From e9e7ff62c798a1cd64f40fdc2d84d6e0016d0f3d Mon Sep 17 00:00:00 2001
From: AV-IO <ianguile513@gmail.com>
Date: Sat, 2 Nov 2024 20:41:47 -0700
Subject: [PATCH] Increasing support for `HELP` reading across servers

---
 network/enumeration/smtp/smtp-commands-enum.yaml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/network/enumeration/smtp/smtp-commands-enum.yaml b/network/enumeration/smtp/smtp-commands-enum.yaml
index c93258056e..ad08fb9f3d 100644
--- a/network/enumeration/smtp/smtp-commands-enum.yaml
+++ b/network/enumeration/smtp/smtp-commands-enum.yaml
@@ -2,7 +2,7 @@ id: smtp-commands-enum
 
 info:
   name: SMTP Commands Enumeration
-  author: pussycat0x,userdehghani
+  author: pussycat0x,userdehghani,AV-IO
   severity: info
   description: |
     Attempts to use EHLO and HELP to gather the Extended commands supported by an SMTP server.
@@ -15,10 +15,14 @@ info:
   tags: network,enum,smtp,mail,tcp
 tcp:
   - inputs:
+      - data: ""
+        read: 256
       - data: "EHLO x\r\n"
         read: 1024
       - data: "HELP\r\n"
-        read: 1024
+        read: 2048
+      - data: "QUIT\r\n"
+        read: 8
 
     host:
       - "{{Hostname}}"
@@ -28,11 +32,9 @@ tcp:
       - type: word
         words:
           - "214"
-          - "This server supports"
-        condition: and
 
     extractors:
       - type: regex
         regex:
-          - '214 (.*)'
+          - '214[\- ](.*)'
 # digest: 4a0a00473045022054b4221e3e3c486ef9992134338fb8b67f69ddda932dc69aa6854955ae0ac5ce022100af7395e6f3ff1bb6cba3fb14943a501b01a2124e4f57f1c294233490c2b57c35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file