Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mathis2001/sp00fy

Simple python script to check for email spoofing on a given domain.
https://github.com/mathis2001/sp00fy

bugbounty dmarc email phishing spoofing

Last synced: 4 days ago
JSON representation

Simple python script to check for email spoofing on a given domain.

Host: GitHub
URL: https://github.com/mathis2001/sp00fy
Owner: mathis2001
Created: 2022-06-14T12:34:36.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-11-24T11:11:45.000Z (almost 2 years ago)
Last Synced: 2023-03-05T04:03:34.031Z (over 1 year ago)
Topics: bugbounty, dmarc, email, phishing, spoofing
Language: Python
Homepage:
Size: 48.8 KB
Stars: 5
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Sp00fy
Simple python script to check for email spoofing on a given domain.

## Install:
```bash
$ git clone https://github.com/mathis2001/Sp00fy

$ cd Sp00fy

$ python3 sp00fy.py
```
## Requirements:

- Python3

- Pip3

- dns.resolver

- requests

- requests_html

if you want to use the email find funtion you will have to copy your [hunter.io](https://hunter.io/api-keys) api key access and paste it in your environment variables as 'HUNTER_KEY'.

![image](https://user-images.githubusercontent.com/40497633/173600536-26996bd7-4a7d-490f-bb16-bbf5a659d962.png)

## Usage:
```bash
usage: ./sp00fy.py [-h] [-d DOMAIN] [-f] [-l LIMIT] [-s]
```
## options:
```bash
optional arguments:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN Target domain
-f, --find-emails Find emails for the given domain
-s, --send Send email anonymously
-l LIMIT, --limit LIMIT Number of results wanted

```

## Use case

You want to verify if your domain is vulnerable to email spoofing ?

You can use this tool to simply check your DMARC record. If it is potentially vulnerable, you can check for emails by using the '-f' option and use one of them to simulate the spoofing of it (exp: [email protected]). The anonymous mailer option is now available, it use https://emkei.cz to send your anonymous spoofed email.

If you receive the mail in your mailbox or spam, it confirm that your domain is vulnerable.

### Disclaimer: This tool have been designed to help testing email spoofing for your own domain or your company domain with authorizations. Please, do not use it for illegal purposes.

## Screens:

![tempsnip](https://user-images.githubusercontent.com/40497633/173594850-7715522f-4c6c-4cae-a18a-0c8d9ec5feae.png)

![tempsnip](https://user-images.githubusercontent.com/40497633/173595580-9fea5ca5-d811-46ae-ae0f-2053d19a748a.png)

![code](https://user-images.githubusercontent.com/40497633/174271419-496bf363-5fcb-437d-9d20-899d0d89383a.png)

![mail1](https://user-images.githubusercontent.com/40497633/174272921-0321ab52-ed7d-49dd-b124-c06b837ad99b.png)

![mail2](https://user-images.githubusercontent.com/40497633/174272998-4f57a252-571a-46a2-80d5-6a1910f9f04e.png)