id: smtp-user-enum

info:
  name: SMTP User Enumeration
  author: pussycat0x,userdehghani
  severity: medium
  description: |
    enumerate the users on a SMTP server by issuing the VRFY/EXPN commands
  reference:
    - https://nmap.org/nsedoc/scripts/smtp-enum-users.html
  metadata:
    max-request: 4
    shodan-query: smtp
    verified: true
  tags: network,enum,smtp,mail

tcp:
  - inputs:
      - data: "VRFY {{useraccounts}}\n"
        read: 1024
      - data: "EXPN {{useraccounts}}\n"
        read: 1024

    host:
      - "{{Hostname}}"
    port: 25,2525,465,587

    attack: batteringram
    payloads:
      useraccounts:
        - msfadmin
        - admin
        - root

    matchers:
      - type: word
        words:
          - "252"
          - "250"
        condition: or
# digest: 4a0a0047304502201e244c7d92331fb357eefd1fc3114fee12dc7a6022ea35a3a42307971934b88602210093a41a1472138e79b70d1cccb2c675e594dc98761d6a1f4a7e400d5246e60661:922c64590222798bb761d5b6d8e72950