From ad994bdbfa15fc365b8416912b02d9d30cd051af Mon Sep 17 00:00:00 2001
From: Tib3rius <48113936+Tib3rius@users.noreply.github.com>
Date: Sun, 22 Aug 2021 08:10:23 -0400
Subject: [PATCH] Plugin updates.

Added "safe" tag to most plugins.
Added an "unsafe" non-default tag.
Created an SMB Vulnerabilities plugin which is unsafe and won't run by default.
---
 plugins/databases.py | 14 +++++------
 plugins/dns.py       |  6 ++---
 plugins/ftp.py       |  2 +-
 plugins/http.py      | 16 ++++++-------
 plugins/kerberos.py  |  2 +-
 plugins/ldap.py      |  4 ++--
 plugins/misc.py      | 55 +++++++++-----------------------------------
 plugins/nfs.py       |  4 ++--
 plugins/rdp.py       |  2 +-
 plugins/redis.py     |  4 ++--
 plugins/rpc.py       |  6 ++---
 plugins/rsync.py     |  4 ++--
 plugins/sip.py       |  4 ++--
 plugins/smb.py       | 40 ++++++++++++++++++++++----------
 plugins/smtp.py      | 33 ++++++++++++++++++++++++++
 plugins/snmp.py      |  6 ++---
 plugins/sslscan.py   |  2 +-
 17 files changed, 110 insertions(+), 94 deletions(-)
 create mode 100644 plugins/smtp.py

diff --git a/plugins/databases.py b/plugins/databases.py
index 7b03051..b45d320 100644
--- a/plugins/databases.py
+++ b/plugins/databases.py
@@ -5,7 +5,7 @@ class NmapMongoDB(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap MongoDB"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name('^mongod')
@@ -18,7 +18,7 @@ class NmapMSSQL(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap MSSQL"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name(['^mssql', '^ms\-sql'])
@@ -34,7 +34,7 @@ class NmapMYSQL(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap MYSQL"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name('^mysql')
@@ -50,7 +50,7 @@ class NmapOracle(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap Oracle"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name('^oracle')
@@ -66,7 +66,7 @@ class OracleTNScmd(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Oracle TNScmd"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name('^oracle')
@@ -80,7 +80,7 @@ class OracleScanner(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Oracle Scanner"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name('^oracle')
@@ -93,7 +93,7 @@ class OracleODAT(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Oracle ODAT"
-		self.tags = ['default', 'databases']
+		self.tags = ['default', 'safe', 'databases']
 
 	def configure(self):
 		self.match_service_name('^oracle')
diff --git a/plugins/dns.py b/plugins/dns.py
index 249b846..50fddfd 100644
--- a/plugins/dns.py
+++ b/plugins/dns.py
@@ -5,7 +5,7 @@ class DNS(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "DNS"
-		self.tags = ['default', 'dns']
+		self.tags = ['default', 'safe', 'dns']
 
 	def configure(self):
 		self.match_service_name('^domain')
@@ -18,7 +18,7 @@ class DNSZoneTransfer(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "DNS Zone Transfer"
-		self.tags = ['default', 'dns']
+		self.tags = ['default', 'safe', 'dns']
 
 	def configure(self):
 		self.match_service_name('^domain')
@@ -34,7 +34,7 @@ class DNSReverseLookup(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "DNS Reverse Lookup"
-		self.tags = ['default', 'dns']
+		self.tags = ['default', 'safe', 'dns']
 
 	def configure(self):
 		self.match_service_name('^domain')
diff --git a/plugins/ftp.py b/plugins/ftp.py
index 90a3b6f..386a0db 100644
--- a/plugins/ftp.py
+++ b/plugins/ftp.py
@@ -5,7 +5,7 @@ class NmapFTP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Nmap FTP'
-		self.tags = ['default', 'ftp']
+		self.tags = ['default', 'safe', 'ftp']
 
 	def configure(self):
 		self.match_service_name(['^ftp', '^ftp\-data'])
diff --git a/plugins/http.py b/plugins/http.py
index 62445b3..052e1be 100644
--- a/plugins/http.py
+++ b/plugins/http.py
@@ -7,7 +7,7 @@ class NmapHTTP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap HTTP"
-		self.tags = ['default', 'http']
+		self.tags = ['default', 'safe', 'http']
 
 	def configure(self):
 		self.match_service_name('^http')
@@ -42,7 +42,7 @@ class Curl(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Curl"
-		self.tags = ['default', 'http']
+		self.tags = ['default', 'safe', 'http']
 
 	def configure(self):
 		self.add_option("path", default="/", help="The path on the web server to curl. Default: %(default)s")
@@ -59,7 +59,7 @@ class CurlRobots(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Curl Robots"
-		self.tags = ['default', 'http']
+		self.tags = ['default', 'safe', 'http']
 
 	def configure(self):
 		self.match_service_name('^http')
@@ -76,7 +76,7 @@ class DirBuster(ServiceScan):
 		self.name = "DirBuster"
 		self.slug = 'dirbuster'
 		self.priority = 0
-		self.tags = ['default', 'http', 'long']
+		self.tags = ['default', 'safe', 'long', 'http']
 
 	def configure(self):
 		self.add_choice_option('tool', default='feroxbuster', choices=['feroxbuster', 'gobuster', 'dirsearch', 'ffuf', 'dirb'], help='The tool to use for directory busting. Default: %(default)s')
@@ -130,7 +130,7 @@ class Nikto(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'nikto'
-		self.tags = ['default', 'http', 'long']
+		self.tags = ['default', 'safe', 'long', 'http']
 
 	def configure(self):
 		self.match_service_name('^http')
@@ -144,7 +144,7 @@ class WhatWeb(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "whatweb"
-		self.tags = ['default', 'http']
+		self.tags = ['default', 'safe', 'http']
 
 	def configure(self):
 		self.match_service_name('^http')
@@ -159,7 +159,7 @@ class WkHTMLToImage(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "wkhtmltoimage"
-		self.tags = ['default', 'http']
+		self.tags = ['default', 'safe', 'http']
 
 	def configure(self):
 		self.match_service_name('^http')
@@ -177,7 +177,7 @@ class WPScan(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'WPScan'
-		self.tags = ['default', 'http']
+		self.tags = ['default', 'safe', 'http']
 
 	def configure(self):
 		self.match_service_name('^http')
diff --git a/plugins/kerberos.py b/plugins/kerberos.py
index d13f1db..488c615 100644
--- a/plugins/kerberos.py
+++ b/plugins/kerberos.py
@@ -5,7 +5,7 @@ class NmapKerberos(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap Kerberos"
-		self.tags = ['default', 'kerberos', 'active-directory']
+		self.tags = ['default', 'safe', 'kerberos', 'active-directory']
 
 	def configure(self):
 		self.match_service_name(['^kerberos', '^kpasswd'])
diff --git a/plugins/ldap.py b/plugins/ldap.py
index 3a6a53a..b82f322 100644
--- a/plugins/ldap.py
+++ b/plugins/ldap.py
@@ -5,7 +5,7 @@ class NmapLDAP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap LDAP"
-		self.tags = ['default', 'ldap', 'active-directory']
+		self.tags = ['default', 'safe', 'ldap', 'active-directory']
 
 	def configure(self):
 		self.match_service_name('^ldap')
@@ -18,7 +18,7 @@ class LDAPSearch(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'LDAP Search'
-		self.tags = ['default', 'ldap', 'active-directory']
+		self.tags = ['default', 'safe', 'ldap', 'active-directory']
 
 	def configure(self):
 		self.match_service_name('^ldap')
diff --git a/plugins/misc.py b/plugins/misc.py
index ec847ec..5af0105 100644
--- a/plugins/misc.py
+++ b/plugins/misc.py
@@ -5,7 +5,7 @@ class NmapCassandra(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap Cassandra"
-		self.tags = ['default', 'cassandra']
+		self.tags = ['default', 'safe', 'cassandra']
 
 	def configure(self):
 		self.match_service_name('^apani1')
@@ -18,7 +18,7 @@ class NmapCUPS(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap CUPS"
-		self.tags = ['default', 'cups']
+		self.tags = ['default', 'safe', 'cups']
 
 	def configure(self):
 		self.match_service_name('^ipp')
@@ -31,7 +31,7 @@ class NmapDistccd(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap distccd"
-		self.tags = ['default', 'distccd']
+		self.tags = ['default', 'safe', 'distccd']
 
 	def configure(self):
 		self.match_service_name('^distccd')
@@ -44,7 +44,7 @@ class NmapFinger(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap finger"
-		self.tags = ['default', 'finger']
+		self.tags = ['default', 'safe', 'finger']
 
 	def configure(self):
 		self.match_service_name('^finger')
@@ -57,7 +57,7 @@ class NmapIMAP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap IMAP"
-		self.tags = ['default', 'imap', 'email']
+		self.tags = ['default', 'safe', 'imap', 'email']
 
 	def configure(self):
 		self.match_service_name('^imap')
@@ -70,7 +70,7 @@ class NmapNNTP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap NNTP"
-		self.tags = ['default', 'nntp']
+		self.tags = ['default', 'safe', 'nntp']
 
 	def configure(self):
 		self.match_service_name('^nntp')
@@ -83,7 +83,7 @@ class NmapPOP3(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap POP3"
-		self.tags = ['default', 'pop3', 'email']
+		self.tags = ['default', 'safe', 'pop3', 'email']
 
 	def configure(self):
 		self.match_service_name('^pop3')
@@ -96,7 +96,7 @@ class NmapRMI(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap RMI"
-		self.tags = ['default', 'rmi']
+		self.tags = ['default', 'safe', 'rmi']
 
 	def configure(self):
 		self.match_service_name(['^java\-rmi', '^rmiregistry'])
@@ -104,45 +104,12 @@ class NmapRMI(ServiceScan):
 	async def run(self, service):
 		await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,rmi-vuln-classloader,rmi-dumpregistry" -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}')
 
-class NmapSMTP(ServiceScan):
-
-	def __init__(self):
-		super().__init__()
-		self.name = "Nmap SMTP"
-		self.tags = ['default', 'smtp', 'email']
-
-	def configure(self):
-		self.match_service_name('^smtp')
-
-	async def run(self, service):
-		await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}')
-
-class SMTPUserEnum(ServiceScan):
-
-	def __init__(self):
-		super().__init__()
-		self.name = 'SMTP-User-Enum'
-		self.tags = ['default', 'smtp', 'email']
-
-	def configure(self):
-		self.match_service_name('^smtp')
-
-	async def run(self, service):
-		await service.execute('hydra smtp-enum://{address}:{port}/vrfy -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_vrfy.txt')
-		await service.execute('hydra smtp-enum://{address}:{port}/expn -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_expn.txt')
-
-	def manual(self, service, plugin_was_run):
-		service.add_manual_command('Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target\'s domain name:', [
-			'hydra smtp-enum://{address}:{port}/rcpt -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -o "{scandir}/{protocol}_{port}_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>'
-		])
-
-
 class NmapTelnet(ServiceScan):
 
 	def __init__(self):
 		super().__init__()
 		self.name = 'Nmap Telnet'
-		self.tags = ['default', 'telnet']
+		self.tags = ['default', 'safe', 'telnet']
 
 	def configure(self):
 		self.match_service_name('^telnet')
@@ -155,7 +122,7 @@ class NmapTFTP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Nmap TFTP'
-		self.tags = ['default', 'tftp']
+		self.tags = ['default', 'safe', 'tftp']
 
 	def configure(self):
 		self.match_service_name('^tftp')
@@ -168,7 +135,7 @@ class NmapVNC(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Nmap VNC'
-		self.tags = ['default', 'vnc']
+		self.tags = ['default', 'safe', 'vnc']
 
 	def configure(self):
 		self.match_service_name('^vnc')
diff --git a/plugins/nfs.py b/plugins/nfs.py
index d47df84..b1a96e3 100644
--- a/plugins/nfs.py
+++ b/plugins/nfs.py
@@ -5,7 +5,7 @@ class NmapNFS(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap NFS"
-		self.tags = ['default', 'nfs']
+		self.tags = ['default', 'safe', 'nfs']
 
 	def configure(self):
 		self.match_service_name(['^nfs', '^rpcbind'])
@@ -18,7 +18,7 @@ class Showmount(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "showmount"
-		self.tags = ['default', 'nfs']
+		self.tags = ['default', 'safe', 'nfs']
 
 	def configure(self):
 		self.match_service_name(['^nfs', '^rpcbind'])
diff --git a/plugins/rdp.py b/plugins/rdp.py
index d53a191..f075e71 100644
--- a/plugins/rdp.py
+++ b/plugins/rdp.py
@@ -5,7 +5,7 @@ class NmapRDP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap RDP"
-		self.tags = ['default', 'rdp']
+		self.tags = ['default', 'safe', 'rdp']
 
 	def configure(self):
 		self.match_service_name(['^rdp', '^ms\-wbt\-server', '^ms\-term\-serv'])
diff --git a/plugins/redis.py b/plugins/redis.py
index 8d816c2..933d0f7 100644
--- a/plugins/redis.py
+++ b/plugins/redis.py
@@ -6,7 +6,7 @@ class NmapRedis(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Nmap Redis'
-		self.tags = ['default', 'redis']
+		self.tags = ['default', 'safe', 'redis']
 
 	def configure(self):
 		self.match_service_name('^redis$')
@@ -19,7 +19,7 @@ class RedisCli(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Redis Cli'
-		self.tags = ['default', 'redis']
+		self.tags = ['default', 'safe', 'redis']
 
 	def configure(self):
 		self.match_service_name('^redis$')
diff --git a/plugins/rpc.py b/plugins/rpc.py
index 17c0562..79ef7cf 100644
--- a/plugins/rpc.py
+++ b/plugins/rpc.py
@@ -1,7 +1,7 @@
 from autorecon import ServiceScan, error
 from shutil import which
 
-class NmapMSRPC(ServiceScan):
+class NmapRPC(ServiceScan):
 
 	def __init__(self):
 		super().__init__()
@@ -19,7 +19,7 @@ class RPCClient(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "rpcclient"
-		self.tags = ['default', 'rpc']
+		self.tags = ['default', 'safe', 'rpc']
 
 	def configure(self):
 		self.match_service_name(['^msrpc', '^rpcbind', '^erpc'])
@@ -32,7 +32,7 @@ class RPCDump(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'rpcdump'
-		self.tags = ['default', 'rpc']
+		self.tags = ['default', 'safe', 'rpc']
 
 	def configure(self):
 		self.match_service_name(['^msrpc', '^rpcbind', '^erpc'])
diff --git a/plugins/rsync.py b/plugins/rsync.py
index 84e3b53..52c02d5 100644
--- a/plugins/rsync.py
+++ b/plugins/rsync.py
@@ -5,7 +5,7 @@ class NmapRsync(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Nmap Rsync'
-		self.tags = ['default', 'rsync']
+		self.tags = ['default', 'safe', 'rsync']
 
 	def configure(self):
 		self.match_service_name('^rsync')
@@ -18,7 +18,7 @@ class RsyncList(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = 'Rsync List Files'
-		self.tags = ['default', 'rsync']
+		self.tags = ['default', 'safe', 'rsync']
 
 	def configure(self):
 		self.match_service_name('^rsync')
diff --git a/plugins/sip.py b/plugins/sip.py
index a7ce898..bbbe24c 100644
--- a/plugins/sip.py
+++ b/plugins/sip.py
@@ -5,7 +5,7 @@ class NmapSIP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap SIP"
-		self.tags = ['default', 'sip']
+		self.tags = ['default', 'safe', 'sip']
 
 	def configure(self):
 		self.match_service_name('^asterisk')
@@ -18,7 +18,7 @@ class SIPVicious(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "SIPVicious"
-		self.tags = ['default', 'sip']
+		self.tags = ['default', 'safe', 'sip']
 
 	def configure(self):
 		self.match_service_name('^asterisk')
diff --git a/plugins/smb.py b/plugins/smb.py
index 88da54e..70ea2ff 100644
--- a/plugins/smb.py
+++ b/plugins/smb.py
@@ -5,27 +5,43 @@ class NmapSMB(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap SMB"
-		self.tags = ['default', 'smb', 'active-directory']
+		self.tags = ['default', 'safe', 'smb', 'active-directory']
 
 	def configure(self):
 		self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
 
-	def manual(self, service, plugin_was_run):
-		service.add_manual_commands('Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:', [
-			'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
-			'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
-			'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
-		])
-
 	async def run(self, service):
 		await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}')
 
+class SMBVuln(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = "SMB Vulnerabilities"
+		self.tags = ['unsafe', 'smb', 'active-directory']
+
+	def configure(self):
+		self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
+
+	async def run(self, service):
+		await service.execute('nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}')
+		await service.execute('nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}')
+		await service.execute('nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}')
+
+	def manual(self, service, plugin_was_run):
+		if not plugin_was_run: # Only suggest these if they weren't run.
+			service.add_manual_commands('Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:', [
+				'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
+				'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
+				'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
+			])
+
 class Enum4Linux(ServiceScan):
 
 	def __init__(self):
 		super().__init__()
 		self.name = "Enum4Linux"
-		self.tags = ['default', 'enum4linux', 'active-directory']
+		self.tags = ['default', 'safe', 'enum4linux', 'active-directory']
 
 	def configure(self):
 		self.match_service_name(['^ldap', '^smb', '^microsoft\-ds', '^netbios'])
@@ -41,7 +57,7 @@ class NBTScan(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "nbtscan"
-		self.tags = ['default', 'netbios', 'active-directory']
+		self.tags = ['default', 'safe', 'netbios', 'active-directory']
 
 	def configure(self):
 		self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
@@ -56,7 +72,7 @@ class SMBClient(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "SMBClient"
-		self.tags = ['default', 'smb', 'active-directory']
+		self.tags = ['default', 'safe', 'smb', 'active-directory']
 
 	def configure(self):
 		self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
@@ -71,7 +87,7 @@ class SMBMap(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "SMBMap"
-		self.tags = ['default', 'smb', 'active-directory']
+		self.tags = ['default', 'safe', 'smb', 'active-directory']
 
 	def configure(self):
 		self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
diff --git a/plugins/smtp.py b/plugins/smtp.py
new file mode 100644
index 0000000..50ec9c5
--- /dev/null
+++ b/plugins/smtp.py
@@ -0,0 +1,33 @@
+from autorecon import ServiceScan
+
+class NmapSMTP(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = "Nmap SMTP"
+		self.tags = ['default', 'safe', 'smtp', 'email']
+
+	def configure(self):
+		self.match_service_name('^smtp')
+
+	async def run(self, service):
+		await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}')
+
+class SMTPUserEnum(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = 'SMTP-User-Enum'
+		self.tags = ['default', 'safe', 'smtp', 'email']
+
+	def configure(self):
+		self.match_service_name('^smtp')
+
+	async def run(self, service):
+		await service.execute('hydra smtp-enum://{address}:{port}/vrfy -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_vrfy.txt')
+		await service.execute('hydra smtp-enum://{address}:{port}/expn -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_expn.txt')
+
+	def manual(self, service, plugin_was_run):
+		service.add_manual_command('Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target\'s domain name:', [
+			'hydra smtp-enum://{address}:{port}/rcpt -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -o "{scandir}/{protocol}_{port}_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>'
+		])
diff --git a/plugins/snmp.py b/plugins/snmp.py
index 05b63ce..2a4ea25 100644
--- a/plugins/snmp.py
+++ b/plugins/snmp.py
@@ -5,7 +5,7 @@ class NmapSNMP(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "Nmap SNMP"
-		self.tags = ['default', 'snmp']
+		self.tags = ['default', 'safe', 'snmp']
 
 	def configure(self):
 		self.match_service_name('^snmp')
@@ -18,7 +18,7 @@ class OneSixtyOne(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "OneSixtyOne"
-		self.tags = ['default', 'snmp']
+		self.tags = ['default', 'safe', 'snmp']
 
 	def configure(self):
 		self.match_service_name('^snmp')
@@ -34,7 +34,7 @@ class SNMPWalk(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "SNMPWalk"
-		self.tags = ['default', 'snmp']
+		self.tags = ['default', 'safe', 'snmp']
 
 	def configure(self):
 		self.match_service_name('^snmp')
diff --git a/plugins/sslscan.py b/plugins/sslscan.py
index 4730238..d9b3f7b 100644
--- a/plugins/sslscan.py
+++ b/plugins/sslscan.py
@@ -5,7 +5,7 @@ class SSLScan(ServiceScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "SSL Scan"
-		self.tags = ['default', 'ssl', 'tls']
+		self.tags = ['default', 'safe', 'ssl', 'tls']
 
 	def configure(self):
 		self.match_all_service_names(True)