mailspoof
Email spoofing is alive and well. Many organisations' SPF and DMARC records do not provide the necessary guidance for recipients to validate the authenticity of emails bearing their domain names. mailspoof can be used by organisations, pentesters and red-teamers to quickly sift through a large list of domains for lax SPF and DMARC policies. In some cases mailspoof could highlight spoofable external domains that employees are likely to trust, such as suppliers gathered from OSINT or other known organisations. Email spoofing may be successful against recipients that manage their filtering themselves. Large email providers like GMail have the big data and the heuristics to efficiently handle spam. For example, GMail will likely forward a spoofed email from a common domain directly to the spam folder, even if the email doesn't fail validation due to lax policies. Installation: $ pip3 install mailspoof Examples: CLI mailspoof outputs JSON, making it easy to query with a tool like jq. $ printf "google.com\napple.com\nmicrosoft.com" > /tmp/list $ mailspoof -d github.com -d reddit.com -iL /tmp/list
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A tool for quantitative risk analysis of Android applications using machine learning techniques.
Phish Report is inaccessible without JavaScript and cookies enabled.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
Extract local data storage of an Android application in one click.
A Graphical Realism Framework for Industrial Control Simulation organized as 5 VirtualBox VMs for realistic ICS network simulation.
Hashcat is a fast and advanced password recovery utility that supports various attack modes and hashing algorithms, and is open-source and community-driven.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.