smtp-penetration-testinglisted

This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.
aiskillstore/marketplace · ★ 334 · Testing & QA · score 83

Install: claude install-skill aiskillstore/marketplace

# SMTP Penetration Testing ## Purpose Conduct comprehensive security assessments of SMTP (Simple Mail Transfer Protocol) servers to identify vulnerabilities including open relays, user enumeration, weak authentication, and misconfiguration. This skill covers banner grabbing, user enumeration techniques, relay testing, brute force attacks, and security hardening recommendations. ## Prerequisites ### Required Tools ```bash # Nmap with SMTP scripts sudo apt-get install nmap # Netcat sudo apt-get install netcat # Hydra for brute force sudo apt-get install hydra # SMTP user enumeration tool sudo apt-get install smtp-user-enum # Metasploit Framework msfconsole ``` ### Required Knowledge - SMTP protocol fundamentals - Email architecture (MTA, MDA, MUA) - DNS and MX records - Network protocols ### Required Access - Target SMTP server IP/hostname - Written authorization for testing - Wordlists for enumeration and brute force ## Outputs and Deliverables 1. **SMTP Security Assessment Report** - Comprehensive vulnerability findings 2. **User Enumeration Results** - Valid email addresses discovered 3. **Relay Test Results** - Open relay status and exploitation potential 4. **Remediation Recommendations** - Security hardening guidance ## Core Workflow ### Phase 1: SMTP Architecture Understanding ``` Components: MTA (transfer) �� MDA (delivery) → MUA (client) Ports: 25 (SMTP), 465 (SMTPS), 587 (submission), 2525 (alternative) Workflow: Sender MUA → Sender MTA → DNS/MX → Re