MoinQ:

Contents

  1. whois
  2. history
https://github.com/hannob/smtpsmug

1. whois

smtpsmug allows sending mails to an smtp server and ending it with various malformed end of data symbol. This tests whether servers are affected by SMTP Smuggling vulnerabilities. Please consider this preliminary and work in progress, I am still trying to fully understand the issue myself.

By default, smtpsmug will send a test mail ending with a '\n.\n' symbol (Unix newlines instead of Windows '\r\n' newlines). It supports multiple other malformed endings. Use --list-tests to show them, --test [testname] to select one.

To test the postfix mitigation, there is now a pipelining test. (May be unstable.)

There are multiple behaviors of mail servers that enable the vulnerability:

2. history


CategoryDns CategoryWatch CategoryTemplate

MoinQ: SMTP/Smuggling/smtpsmug (last edited 2023-12-27 10:47:19 by ToshinoriMaeno)