Fähigkeiten smtp-penetration-testing

📧

smtp-penetration-testing

Name: smtp-penetration-testing
Author: sickn33

Hohes Risiko ⚙️ Externe Befehle🌐 Netzwerkzugriff

Test SMTP Server Security

This skill enables security professionals to conduct comprehensive SMTP server penetration tests, identifying vulnerabilities like open relays, weak authentication, and user enumeration risks.

Unterstützt: Claude Codex Code(CC)

⚠️ 57 Schlecht

Die Skill-ZIP herunterladen

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

Einschalten und loslegen

Teste es

Verwendung von "smtp-penetration-testing". Perform SMTP banner grab on mail.target.com

Erwartetes Ergebnis:

Banner Analysis Results:
- Server: Postfix
- Version: 3.4.5
- Hostname: mail.target.com
- Supported Extensions: PIPELINING, SIZE, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN
- Security Concerns: VRFY command is enabled (user enumeration risk)

Verwendung von "smtp-penetration-testing". Test for open relay on mail.target.com

Erwartetes Ergebnis:

Open Relay Test Results:
- Test 1 (anonymous): PASS (vulnerable)
- Test 2 (authenticated): BLOCKED
- Recommendation: Disable anonymous relay; require authentication for external delivery

Sicherheitsaudit

Hohes Risiko

v1 • 2/25/2026

This skill teaches legitimate SMTP penetration testing techniques using standard security tools (Nmap, Metasploit, Hydra). Static scanner flagged 181 potential issues including Metasploit usage, network scanning tools, and brute force commands. However, these are FALSE POSITIVES - the flagged patterns are standard penetration testing tools and techniques used by security professionals for authorized assessments. The skill includes legal disclaimers requiring written authorization. Risk level set to HIGH because the skill provides actionable instructions for user enumeration, brute force attacks, and relay testing that could be misused without proper authorization.

Gescannte Dateien

506

Analysierte Zeilen

befunde

Gesamtzahl Audits

Probleme mit hohem Risiko (2)

SKILL.md:33-35 SKILL.md:179-187 SKILL.md:221-227 SKILL.md:266-275 SKILL.md:446-451

Metasploit Framework Usage

Skill teaches use of Metasploit auxiliary modules for SMTP enumeration and relay testing. Metasploit is a legitimate penetration testing framework commonly used by security professionals for authorized assessments.

SKILL.md:246-258 SKILL.md:260-264

Brute Force Authentication Testing

Skill teaches brute force attacks against SMTP authentication using Hydra and Medusa tools. These are standard password cracking tools used in authorized penetration tests.

Probleme mit mittlerem Risiko (2)

SKILL.md:163-177

User Enumeration Techniques

Skill documents VRFY, EXPN, and RCPT command enumeration methods to discover valid email addresses. These are standard reconnaissance techniques.

SKILL.md:199-219

Open Relay Testing

Skill teaches testing for open mail relays which can be exploited for spam distribution. Testing for open relays is a legitimate security assessment.

Probleme mit niedrigem Risiko (2)

SKILL.md:72-85

Network Scanning Tools

Skill uses Nmap for service discovery and vulnerability scanning. Nmap is a standard network reconnaissance tool used by security professionals.

SKILL.md:87-117

Banner Grabbing Documentation

Skill documents banner grabbing techniques using Telnet, Netcat, and Nmap. Banner grabbing is basic reconnaissance.

Risikofaktoren

⚙️ Externe Befehle (1)

SKILL.md:20-486

🌐 Netzwerkzugriff (1)

SKILL.md:2-502

Erkannte Muster

Actionable Attack Instructions

Auditiert von: claude

Qualitätsbewertung

Architektur

100

Wartbarkeit

Inhalt

Community

Sicherheit

Spezifikationskonformität

Was du bauen kannst

Authorized Security Assessment

Security professionals conducting penetration tests on organization-owned mail servers to identify and remediate vulnerabilities.

Email Infrastructure Hardening

System administrators evaluating their SMTP server configurations to ensure compliance with security best practices.

Security Training and Education

Security training environments teaching students about SMTP vulnerabilities and testing methodologies in controlled lab settings.

Probiere diese Prompts

Basic SMTP Scan

Perform an SMTP penetration test on mail.example.com. Identify the SMTP server version, test for open relay vulnerabilities, and check if VRFY/EXPN commands are enabled.

User Enumeration Assessment

Conduct user enumeration testing against the SMTP server at 192.168.1.50 using the VRFY and RCPT methods. Use the provided wordlist for testing common usernames.

Full Security Audit

Conduct a comprehensive SMTP security assessment including banner grabbing, user enumeration, open relay testing, TLS configuration analysis, and SPF/DKIM/DMARC verification for domain example.com.

Brute Force Authentication Test

Test SMTP authentication security on mail.target.com using Hydra with the top-100 password wordlist. Report any weak credentials discovered.

Bewährte Verfahren

Always obtain written authorization before testing any system you do not own
Document all testing activities including timestamps, commands executed, and findings
Use rate limiting in your testing to avoid overwhelming target systems
Report vulnerabilities to system administrators through proper channels

Vermeiden

Never test systems without explicit authorization, even for educational purposes
Avoid using real passwords or sensitive data during testing
Do not exploit discovered vulnerabilities beyond the scope of authorized testing
Never share or sell harvested email addresses or credentials

Häufig gestellte Fragen

Is SMTP penetration testing legal?

SMTP penetration testing is legal only when performed on systems you own or have explicit written authorization to test. Unauthorized testing is illegal and may result in criminal charges.

What tools are required for SMTP testing?

Common tools include Nmap with SMTP scripts, smtp-user-enum, Hydra for brute force, Netcat for manual testing, and Metasploit for advanced modules.

Can I test any SMTP server I find?

No. Finding an SMTP server does not give you permission to test it. You must have written authorization from the system owner before conducting any security testing.

What are the main SMTP vulnerabilities to test?

Key vulnerabilities include open relay misconfigurations, enabled VRFY/EXPN commands (user enumeration), weak authentication, missing or weak TLS encryption, and missing email authentication records (SPF/DKIM/DMARC).

How do I test for open relays safely?

Use Nmap's smtp-open-relay script or manual testing with test@example.com as the external recipient. Always use test domains and document findings without actually relaying spam.

What should I do if I find a critical vulnerability?

Document the finding thoroughly, immediately stop any further testing that could cause damage, and report the vulnerability to the system administrator through proper channels following responsible disclosure practices.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/smtp-penetration-testing

Ref

main

Dateistruktur

📄 SKILL.md