The main purpose of smtpSMACK is to load user names (from dumps, or from penetration tests) along with a password list in attempt to bruteforce SMTP accounts. this does not work with accounts which support MFA / 2FA. When an account is cracked an e-mail is sent from the targets e-mail address to your e-mail address with the credentials as well as logged to the application itself.
Once a password or account is cracked / discovered that user name is no longer attempted. Additionally smtpSMACK has the ability to choose a random time frame between seconds, minutes or hours between tries as to throw off authentication tries. smtpSMACK supports importing / scraping for e-mail addresses (regular expressions), importing CSV values from within the format that is shown to the application and many other features.
While the application is in BETA1 some features may be removed and re-written for applications such as PDP which is undergoing an revision. Along PDP we may also be writing an application that creates rainbow tables in mysql / sql / etc which can help with the lookup of passwords that have been dumped or cracked. If you need additional information, please e-mail us for more assistance.