System Servicessmtpenumerationspoofingrelayvrfyrcpt

iSMTP

iSMTP is an SMTP server tester for user enumeration, internal spoofing, and relay testing. It supports VRFY and RCPT TO methods to identify valid users on target SMTP servers.

Description

iSMTP is designed to test SMTP servers for vulnerabilities related to user enumeration, email spoofing, and open relays. It helps security professionals identify misconfigured SMTP services that could leak valid usernames or allow unauthorized email relay and spoofing. The tool is particularly useful in penetration testing scenarios where assessing email server security is required.

Use cases include enumerating valid user accounts via VRFY or RCPT TO commands, checking for internal spoofing capabilities by crafting custom sender and recipient details, and verifying external relay permissions. It supports testing single hosts or lists of SMTP servers from files, making it efficient for batch operations.

The tool outputs results clearly, marking valid users with [+ success] and invalid ones with [- invalid], and can save detailed logs to files for further analysis.

How It Works

iSMTP connects to SMTP servers on specified IP:port addresses and performs protocol-level tests. For enumeration, it uses SMTP VRFY (type 1) or RCPT TO (type 2) commands against a dictionary of usernames, analyzing server responses to distinguish valid from invalid users. Spoofing tests involve sending custom MAIL FROM, RCPT TO, and sender names to check internal relay policies. Relay testing sends emails to external domains to detect open relays. It supports timeouts and combines tests in any order.

Installation

bash

sudo apt install ismtp

Flags

-f <import file>Imports a list of SMTP servers for testing. (Cannot use with '-h'.)

-h <host>The target IP and port (IP:port). (Cannot use with '-f'.)

-i <consultant email>The consultant's email address.

-s <sndr email>The sender's email address.

-r <rcpt email>The recipient's email address.

--sr <email>Specifies both the sender's and recipient's email address.

-S <sndr name>The sender's first and last name.

-R <rcpt name>The recipient's first and last name.

--SR <name>Specifies both the sender's and recipient's first and last name.

-mEnables SMTP spoof testing.

-e <file>Enable SMTP user enumeration testing and imports email list.

-l <1|2|3>Specifies enumeration type (1 = VRFY, 2 = RCPT TO, 3 = all). (Default is 3.)

-xEnables SMTP external relay testing.

-t <secs>The timeout value. (Default is 10.)

-oCreates "ismtp-results" directory and writes output to ismtp-results/smtp_<service>_<ip>(port).txt

Examples

Test a list of IPs from a file (-f smtp-ips.txt) enumerating usernames from a dictionary file (-e /usr/share/wordlists/metasploit/unix_users.txt).

ismtp -f smtp-ips.txt -e /usr/share/wordlists/metasploit/unix_users.txt

Test a single SMTP server at 192.168.1.25:25 for user enumeration using VRFY and RCPT TO.

ismtp -h 192.168.1.25:25 -e /usr/share/wordlists/metasploit/unix_users.txt

Test multiple SMTP servers for spoofing with specified consultant, sender, and recipient emails.

ismtp -f smtp-ips.txt -m -i consultant@example.com -s sender@example.com -r recipient@example.com

Enable SMTP external relay testing on a single target host.

ismtp -h target:25 -x

Perform VRFY-only user enumeration (type 1) on a list of servers with a user dictionary.

ismtp -f servers.txt -e users.txt -l 1

Enumerate users with 20-second timeout and save output to ismtp-results directory.

ismtp -h host:25 -e emails.txt -t 20 -o

Combine spoofing (-m), relay (-x), and enumeration (-e) tests on a list of servers.

ismtp -f list.txt -m -x -e dict.txt

Updated 2026-04-16kali.org ↗