Call 1 (201) 549-9007 (US) | +91 - 836-854-5467 (WhatsApp) Email: [email protected]

Email Penetration Testing Part – #1

Email Penetration Testing Part – #1

In this series of Blogs, we will be learning how to do Email Penetration Testing. Methodology to carry out in Pentesting Email.

We will be doing lots of things in this series of Blogs. Let's find out what they are.

  1. Introduction to Email Security
  2. Commonly Used Email Service Protocols
  3. Prerequisites for Email Penetration Testing
  4. Email Pentesting Steps
  5. SMTP Fingerprinting
  6. Directory Harvesting Attacks
  7. NTLM Overflows Attack
  8. Crack Email Passwords
  9. Checking against Phishing and Spamming attacks
  10. Perform Email bombing
  11. Check against CLSID Extension and VBS attachment Vulnerability
  12. Performing Fragmented Message vulnerability Test
  13. Recommendations.

Let's start with the first four steps of our objective.


These days People tend to store their Private Information, Business Information in emails as repositories.

Everyone is using the internet and email these days, that’s what gives confidence to hackers as well. attackers can find ways easily to compromise the security of email systems and access the user’s sensitive information.


SMTP25/TCPSimple Mail Transfer Protocol, the standard for email transmission
ESMTP587/TCPExtended or Enhanced SMTP, Used for Internet mail transfer such as Inter-server mail transfer or mail submission protocol
SSMTP465/TCPSend only program that sends mail from a local computer to a mail server.
POP2109/TCPApplication layer Internet protocol that receives messages from a remote server and relies on SMTP
POP3110/TCPSame as POP2 but doesn’t need SMTP
POP3S995/TCPIt receives SMS from a remote server through SSL or TLS
IMAP2143/TCPThat allows clients to access emails residing on a remote mail server
IMAPS993/TCPConnects to remote server Over SSL
SUBMISSION587/TCPSimilar to SMTP for transmitting outgoing emails to a remote server


  1. Should possess knowledge of email terminology and concepts.
  2. Official documents giving you permission to test the email security of the client organization
  3. Clearly read the Rules of Engagement (ROE) before proceeding.
  4. Armory of tools
  5. In case it is a white box testing
    1. Common email policy of organization & how it is maintained
    2. Official Mail Server IP address, domain name, etc.
    3. A test email ID and address to perform penetration testing.


STEP1: Perform SMTP Service Fingerprinting.
STEP2: Perform Directory Harvest Attacks
STEP3: Enumerate enabled SMTP subsystems and features
STEP4: Perform SMTP Password Bruteforcing
STEP5: Perform NTLM overflows attack through SMTP authentication
STEP6: Test for SMTP open relay
STEP7: SMTP User Enumeration
STEP8: Perform POP3 password brute-forcing
STEP9: Perform IMAP brute-forcing.
STEP10: Test for IMAP process manipulation attack
STEP11: Check for known vulnerabilities in mail servers and hosts
STEP12: Check the patch status of mail server and host systems
STEP13: Try to crack email passwords
STEP14:Check whether anti-Phishing tools are enabled
STEP15:Check whether anti-spamming tools are enabled
STEP16:Try to perform email bombing
STEP17:Perform CLSID extension vulnerability test
STEP18:Perform VBS attachment Vulnerability Test
STEP19:Perform double file extension vulnerability test
STEP20:Perform long file name vulnerability test
STEP21:Perform malformed file extension vulnerability test
STEP22:Perform access exploit vulnerability test
STEP23:Perform fragmented message vulnerability test
STEP24:Perform long subject attachment checking test
STEP25:Perform no file attachment vulnerability test

We will be performing all the steps to email penetration testing in the upcoming blogs

Stay tuned to our pen-testing series of blogs.

Email Penetration Testing – Part #2


Leave a Reply

Your email address will not be published.

Open chat
Hello 👋
Can we help you?
  • Contact Us

    Contact Us