Post Office Protocol (POP/POP3) – port 110

The Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the most commonly used version. Together with IMAP, it is one of the most common protocols for email retrieval.

Netcat

Banner grabbing

nc -nv x.x.x.x 110
USER username
PASS password

Read emails

TIP: Install Thunderbird client (sudo apt install thunderbird).

nc x.x.x.x 110
USER username
PASS password
LIST
RETR 1
RETR 2
...
QUIT

Nmap scripts

ls -la /usr/share/nmap/scripts/pop3*

IP=x.x.x.x
WL=/usr/share/wordlists/rockyou.txt
USERS=/usr/share/seclists/Usernames/top-usernames-shortlist.txt
nmap --script pop3-brute -p 110 $IP --script-args userdb=${USERS},passdb=$WL

read_emails_pop3.py

#!/usr/bin/python3
# https://docs.python.org/3/library/poplib.html
from getpass import getpass
import poplib

def pop3_login(server, username, password):
    pop3 = poplib.POP3(server, port=110, timeout=10)
    #pop3 = poplib.POP3_SSL(server, port=995, timeout=10)
    #pop3.set_debuglevel(2)

    welcome_msg = pop3.getwelcome().decode('utf-8')
    print(welcome_msg)

    try:
        print("INFO: Login on " + server + " with user " + username)
        pop3.user(username)
        pop3.pass_(password)

        # Read emails
        numMessages = len(pop3.list()[1])
        for i in range(numMessages):
            for j in pop3.retr(i+1)[1]:
                print(j)

        pop3.quit()
    except Exception as e:
        print("ERROR: Login failed.")
        print(e)


# Read emails
server='x.x.x.x'

pop3_login(server, 'user1', 'password1')
pop3_login(server, 'user2', 'password2')