Advanced multi-threaded SMTP server credential validation tool with real send-test verification.
LEGAL NOTICE: This tool is intended exclusively for authorized security research, SMTP server auditing on systems you own, or penetration testing with explicit written permission. Unauthorized use is illegal. The authors assume no responsibility for misuse.
- Multi-threaded processing — parallel validation scaled to available CPU cores
- Real send-test validation — verifies SMTP credentials by attempting an actual authentication and send
- TCP pre-check — fast port connectivity test before attempting full SMTP handshake
- Result categorization — separates results into valid, invalid, reject, and fail
- Custom input format — supports
smtp://host:user:passwordURL format - Colorful console UI — clear status output with emoji indicators
- Auto-save results — writes categorized results to
Results/directory
| Requirement | Version |
|---|---|
| Windows | 10 / 11 (x64) |
| Pre-compiled binary | No Node.js required |
| Node.js (source only) | 18+ |
- Download
multi-smtp.exefrom Releases - Place it in any folder
- Run
multi-smtp.exe
git clone https://github.com/ByteCodeSecure/MultiSMTP.git
cd MultiSMTP
npm install
node main.js# Windows
build.batOr manually:
npm install -g pkg
pkg . --out-path=build --targets node18-win-x64Run the executable and provide the required information:
multi-smtp.exe
You will be prompted for:
- SMTP list file path — path to your file containing SMTP servers
- Test email address — a valid email where validation messages will be sent
The SMTP list file must contain one server per line using the following URL format:
smtp://mail.example.com:587:user@example.com:password
smtp://smtp.provider.net:465:admin@provider.net:secretpass
smtps://secure.mail.com:465:user@secure.mail.com:mypassword
Format: smtp[s]://host:port:username:password
smtp://— standard SMTPsmtps://— SMTP with SSLhost— SMTP server hostnameport— SMTP port (common: 25, 465, 587)username— authentication username (usually the email address)password— authentication password
All results are saved in the Results/ directory:
| File | Contents | Status |
|---|---|---|
Results/valid.txt |
Successfully authenticated and sent | ✅ Valid |
Results/invalid.txt |
Authentication failed | ❌ Invalid |
Results/reject.txt |
Connection accepted but send rejected | 🚫 Reject |
Results/fail.txt |
Could not connect to server |
| Status | Meaning |
|---|---|
| valid | TCP connection succeeded + SMTP auth succeeded + test email sent |
| invalid | Connected but authentication failed (wrong credentials) |
| reject | Connected and authenticated but message was rejected |
| fail | Could not establish TCP connection to the server |
MultiSMTP/
├── core/
│ └── checker.js # Main SMTP verification orchestrator
├── models/
│ └── smtp.js # Data models (SmtpServer, SmtpResult)
├── services/
│ └── smtp_service.js # SMTP validation logic (nodemailer + tcp)
├── build/ # Compiled binaries
├── main.js # Application entry point
├── package.json
└── build.bat # Windows build script
- TCP Check — Opens a raw TCP socket to
host:portwith a 5-second timeout - SMTP Auth — Uses nodemailer to authenticate with provided credentials
- Send Test — Attempts to send a real email to the provided test address
- Result — Classifies the outcome as valid / invalid / reject / fail
MultiSMTP automatically determines the thread count based on available CPU cores:
maxConcurrent = Math.max(2, Math.floor(os.cpus().length / 2))- Port 465 →
secure: true(SSL/TLS) - Other ports →
secure: false(STARTTLS or plain) - Self-signed certificates are accepted (
rejectUnauthorized: false)
This project is licensed under the MIT License — see LICENSE for full details.
USE RESPONSIBLY. FOR AUTHORIZED USE ONLY.
Pull requests are welcome. For major changes, please open an issue first.
ByteCodeSecure — GitHub