{"id":26978398,"url":"https://github.com/harri777/check-email-spoof","last_synced_at":"2025-04-03T13:28:18.727Z","repository":{"id":79220448,"uuid":"404948789","full_name":"harri777/check-email-spoof","owner":"harri777","description":"Checks for email spoof vulnerability of host with Golang.","archived":false,"fork":false,"pushed_at":"2021-09-15T00:59:00.000Z","size":16,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-06-20T15:53:25.527Z","etag":null,"topics":["email-spoof","go","golang","security","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/harri777.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-10T03:49:53.000Z","updated_at":"2024-06-20T15:53:25.528Z","dependencies_parsed_at":null,"dependency_job_id":"d6aba013-1d3c-42d2-b7fb-f21fbdd03226","html_url":"https://github.com/harri777/check-email-spoof","commit_stats":null,"previous_names":["h4rry777/check-email-spoof","harri777/check-email-spoof","hawkz94/check-email-spoof"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harri777%2Fcheck-email-spoof","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harri777%2Fcheck-email-spoof/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harri777%2Fcheck-email-spoof/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harri777%2Fcheck-email-spoof/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/harri777","download_url":"https://codeload.github.com/harri777/check-email-spoof/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247008958,"owners_count":20868447,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["email-spoof","go","golang","security","vulnerability"],"created_at":"2025-04-03T13:28:18.164Z","updated_at":"2025-04-03T13:28:18.718Z","avatar_url":"https://github.com/harri777.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n ```\n   ____ _               _      _____                 _ _   ____                     __ \n  / ___| |__   ___  ___| | __ | ____|_ __ ___   __ _(_) | / ___| _ __   ___   ___  / _|\n | |   | '_ \\ / _ \\/ __| |/ / |  _| | '_ ` _ \\ / _` | | | \\___ \\| '_ \\ / _ \\ / _ \\| |_ \n | |___| | | |  __/ (__|   \u003c  | |___| | | | | | (_| | | |  ___) | |_) | (_) | (_) |  _|\n  \\____|_| |_|\\___|\\___|_|\\_\\ |_____|_| |_| |_|\\__,_|_|_| |____/| .__/ \\___/ \\___/|_|  \n                                                                |_|                    \n ```\n\nThe objective of this project is to automate email spoof vulnerability checking.\nThe app checks the DNS txt records of the host entered to make the decision.\n[OWASP top ten - Misconfiguration](https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration)\n\n## Disclaimer\n\n```\nI am not responsible for the misuse of the project.\nI want to make the internet safer, so I posted it here to help \nother developers find this vulnerability and fix it.\n\nUSE WITH RESPONSABILITY!\n```\n\n## Dependencies\n\n- [Go lang](https://golang.org/dl/)\n\n## Install external dependencies:\n```\n$ go get\n```\n\n\n## 1.1 - Run project\n\n```\n  $ go run src/main.go\n```\n\n\n## 1.2 - Choose option\n\n```\n############ ENTER OPTION ############\n[1] - Check vulnerability an host\n[2] - Make send test email\n[0] - Exit\n########################################\n```\n\n## 2 - Option [1]:\n\n```\nEnter to host:\nexample: example.com\n```\n\nresult:\n```diff\n+ The host be safe.\nor\n! The host IS VULNERABLE!\n```\n\n## 2.1 - Option [2]:\n\n#### Fake email\n```\nEnter the fake email you would like to test.\n\nEnter to fake email to test:\nexample: admin@example.com\n```\n#### From email\n```\nEnter the email that will be used to send.\nHere you need a valid email.\n\nWarning: Use your private and not public email: @gmail, @yahoo, @hotmail, @live and others.\nThese big public servers won't let you run the spoof process.\n\nEnter to from email:\nexample: senderemail@mydomain.com\n```\n#### Password\n```\nEnter the password from the email you entered in the previous step.\n\nEnter to from password:\nexample: myP@ssw0rd\n```\n#### SMTP Server\n```\nEnter your SMTP or mail sending server with the server.\n\nEnter to from smtp server:\nexample: smtp.mydomain.com\n```\n#### Port\n```\nEnter to from port:\nexample: 465\n```\n#### Receive email\n```\nEnter the email you want to receive the message.\n\nEnter to email:\nexample: my-email-receiver@gmail.com\n```\n\nresult:\n```diff\n+ Email Sent Successfully!.\nor\n! Error\n```\n\n## I found a vulnerable host, now what?\n- Report!\n- To fix the fault, just change the spf registry: `~all` or `?all` to `-all`\n\n## Roadmap\n- Use docker\n\n## Author\n- Harrisson Ricardo Biaggio\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharri777%2Fcheck-email-spoof","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharri777%2Fcheck-email-spoof","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharri777%2Fcheck-email-spoof/lists"}