SMTPEXvish3ll v3.0
S M T P E X P L O I T F R A M E W O R K | C R E D E N T I A L E X T R A C T O R
SMTPEXvish3ll v3.0 — Tool Description
SMTPEXSMTPEXvish3l is a high-performance, async credential harvesting and misconfiguration scanner designed for penetration testers and security researchers. It mass-scans large lists of domains and IPs looking for exposed sensitive files and server misconfigurations.
What It Scans For
Module 01 — ENV & Credential Harvester
Probes each target across 3 scan modes:
Mode Paths Speed
FAST 30 high-priority paths Fastest
FULL 239 paths Balanced
ULTRA 1305+ paths (BabaYaga) Maximum coverage
In ULTRA mode, it simultaneously hunts for:
.env files — extracts 25+ credential categories: SMTP, Database, AWS, Stripe, PayPal, Twilio, OpenAI, GitHub, SSH, Docker, Telegram, Cloudflare, and more
phpinfo() pages — PHP version, server paths, all environment variables
wp-config.php — WordPress MySQL credentials (auto-saved to MySQL-Cracked.txt)
Laravel debug logs — credentials leaked in stack traces
SSH private keys — RSA, EC, OpenSSH
Docker Compose files — service passwords and configurations
.git/config — private repo URLs, embedded credentials
SQL backup dumps — full database dumps
.htpasswd files — HTTP auth password hashes
CMS config files — Joomla, Drupal, Magento database credentials
Apache/Nginx/PHP-FPM status pages — server internals, version, load, workers
What It Does With Hits
Every exposed file found is:
Displayed in real-time in a rich terminal with color-coded category banners
Saved instantly to Results/Cracked/ organized by type (ALL_CREDS.txt, SMTP.txt, AWS.txt, WP-CONFIG-EXPOSED.txt, etc.)
Reported via Telegram with a formatted alert including extracted credentials
For SMTP credentials found, it live-validates them by attempting an actual connection. For AWS keys, it verifies SES access and sending quotas.
Other Modules
Module 02 — List Generator
Reverse IP lookup, ASN bulk grabber, CIDR expansion, domain grabbers, live IP checker
Module 03 — Custom SMTP Cracker
Brute-forces SMTP with combo lists against a specific host, SSL/TLS support
License System
HWID-locked license — each copy is tied to the buyer's hardware fingerprint. Cannot be shared or transferred.
@sh3ll0nvip
https://t.me/sh3ll0nc0rp