documentation/modules/auxiliary/server/capture/pop3.md
## Vulnerable Application
This module creates a mock POP3 server which accepts credentials.
## Verification Steps
1. Start msfconsole
2. Do: ```use auxiliary/server/capture/pop3```
3. Do: ```run```
## Options
## Scenarios
### Testing Script
The following script will attempt a login of the server.
```
require 'net/pop'
puts 'Attempting Login'
Net::POP3.start('127.0.0.1', 110, 'username', 'password') do |pop|
# check for email, should be none
if pop.mails.empty?
puts 'No mail'
end
end
```
### Output from testing script
When this script is run from the Metasploit console, it intermingles with the commands.
```
$ sudo ./msfconsole -qx 'use auxiliary/server/capture/pop3; set srvhost 127.0.0.1; run; ruby test_capture_pop3.rb;creds'
srvhost => 127.0.0.1
[*] Auxiliary module running as background job 0.
[*] exec: ruby test_capture_pop3.rb
[*] Started service listener on 127.0.0.1:110
[*] Server started.
Attempting Login
[+] POP3 LOGIN 127.0.0.1:35766 username / password
No mail
Credentials
===========
host origin service public private realm private_type JtR Format
---- ------ ------- ------ ------- ----- ------------ ----------
127.0.0.1 127.0.0.1 110/tcp (pop3) username password Password
```