The Simple Mail Transfer Protocol (SMTP) service has two internal commands that allow the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which reveals the actual address of users' aliases and lists of emails (mailing lists)).
The SMTP User Enumeration Utility auxiliary module, through the implementation of these SMTP commands, can reveal a list of valid users.
The SMTP User Enumeration Utility auxiliary module, by default, will use the unix_users.txt
file located at /usr/share/metasploit-framework/data/wordlists/
, but you can specify your own. To run the module, set the target address range, the number of concurrent threads, and type run
:
msf > use auxiliary/scanner/smtp/smtp_enum msf auxiliary(smtp_enum) > set RHOSTS 192.168.216.129 msf auxiliary(smtp_enum) > set THREADS 256 THREADS => 256 msf auxiliary(smtp_enum) > run [*] 192.168.216.129:25 - 192.168.216.129:25 Banner: 220 metasploitable.localdomain...