SMTP Penetration Testing

About

This skill provides specialized workflows for conducting deep security evaluations of Simple Mail Transfer Protocol (SMTP) infrastructure. It enables Claude to guide users through structured phases of a security audit, including service discovery, banner grabbing, and advanced user enumeration using techniques like VRFY and EXPN. The skill is designed to identify critical vulnerabilities such as open relays, weak authentication, and command injection, while also providing analysis patterns for email security protocols like SPF, DKIM, and DMARC to prevent spoofing and domain abuse.

Key Features

• Email authentication analysis for SPF, DKIM, and DMARC records
• Comprehensive open relay vulnerability identification and testing
• Automated SMTP service discovery and banner grabbing workflows
• Advanced user enumeration using VRFY, EXPN, and RCPT methods
• 0 GitHub stars
• Guided brute-force simulations for testing credential strength

Use Cases

• Auditing enterprise mail servers for misconfigurations and data leaks
• Hardening email infrastructure against spoofing and phishing attacks
• Identifying unauthorized open relays to prevent domain blacklisting