• 👉 Overview
• 👀 What ?
• 🧐 Why ?
• ⛏️ How ?
• ⏳ When ?
• ⚙️ Technical Explanation
• Manual Enumeration
• 1. Enumeration with VRFY command
• 2. Enumeration with RCPT TO: command
• 3. Enumeration with EXPN command
• Tools
• Nmap
• Metasploit
• Python
• 🖇️ Références

👉 Overview

👀 What ?

SMTP User Enumeration is a technique employed by security professionals and cybercriminals alike to identify valid email addresses linked to an SMTP server. The process involves the sending of specific commands, such as VRFY, EXPN, and RCPT TO, to the SMTP server and analyzing its responses to determine the existence of email addresses. This technique can enable an individual to amass a list of valid email addresses, which can subsequently be used for various purposes, from penetration testing to launching phishing or spam campaigns.

🧐 Why ?

Understanding SMTP enumeration is crucial to both cybersecurity professionals and system administrators. For attackers, valid email addresses are valuable data. They are often the starting point for various cyber-attacks like phishing or spam campaigns. For defenders, being aware of this technique and the tools used can help in setting up appropriate defenses, such as configuring SMTP servers to limit information leakage.

⛏️ How ?

SMTP User Enumeration involves using tools to automate the process of sending SMTP commands and analyzing the server's responses. Tools like Metasploit, Smtp-user-enum, and Swaks can be used to perform SMTP User Enumeration.

⏳ When ?

SMTP User Enumeration, as a technique, has been in existence as long as the SMTP protocol, which was first defined in 1982. Originally, the protocol lacked measures to prevent this type of enumeration, as the focus was primarily on functionality over security. As the abuse of this protocol feature became more widespread, system administrators and email service providers began to implement measures to limit the effectiveness of SMTP User Enumeration. This included disabling certain commands or providing ambiguous responses.

⚙️ Technical Explanation

Manual Enumeration

1. Enumeration with VRFY command

2. Enumeration with RCPT TO: command

3. Enumeration with EXPN command

Tools

Nmap

Metasploit

Python

https://pypi.org/project/smtp-user-enum/

pip install smtp-user-enum

$ smtp-user-enum -U /usr/share/wordlists/metasploit/unix_users.txt mail.example.tld 25

🖇️ Références

• https://helladmin.gitbooks.io/pentesting-handbook/content/phase-2-scanning/service-enumeration/25-tcp-simple-mail-transfer-protocol-smtp.html
• https://pypi.org/project/smtp-user-enum/