Z
zebbern
@mayurrathi
⭐ 40.7k GitHub stars

Smtp Penetration Testing

Smtp Penetration Testing is an writing AI skill with a core value of This skill should be used when the user asks to \"perform SMTP penetration testing\", \"enumerate email users\", \"test for open mail relays\", \"grab SMTP banners\", \"brute force email cre. It helps developers solve real-world problems in the writing domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

This skill should be used when the user asks to \"perform SMTP penetration testing\", \"enumerate email users\", \"test for open mail relays\", \"grab SMTP banners\", \"brute force email cre...

Last verified on: 2026-07-07

Quick Facts

Category writing
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/smtp-penetration-testing && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/smtp-penetration-testing/SKILL.md -o ./skills/smtp-penetration-testing/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# SMTP Penetration Testing


Purpose


Conduct comprehensive security assessments of SMTP (Simple Mail Transfer Protocol) servers to identify vulnerabilities including open relays, user enumeration, weak authentication, and misconfiguration. This skill covers banner grabbing, user enumeration techniques, relay testing, brute force attacks, and security hardening recommendations.


Prerequisites


Required Tools

bash
# Nmap with SMTP scripts
sudo apt-get install nmap

# Netcat
sudo apt-get install netcat

# Hydra for brute force
sudo apt-get install hydra

# SMTP user enumeration tool
sudo apt-get install smtp-user-enum

# Metasploit Framework
msfconsole

Required Knowledge

- SMTP protocol fundamentals

- Email architecture (MTA, MDA, MUA)

- DNS and MX records

- Network protocols


Required Access

- Target SMTP server IP/hostname

- Written authorization for testing

- Wordlists for enumeration and brute force


Outputs and Deliverables


1. **SMTP Security Assessment Report** - Comprehensive vulnerability findings

2. **User Enumeration Results** - Valid email addresses discovered

3. **Relay Test Results** - Open relay status and exploitation potential

4. **Remediation Recommendations** - Security hardening guidance


Core Workflow


Phase 1: SMTP Architecture Understanding


text
Components: MTA (transfer) → MDA (delivery) → MUA (client)

Ports: 25 (SMTP), 465 (SMTPS), 587 (submission), 2525 (alternative)

Workflow: Sender MUA → Sender MTA → DNS/MX → Recipient MTA → MDA → Recipient MUA

Phase 2: SMTP Service Discovery


Identify SMTP servers and versions:


bash
# Discover SMTP ports
nmap -p 25,465,587,2525 -sV TARGET_IP

# Aggressive service detection
nmap -sV -sC -p 25 TARGET_IP

# SMTP-specific scripts
nmap --script=smtp-* -p 25 TARGET_IP

# Discover MX records for domain
dig MX target.com
nslookup -type=mx target.com
host -t mx target.com

Phase 3: Banner Grabbing


Retrieve SMTP server information:


bash
# Using Telnet
telnet TARGET_IP 25
# Response: 220 mail.target.com ESMTP Postfix

# Using Netcat
nc TARGET_IP 25
# Response: 220 mail.target.com ESMTP

# Using Nmap
nmap -sV -p 25 TARGET_IP
# Version detection extracts banner info

# Manual SMTP commands
EHLO test
# Response reveals supported extensions

Parse banner information:


text
Banner reveals:
- Server software (Postfix, Sendmail, Exchange)
- Version information
- Hostname
- Supported SMTP extensions (STARTTLS, AUTH, etc.)

Phase 4: SMTP Command Enumeration


Test available SMTP commands:


bash
# Connect and test commands
nc TARGET_IP 25

# Initial greeting
EHLO attacker.com

# Response shows capabilities:
250-mail.target.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-8BITMIME
250 DSN

Key commands to test:


bash
# VRFY - Verify user exists
VRFY admin
250 2.1.5 admin@target.com

# EXPN - Expand mailing list
EXPN staff
250 2.1.5 user1@target.com
250 2.1.5 user2@target.com

# RCPT TO - Recipient verification
MAIL FROM:<test@attacker.com>
RCPT TO:<admin@target.com>
# 250 OK = user exists
# 550 = user doesn't exist

Phase 5: User Enumeration


Enumerate valid email addresses:


bash
# Using smtp-user-enum with VRFY
smtp-user-enum -M VRFY -U /usr/share/wordlists/users.txt -t TARGET_IP

# Using EXPN method
smtp-user-enum -M EXPN -U /usr/share/wordlists/users.txt -t TARGET_IP

# Using RCPT method
smtp-user-enum -M RCPT -U /usr/share/wordlists/users.txt -t TARGET_IP

# Specify port and domain
smtp-user-enum -M VRFY -U users.txt -t TARGET_IP -p 25 -d target.com

Using Metasploit:


bash
use auxiliary/scanner/smtp/smtp_enum
set RHOSTS TARGET_IP
set USER_FILE /usr/share/wordlists/metasploit/unix_users.txt
set UNIXONLY true
run

Using Nmap:


bash
# SMTP user enumeration script
nmap --script smtp-enum-users -p 25 TARGET_IP

# With custom user list
nmap --script smtp-enum-users --script-args smtp-enum-users.methods={VRFY,EXPN,RCPT} -p 25 TARGET_IP

🎯 Best For

  • QA engineers
  • Developers writing unit tests
  • Claude users
  • Content creators
  • Writers

💡 Use Cases

  • Generating test cases for edge conditions
  • Writing integration test suites
  • Drafting marketing emails
  • Writing cold outreach

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Smtp Penetration Testing to Your Work

    Provide context for your task — paste source material, describe your audience, or share existing work to guide the AI.

  4. 4

    Review and Refine

    Edit the AI output for accuracy, tone, and completeness. Add human insight where the AI lacks context.

❓ Frequently Asked Questions

Does this generate test mocks?

Many testing skills include mock generation. Check the install command and skill content for details.

Can Smtp Penetration Testing maintain my brand voice?

Yes — provide style guides or example content in your prompt for consistent brand-aligned output.

How do I install Smtp Penetration Testing?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/smtp-penetration-testing/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Not testing edge cases

AI tends to generate happy-path tests. Manually review for boundary conditions.

Publishing unedited drafts

AI writing needs human editing for facts, flow, and authentic voice.

🔗 Related Skills