From 4e984de0a2354c9f4760755bd1284f8b50686b09 Mon Sep 17 00:00:00 2001
From: AV-IO <ianguile513@gmail.com>
Date: Sat, 2 Nov 2024 20:42:52 -0700
Subject: [PATCH] Adding support for command enum through `EHLO`

---
 .../enumeration/smtp/smtp-commands-enum.yaml  | 36 +++++++++++++++++--
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/network/enumeration/smtp/smtp-commands-enum.yaml b/network/enumeration/smtp/smtp-commands-enum.yaml
index ad08fb9f3d..c39894b441 100644
--- a/network/enumeration/smtp/smtp-commands-enum.yaml
+++ b/network/enumeration/smtp/smtp-commands-enum.yaml
@@ -18,9 +18,8 @@ tcp:
       - data: ""
         read: 256
       - data: "EHLO x\r\n"
+        name: ehlo
         read: 1024
-      - data: "HELP\r\n"
-        read: 2048
       - data: "QUIT\r\n"
         read: 8
 
@@ -30,11 +29,42 @@ tcp:
 
     matchers:
       - type: word
+        name: ehlo
+        part: ehlo
         words:
-          - "214"
+          - '250'
 
     extractors:
       - type: regex
+        part: ehlo
+        group: 1
+        regex:
+          - '250[\- ]([A-Z0-9 \-]+)'
+
+  - inputs:
+    - data: ""
+      read: 256
+    - data: "HELP\r\n"
+      name: help
+      read: 2048
+    - data: "QUIT\r\n"
+      read: 8
+    
+    host:
+      - "{{Hostname}}"
+    port: 25,2525,465,587
+
+    matchers:
+      - type: word
+        name: help
+        part: help
+        words:
+          - '214'
+    
+    extractors:
+      - type: regex
+        part: help
+        group: 1
         regex:
           - '214[\- ](.*)'
 # digest: 4a0a00473045022054b4221e3e3c486ef9992134338fb8b67f69ddda932dc69aa6854955ae0ac5ce022100af7395e6f3ff1bb6cba3fb14943a501b01a2124e4f57f1c294233490c2b57c35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file