Skip to content

dpnd3v/email_enumerator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
email_enum.py
email_enum.py
 
 
emails.txt
emails.txt
 
 

Repository files navigation

Email Enumerator

OSINT tool for email address enumeration on a target domain. Verifies existence of common addresses via SMTP RCPT TO probing — connects to the target MX server and issues RCPT TO commands without sending any actual email.

Requirements

pip install dnspython

Usage

python email_enum.py <domain> [options]

python email_enum.py example.com
python email_enum.py example.com -o results.txt
python email_enum.py example.com -w custom.txt --threads 15
python email_enum.py example.com -t 8 --idle 30

Wordlist

Place emails.txt in the same directory as the tool. It will be loaded automatically. The included emails.txt contains 1000 entries covering infrastructure prefixes, company roles, social/marketing, DevOps, common first names, and patterns like firstname.lastname, j.smith, no-reply, etc.

To use a different file:

python email_enum.py example.com -w /path/to/custom.txt

Options

Flag Default Description
-w emails.txt Custom wordlist path
--threads 10 Concurrent SMTP threads
-t 5.0 SMTP connection timeout (s)
--sender probe@example.org MAIL FROM address used in probe
--idle 60 Stop after N seconds with no new hits
-o Save output to file

Output

EMAIL                    STATO    MX
-----------------------------------------------
admin@example.com        EXISTS   mail.example.com
info@example.com         EXISTS   mail.example.com

How it works

  1. Resolves MX records for the target domain.
  2. Sends a probe to a guaranteed-nonexistent address to detect catch-all configurations. If detected, results may not be reliable.
  3. For each entry in the wordlist, opens an SMTP connection to the primary MX and issues MAIL FROM + RCPT TO. No email is ever sent.
  4. A 250 response means the address exists. A 550 means it does not.
  5. Stops automatically if no new hit is found within --idle seconds.

Notes

  • Port 25 outbound is blocked by most residential ISPs. Run from a VPS or server if you get connection errors.
  • Keep --threads low (10-20). Aggressive probing triggers rate limiting or temporary blocks on most mail servers.
  • Catch-all domains accept every address — results will be unreliable. The tool detects and warns about this automatically.

About

Async OSINT tool that probes email addresses on a target domain via SMTP RCPT TO, without sending any actual mail. Loads prefixes from emails.txt, resolves MX records, detects catch-all, and auto-stops when idle.

Topics

pentesting pentest-tool osint-tool email-enumeration

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Email Enumerator Latest
Mar 14, 2026

Packages

 
 
 

Contributors

Languages