Does it support testing for encrypted mail connections?

Absolutely. The skill provides commands for testing STARTTLS support and direct SSL/TLS configurations on ports 465 and 587 using OpenSSL and Nmap.

What tools are required to use the SMTP Penetration Testing skill?

This skill leverages industry-standard tools including Nmap, Netcat, Hydra, smtp-user-enum, and the Metasploit Framework to conduct various stages of the security assessment.

Can this skill help prevent email spoofing?

Yes, it includes specialized workflows for analyzing SPF, DKIM, and DMARC records, which are essential for preventing domain spoofing and ensuring email authenticity.

Is user enumeration still possible on modern mail servers?

While many modern servers disable VRFY and EXPN, this skill provides alternative techniques like RCPT TO timing analysis and bounce-back verification to identify valid users.

SMTP Penetration Testing

Name: SMTP Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Performs comprehensive security assessments and penetration testing on SMTP mail servers to identify vulnerabilities and misconfigurations.

关于

This skill provides a structured framework for auditing the security of Simple Mail Transfer Protocol (SMTP) servers. It guides users through the entire penetration testing lifecycle, including service discovery, banner grabbing, and advanced user enumeration using VRFY, EXPN, and RCPT methods. The skill also covers critical vulnerability checks such as open relay testing, credential brute-forcing with Hydra, and analysis of email authentication records like SPF, DKIM, and DMARC. It is designed for security professionals and system administrators looking to harden mail infrastructure against unauthorized access and spoofing.

主要功能

Comprehensive SMTP service discovery and version detection
0 GitHub stars
Advanced user enumeration using multiple protocol methods
Automated and manual open relay vulnerability testing
Authentication security auditing and brute-force simulation
Detailed SPF, DKIM, and DMARC configuration analysis

使用场景

Conducting authorized security audits on corporate email infrastructure
Identifying and remediating open relay vulnerabilities to prevent spam abuse
Verifying mail server hardening against user enumeration and spoofing attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter smtp-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于