25

Traditional SMTP Port

Unencrypted

587

Submission Port

StartTLS

465

SSL/TLS Encrypted Port

SSL/TLS

2525

Unofficial Alternative Port

Unencrypted

EHLO/HELO

Initiates the conversation with the server and identifies the client. EHLO is an extended version of the HELO command.

EHLO example.com

MAIL FROM

Specifies the sender's email address.

MAIL FROM: [email protected]

RCPT TO

Specifies the recipient's email address. This command can be repeated to specify multiple recipients.

RCPT TO: [email protected]<br>RCPT TO: [email protected]

DATA

Indicates the start of the email message data. The email content, including headers and body, is sent after this command.

DATA

Subject

Sets the subject of the email.

Subject: This is the subject of the email

From

Specifies the sender's name or organization.

From: John Doe [email protected]

To

Specifies the recipient's name or organization.

To: Jane Smith [email protected]

CC

Sets carbon copy recipients.

CC: [email protected]

BCC

Sets blind carbon copy recipients. BCC recipients are not visible to other recipients.

BCC: [email protected]

Date

Specifies the date and time the email was composed.

Date: Wed, 28 Jul 2023 12:00:00 +0000

Reply-To

Specifies the email address to which replies should be sent.

Reply-To: [email protected]

Content-Type

Defines the type and encoding of the email content.

Content-Type: text/plain; charset="utf-8"

QUIT

Closes the connection with the SMTP server.

QUIT

Metasploit Framework

A powerful penetration testing tool with various SMTP modules for testing vulnerabilities.

Nmap

A versatile network scanner to identify open SMTP ports and perform basic enumeration.

OpenVAS

A vulnerability scanner to identify weaknesses in SMTP servers and configurations.

smtp-user-enum

A tool for SMTP user enumeration to identify valid email addresses on a target server.

Sendmail

A mail transfer agent to simulate SMTP communication and test SMTP server security.

Netcat (nc)

A general-purpose networking utility to interact with SMTP servers and manually test for vulns.

Swaks

A feature-rich SMTP testing tool to send custom emails, test authentication, and check for relays.

MailSniper

An open-source tool for searching through email inboxes and performing SMTP-related attacks.

Enum4linux

Originally for SMB, can also be used for SMTP user enumeration in specific scenarios.

EHLO/HELO Testing

Basic SMTP testing using telnet to connect to the server and manually issue EHLO/HELO commands.

Email Spoofing

Forging the sender's email address to appear as if it's from a different source.

Email Phishing

Sending deceptive emails to trick recipients into revealing sensitive information.

Man-in-the-Middle (MITM)

Intercepting and possibly altering communication between the email client and server.

Brute-Force Attacks

Repeatedly attempting different username and password combinations to gain unauthorized access.

Email Bombing

Flooding an email inbox with an overwhelming number of emails, causing denial of service.

Email Relay Attacks

Exploiting open email relays to send spam or malicious emails through a compromised server.

SMTP User Enumeration

Determining valid email addresses by exploiting SMTP server responses.

SMTP Command Injection

Manipulating SMTP commands to execute arbitrary code on the SMTP server.

SMTP Header Injection

Injecting malicious content into email headers to trick email clients into unintended actions.

Denial of Service (DoS)

Overwhelming SMTP servers with excessive traffic, causing email service disruption.

Email Harvesting

Using automated tools to gather email addresses for spam campaigns or other malicious purposes.

Email Eavesdropping

Intercepting unencrypted emails during transmission to access sensitive information.

Email Attachment Exploits

Exploiting vulnerabilities in email attachments to execute malware on the recipient's system.

Malicious Email Attachments

Sending attachments or links to infected files or websites to trick recipients into downloading malware or revealing sensitive information.