review comments

documentation/modules/auxiliary/server/capture/smtp.md

@@ -1,6 +1,6 @@
 ## Vulnerable Application
 
-This module creates a mock SMTP server which accepts credentials or unautheneticated email
+This module creates a mock SMTP server which accepts credentials or unauthenticated email
 before throwing a `503` error.
 
 ## Verification Steps

lib/metasploit/framework/hashes/identify.rb

@@ -87,7 +87,7 @@ def identify_hash(hash)
     when hash  =~/^[A-F0-9]{32}:[a-f0-9]{16}$/
       return 'android-md5'
     # other
-    when hash =~ /^<\d+@.+>#[\w]{32}$/
+    when hash =~ /^<\d+@.+?>#[\w]{32}$/
       return 'hmac-md5'
   end
   ''

modules/auxiliary/server/capture/smtp.rb

@@ -53,7 +53,15 @@ class MetasploitModule < Msf::Auxiliary
 
   def auth_plain_parser(data)
     # this data is \00 delimited, and has 3 fields: un\00un\00\pass.  Not sure why a double username, but we drop the first one
-    Rex::Text.decode_base64(data).split("\00").drop(1)
+    data = Rex::Text.decode_base64(data).split("\00")
+    data = data.drop(1)
+
+    # if only a username is submitted, it will appear as \00un\00
+    # we already cut off the empty username, so nowe we want to add on the empty password
+    if data.length == 1
+      data << ""
+    end
+    data
   end
 
   def on_client_connect(client)