https://github.com/tomsec8/mxspoof

MXSpoof is a Bash tool that checks if a domain is vulnerable to email spoofing by analyzing its SPF, DKIM, and DMARC records.
https://github.com/tomsec8/mxspoof

bash-script dns domain domains kali kali-linux kali-scripts mail pentesting phishing scanner spoofing url vulnerability vulnerability-scanners

Last synced: 4 months ago
JSON representation

MXSpoof is a Bash tool that checks if a domain is vulnerable to email spoofing by analyzing its SPF, DKIM, and DMARC records.

• Host: GitHub
• URL: https://github.com/tomsec8/mxspoof
• Owner: tomsec8
• License: mit
• Created: 2025-05-12T12:35:10.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-05-12T12:48:43.000Z (about 1 year ago)
• Last Synced: 2025-06-20T23:35:09.504Z (about 1 year ago)
• Topics: bash-script, dns, domain, domains, kali, kali-linux, kali-scripts, mail, pentesting, phishing, scanner, spoofing, url, vulnerability, vulnerability-scanners
• Language: Shell
• Homepage:
• Size: 5.86 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# 🛡️ MXSpoof

A modular and interactive toolkit to detect email spoofing vulnerabilities using SPF, DKIM, and DMARC analysis.

---

## 📋 Project Overview

This project provides a centralized Bash script that helps you check one or multiple domains for email spoofing misconfigurations. Whether you're testing your own domain or auditing others, this script gives you actionable insights into their spoofability.

---

## ✅ System Requirements

Before using this toolkit, make sure your system meets the following:

- 💻 **OS:** Linux (Kali, Ubuntu, Termux, WSL)

- 🌐 **Internet Connection:** Required for DNS lookups

- 🧰 **Tools:** dig, grep, sed, awk, tee (usually pre-installed)

---

## 📦 Pre-Installation (One-Time Setup)

Make sure `git` and required tools are installed:

```bash

sudo apt update && sudo apt install git dnsutils coreutils -y

```

---

## 🚀 Installation

After installing prerequisites, follow these steps:

```bash

# 1. Clone the repository

git clone https://github.com/tomsec8/MXSpoof.git

# 2. Enter the project directory

cd MXSpoof

# 3. Give execute permission to the script

chmod +x mxspoof.sh

# 4. Run the script

./mxspoof.sh

```

---

## 🧠 Available Modes

During execution, you can choose one or more of the following:

| Mode              | Description                                                      |

|-------------------|------------------------------------------------------------------|

| 🌐 Single Domain   | Analyze spoofability of a single domain                         |

| 📂 Domain List     | Input a file with multiple domains for batch testing            |

| 💾 Save Results    | Optionally save the results to a TXT file after each session     |

---

## 👨‍💻 Maintainer

Project by [TomSec8](https://github.com/TomSec8)  

Feel free to open issues or pull requests with suggestions or fixes.

---

## 🙏 Credits

This project includes or is inspired by public DNS lookup tools, security standards, and community best practices.

---

## 📜 License

This project is licensed under the MIT License – see the [LICENSE](LICENSE) file for details.

---