Navigation :
995 - POP3S
Identification and Scans
# Retrieve POP3 server capabilities (CAPA, TOP, USER, SASL, RESP-CODES, LOGIN-DELAY, PIPELINING, EXPIRE, UIDL, IMPLEMENTATION)
nmap -v -sV --version-intensity=5 --script pop3-capabilities -p T:995 IP
# Try to bruteforce POP3 accounts
nmap --script pop3-brute --script-args pop3loginmethod=SASL-LOGIN -p T:995 IP
nmap --script pop3-brute --script-args pop3loginmethod=SASL-CRAM-MD5 -p T:995 IP
nmap --script pop3-brute --script-args pop3loginmethod=APOP -p T:995 IP
SSL Checking
# Using openssl
openssl s_client -connect IP:995
Authentication Checking (classical credentials)
USER admin
PASS admin
USER root
PASS root
USER root
PASS toor