Smtp Penetration Testing
Smtp Penetration Testing is an writing AI skill with a core value of This skill should be used when the user asks to \"perform SMTP penetration testing\", \"enumerate email users\", \"test for open mail relays\", \"grab SMTP banners\", \"brute force email cre. It
helps developers solve real-world problems in the writing domain, boosting
efficiency, automating repetitive tasks, and optimizing workflows.
This skill should be used when the user asks to \"perform SMTP penetration testing\", \"enumerate email users\", \"test for open mail relays\", \"grab SMTP banners\", \"brute force email cre...
Quick Facts
mkdir -p ./skills/smtp-penetration-testing && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/smtp-penetration-testing/SKILL.md -o ./skills/smtp-penetration-testing/SKILL.md Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).
Skill Content
# SMTP Penetration Testing
Purpose
Conduct comprehensive security assessments of SMTP (Simple Mail Transfer Protocol) servers to identify vulnerabilities including open relays, user enumeration, weak authentication, and misconfiguration. This skill covers banner grabbing, user enumeration techniques, relay testing, brute force attacks, and security hardening recommendations.
Prerequisites
Required Tools
# Nmap with SMTP scripts
sudo apt-get install nmap
# Netcat
sudo apt-get install netcat
# Hydra for brute force
sudo apt-get install hydra
# SMTP user enumeration tool
sudo apt-get install smtp-user-enum
# Metasploit Framework
msfconsoleRequired Knowledge
- SMTP protocol fundamentals
- Email architecture (MTA, MDA, MUA)
- DNS and MX records
- Network protocols
Required Access
- Target SMTP server IP/hostname
- Written authorization for testing
- Wordlists for enumeration and brute force
Outputs and Deliverables
1. **SMTP Security Assessment Report** - Comprehensive vulnerability findings
2. **User Enumeration Results** - Valid email addresses discovered
3. **Relay Test Results** - Open relay status and exploitation potential
4. **Remediation Recommendations** - Security hardening guidance
Core Workflow
Phase 1: SMTP Architecture Understanding
Components: MTA (transfer) → MDA (delivery) → MUA (client)
Ports: 25 (SMTP), 465 (SMTPS), 587 (submission), 2525 (alternative)
Workflow: Sender MUA → Sender MTA → DNS/MX → Recipient MTA → MDA → Recipient MUAPhase 2: SMTP Service Discovery
Identify SMTP servers and versions:
# Discover SMTP ports
nmap -p 25,465,587,2525 -sV TARGET_IP
# Aggressive service detection
nmap -sV -sC -p 25 TARGET_IP
# SMTP-specific scripts
nmap --script=smtp-* -p 25 TARGET_IP
# Discover MX records for domain
dig MX target.com
nslookup -type=mx target.com
host -t mx target.comPhase 3: Banner Grabbing
Retrieve SMTP server information:
# Using Telnet
telnet TARGET_IP 25
# Response: 220 mail.target.com ESMTP Postfix
# Using Netcat
nc TARGET_IP 25
# Response: 220 mail.target.com ESMTP
# Using Nmap
nmap -sV -p 25 TARGET_IP
# Version detection extracts banner info
# Manual SMTP commands
EHLO test
# Response reveals supported extensionsParse banner information:
Banner reveals:
- Server software (Postfix, Sendmail, Exchange)
- Version information
- Hostname
- Supported SMTP extensions (STARTTLS, AUTH, etc.)Phase 4: SMTP Command Enumeration
Test available SMTP commands:
# Connect and test commands
nc TARGET_IP 25
# Initial greeting
EHLO attacker.com
# Response shows capabilities:
250-mail.target.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-8BITMIME
250 DSNKey commands to test:
# VRFY - Verify user exists
VRFY admin
250 2.1.5 admin@target.com
# EXPN - Expand mailing list
EXPN staff
250 2.1.5 user1@target.com
250 2.1.5 user2@target.com
# RCPT TO - Recipient verification
MAIL FROM:<test@attacker.com>
RCPT TO:<admin@target.com>
# 250 OK = user exists
# 550 = user doesn't existPhase 5: User Enumeration
Enumerate valid email addresses:
# Using smtp-user-enum with VRFY
smtp-user-enum -M VRFY -U /usr/share/wordlists/users.txt -t TARGET_IP
# Using EXPN method
smtp-user-enum -M EXPN -U /usr/share/wordlists/users.txt -t TARGET_IP
# Using RCPT method
smtp-user-enum -M RCPT -U /usr/share/wordlists/users.txt -t TARGET_IP
# Specify port and domain
smtp-user-enum -M VRFY -U users.txt -t TARGET_IP -p 25 -d target.comUsing Metasploit:
use auxiliary/scanner/smtp/smtp_enum
set RHOSTS TARGET_IP
set USER_FILE /usr/share/wordlists/metasploit/unix_users.txt
set UNIXONLY true
runUsing Nmap:
# SMTP user enumeration script
nmap --script smtp-enum-users -p 25 TARGET_IP
# With custom user list
nmap --script smtp-enum-users --script-args smtp-enum-users.methods={VRFY,EXPN,RCPT} -p 25 TARGET_IP🎯 Best For
- QA engineers
- Developers writing unit tests
- Claude users
- Content creators
- Writers
💡 Use Cases
- Generating test cases for edge conditions
- Writing integration test suites
- Drafting marketing emails
- Writing cold outreach
📖 How to Use This Skill
- 1
Install the Skill
Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.
- 2
Load into Your AI Assistant
Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.
- 3
Apply Smtp Penetration Testing to Your Work
Provide context for your task — paste source material, describe your audience, or share existing work to guide the AI.
- 4
Review and Refine
Edit the AI output for accuracy, tone, and completeness. Add human insight where the AI lacks context.
❓ Frequently Asked Questions
Does this generate test mocks?
Many testing skills include mock generation. Check the install command and skill content for details.
Can Smtp Penetration Testing maintain my brand voice?
Yes — provide style guides or example content in your prompt for consistent brand-aligned output.
How do I install Smtp Penetration Testing?
Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/smtp-penetration-testing/SKILL.md, ready to use.
Can I customize this skill for my team?
Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.
⚠️ Common Mistakes to Avoid
Not testing edge cases
AI tends to generate happy-path tests. Manually review for boundary conditions.
Publishing unedited drafts
AI writing needs human editing for facts, flow, and authentic voice.