POP3 mail servers may support different capabilities defined in RFC 2449. By using a POP3 command we can list them, and thanks to Nmap, we can automate this task and include this service information in our scan results.
This recipe will teach you how to list the capabilities of a POP3 mail server by using Nmap.
Open your favorite terminal and enter the following Nmap command:
$ nmap -p110 --script pop3-capabilities <target>
A list of server capabilities will be included in the script output section:
PORT STATE SERVICE 110/tcp open pop3 |_pop3-capabilities: USER CAPA UIDL TOP OK(K) RESP-CODES PIPELINING STLS SASL(PLAIN LOGIN)
The script pop3-capabilities
was submitted by Philip Pickering, and it attempts to retrieve the capabilities of POP3 and POP3S servers. It uses the POP3 command CAPA
to ask the server for a list of supported commands. This script also attempts to retrieve the version string via the IMPLEMENTATION
string, and any other site-specific policy.
The script pop3-capabilities
works with POP3 and POP3S. Mail servers running on a non-standard port can be detected with Nmap's service scan:
$ nmap -sV --script pop3-capabilities <target>
3.143.239.234