id: smtp-user-enum

info:
  name: SMTP User Enumeration
  author: pussycat0x
  severity: medium
  description: |
    enumerate the users on a SMTP server by issuing the VRFY/EXPN commands
  reference:
    - https://nmap.org/nsedoc/scripts/smtp-enum-users.html
  metadata:
    max-request: 1
    shodan-query: smtp
    verified: true
  tags: network,enum,smtp,mail

tcp:
  - inputs:
      - data: "VRFY {{useraccounts}}\n"
        read: 1024
      - data: "EXPN {{useraccounts}}\n"
        read: 1024

    host:
      - "{{Hostname}}"
    port: 25

    attack: batteringram
    payloads:
      useraccounts:
        - msfadmin
        - admin
        - root

    matchers:
      - type: word
        words:
          - "252"
          - "250"
        condition: or
# digest: 4a0a00473045022041e42f434ed812668104392bfab3a1a2d6356cad0479e998247f689f925e5f38022100dec72375a0062cbb17cf3aebee222c0992e8d20f9917e2824d5c315190cbd164:922c64590222798bb761d5b6d8e72950