smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail). Enumeration is performed by inspecting the responses to VRFY, EXPN and RCPT TO commands. It could be adapted to work against other vulnerable SMTP daemons, but this hasn’t been done as of v1.0.
Installation smtp-user-enum is just a stand alone PERL script, so installation is as simple as copying it to your path (e.g. /usr/local/bin). It has only been tested under Linux so far.
It depends on the following PERL modules which you may need to install first:
Socket IO::Handle IO::Select IO::Socket::INET Getopt::Std If you have PERL installed, you should be able to install the modules from CPAN:
# perl -MCPAN -e shell cpan> install Getopt::Std Usage smtp-user-enum simply needs to be passed a list of users and at least one target running an SMTP service.
smtp-user-enum v1.0 ( http://pentestmonkey.net/tools/smtp-user-enum )
Usage: smtp-user-enum.pl [options] (-u username|-U file-of-usernames) (-t host|-T file-of-targets)
Use this option when you want to guess valid email addresses instead of just usernames
e.g. "-D example.com" would guess firstname.lastname@example.org, email@example.com, etc. Instead of simply the usernames foo and bar. -U file File of usernames to check via smtp service -t host Server host running smtp service -T file File of hostnames running the smtp service -p port TCP port on which smtp service runs (default: 25) -d Debugging output -t n Wait a maximum of n seconds for reply (default: 5) -v Verbose -h This help message