Habilidades smtp-penetration-testing

📧

smtp-penetration-testing

Name: smtp-penetration-testing
Author: sickn33

Riesgo alto ⚙️ Comandos externos🌐 Acceso a red

Test SMTP Server Security

This skill enables security professionals to conduct comprehensive SMTP server penetration tests, identifying vulnerabilities like open relays, weak authentication, and user enumeration risks.

Soporta: Claude Codex Code(CC)

⚠️ 57 Deficiente

Descargar el ZIP de la skill

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

Activa y empieza a usar

Pruébalo

Usando "smtp-penetration-testing". Perform SMTP banner grab on mail.target.com

Resultado esperado:

Banner Analysis Results:
- Server: Postfix
- Version: 3.4.5
- Hostname: mail.target.com
- Supported Extensions: PIPELINING, SIZE, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN
- Security Concerns: VRFY command is enabled (user enumeration risk)

Usando "smtp-penetration-testing". Test for open relay on mail.target.com

Resultado esperado:

Open Relay Test Results:
- Test 1 (anonymous): PASS (vulnerable)
- Test 2 (authenticated): BLOCKED
- Recommendation: Disable anonymous relay; require authentication for external delivery

Auditoría de seguridad

Riesgo alto

v1 • 2/25/2026

This skill teaches legitimate SMTP penetration testing techniques using standard security tools (Nmap, Metasploit, Hydra). Static scanner flagged 181 potential issues including Metasploit usage, network scanning tools, and brute force commands. However, these are FALSE POSITIVES - the flagged patterns are standard penetration testing tools and techniques used by security professionals for authorized assessments. The skill includes legal disclaimers requiring written authorization. Risk level set to HIGH because the skill provides actionable instructions for user enumeration, brute force attacks, and relay testing that could be misused without proper authorization.

Archivos escaneados

506

Líneas analizadas

hallazgos

Auditorías totales

Problemas de riesgo alto (2)

SKILL.md:33-35 SKILL.md:179-187 SKILL.md:221-227 SKILL.md:266-275 SKILL.md:446-451

Metasploit Framework Usage

Skill teaches use of Metasploit auxiliary modules for SMTP enumeration and relay testing. Metasploit is a legitimate penetration testing framework commonly used by security professionals for authorized assessments.

SKILL.md:246-258 SKILL.md:260-264

Brute Force Authentication Testing

Skill teaches brute force attacks against SMTP authentication using Hydra and Medusa tools. These are standard password cracking tools used in authorized penetration tests.

Problemas de riesgo medio (2)

SKILL.md:163-177

User Enumeration Techniques

Skill documents VRFY, EXPN, and RCPT command enumeration methods to discover valid email addresses. These are standard reconnaissance techniques.

SKILL.md:199-219

Open Relay Testing

Skill teaches testing for open mail relays which can be exploited for spam distribution. Testing for open relays is a legitimate security assessment.

Problemas de riesgo bajo (2)

SKILL.md:72-85

Network Scanning Tools

Skill uses Nmap for service discovery and vulnerability scanning. Nmap is a standard network reconnaissance tool used by security professionals.

SKILL.md:87-117

Banner Grabbing Documentation

Skill documents banner grabbing techniques using Telnet, Netcat, and Nmap. Banner grabbing is basic reconnaissance.

Factores de riesgo

⚙️ Comandos externos (1)

SKILL.md:20-486

🌐 Acceso a red (1)

SKILL.md:2-502

Patrones detectados

Actionable Attack Instructions

Auditado por: claude

Puntuación de calidad

Arquitectura

100

Mantenibilidad

Contenido

Comunidad

Seguridad

Cumplimiento de la especificación

Lo que puedes crear

Authorized Security Assessment

Security professionals conducting penetration tests on organization-owned mail servers to identify and remediate vulnerabilities.

Email Infrastructure Hardening

System administrators evaluating their SMTP server configurations to ensure compliance with security best practices.

Security Training and Education

Security training environments teaching students about SMTP vulnerabilities and testing methodologies in controlled lab settings.

Prueba estos prompts

Basic SMTP Scan

Perform an SMTP penetration test on mail.example.com. Identify the SMTP server version, test for open relay vulnerabilities, and check if VRFY/EXPN commands are enabled.

User Enumeration Assessment

Conduct user enumeration testing against the SMTP server at 192.168.1.50 using the VRFY and RCPT methods. Use the provided wordlist for testing common usernames.

Full Security Audit

Conduct a comprehensive SMTP security assessment including banner grabbing, user enumeration, open relay testing, TLS configuration analysis, and SPF/DKIM/DMARC verification for domain example.com.

Brute Force Authentication Test

Test SMTP authentication security on mail.target.com using Hydra with the top-100 password wordlist. Report any weak credentials discovered.

Mejores prácticas

Always obtain written authorization before testing any system you do not own
Document all testing activities including timestamps, commands executed, and findings
Use rate limiting in your testing to avoid overwhelming target systems
Report vulnerabilities to system administrators through proper channels

Evitar

Never test systems without explicit authorization, even for educational purposes
Avoid using real passwords or sensitive data during testing
Do not exploit discovered vulnerabilities beyond the scope of authorized testing
Never share or sell harvested email addresses or credentials

Preguntas frecuentes

Is SMTP penetration testing legal?

SMTP penetration testing is legal only when performed on systems you own or have explicit written authorization to test. Unauthorized testing is illegal and may result in criminal charges.

What tools are required for SMTP testing?

Common tools include Nmap with SMTP scripts, smtp-user-enum, Hydra for brute force, Netcat for manual testing, and Metasploit for advanced modules.

Can I test any SMTP server I find?

No. Finding an SMTP server does not give you permission to test it. You must have written authorization from the system owner before conducting any security testing.

What are the main SMTP vulnerabilities to test?

Key vulnerabilities include open relay misconfigurations, enabled VRFY/EXPN commands (user enumeration), weak authentication, missing or weak TLS encryption, and missing email authentication records (SPF/DKIM/DMARC).

How do I test for open relays safely?

Use Nmap's smtp-open-relay script or manual testing with test@example.com as the external recipient. Always use test domains and document findings without actually relaying spam.

What should I do if I find a critical vulnerability?

Document the finding thoroughly, immediately stop any further testing that could cause damage, and report the vulnerability to the system administrator through proper channels following responsible disclosure practices.

Detalles del desarrollador

Autor

sickn33

Licencia

MIT

Repositorio

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/smtp-penetration-testing

Ref.

main

Estructura de archivos

📄 SKILL.md