a Metasploit module (SMTP User Enumeration Utility) and CIRCL/CVE references linking...

CVE-1999-0819

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it...

slmail3.1.txt

Date: Thu, 4 Feb 1999 13:51:32 -0800 From: Marc To: [email protected] Subject: Multiple SLMail Vulnerabilities eEye Digital Security Team www.eEye.com [email protected] February 04, 1999 Multiple SLMail Vulnerabilities Systems Affected SLMail 3.1 Release Date February 04, 1999 Advisory...

Multiple Mail Server EXPN/VRFY Information Disclosure

The remote SMTP server answers to the EXPN and/or VRFY commands. The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account. Your mailer should not allow remote users to u...

Ipswitch IMail / SLMail VRFY Command Remote Overflow

It was possible to crash the affected SMTP service by sending a VRFY command with a long argument. This attack is known to affect certain versions of Ipswitch IMail and Seattle Labs' SLMail, although products from other vendors may also be affected. An unauthenticated, remote attacker can leverag...