id: smtp-user-enum

info:
  name: SMTP User Enumeration
  author: pussycat0x,userdehghani
  severity: medium
  description: |
    enumerate the users on a SMTP server by issuing the VRFY/EXPN commands
  reference:
    - https://nmap.org/nsedoc/scripts/smtp-enum-users.html
  metadata:
    verified: true
    max-request: 1
    shodan-query: smtp
  tags: network,enum,smtp,mail,tcp

tcp:
  - inputs:
      - data: "VRFY {{useraccounts}}\n"
        read: 1024
      - data: "EXPN {{useraccounts}}\n"
        read: 1024

    host:
      - "{{Hostname}}"
    port: 25,2525,465,587

    attack: batteringram
    payloads:
      useraccounts:
        - msfadmin
        - admin
        - root

    matchers:
      - type: word
        words:
          - "252"
          - "250"
        condition: or
# digest: 490a00463044022045f2e17418786fe91e5ecaacdabc53004f178642b6b7c1a6738b59594cc949650220599fdcb7e3f2c71f855234f2cfefd6a18a55240c8233c8e10de5c9b8b986382f:922c64590222798bb761d5b6d8e72950