Last updated
Last updated
As its name implies, IMAP allows you to access your email messages wherever you are; much of the time, it is accessed via the Internet. Basically, email messages are stored on servers. Whenever you check your inbox, your email client contacts the server to connect you with your messages. When you read an email message using IMAP, you aren't actually downloading or storing it on your computer; instead, you are reading it off of the server. As a result, it's possible to check your email from several different devices without missing a thing.
By default, the IMAP protocol works on two ports:
Port 143 - this is the default IMAP non-encrypted port
Port 993 - this is the port you need to use if you want to connect using IMAP securely
If the server supports NTLM auth (Windows) you can obtain sensitive info (versions):
Or automate this with nmap plugin imap-ntlm-info.nse
Listing mailboxes (imap command LIST "" "*")
Listing messages in a mailbox (imap command SELECT INBOX and then SEARCH ALL)
The result of this search is a list of message indicies.
Its also possible to provide more complex search terms. e.g. searching for drafts with password in mail body:
Downloading a message (imap command SELECT Drafts and then FETCH 1 BODY[])
The mail index will be the same index returned from the search operation.
It is also possible to use UID (unique id) to access messages, however it is less conveniant as the search command needs to be manually formatted. E.g.
Also, possible to download just parts of a message, e.g. subject and sender of first 5 messages (the -v is required to see the subject and sender):
Although, its probably cleaner to just write a little for loop:
port:143 CAPABILITY
port:993 CAPABILITY
From
Basic navigation is possible with , but the documentation is light on details so checking the is recommended for precise details.
A nice overview of the search terms possible is located .