SMTP user enumeration¶
If a SMTP server is misconfigured some command may be available:
VRFY- ask server to verify an email address
EXPN- ask server the membership of a mailing list
Tools: nc, script, metasploit (
The SMTP service has two internal commands that allow the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which reveals the actual address of users aliases and lists of e-mail (mailing lists)). Through the implementation of these SMTP commands can reveal a list of valid users.