mailspoof
Email spoofing is alive and well. Many organisations' SPF and DMARC records do not provide the necessary guidance for recipients to validate the authenticity of emails bearing their domain names. mailspoof can be used by organisations, pentesters and red-teamers to quickly sift through a large list of domains for lax SPF and DMARC policies. In some cases mailspoof could highlight spoofable external domains that employees are likely to trust, such as suppliers gathered from OSINT or other known organisations. Email spoofing may be successful against recipients that manage their filtering themselves. Large email providers like GMail have the big data and the heuristics to efficiently handle spam. For example, GMail will likely forward a spoofed email from a common domain directly to the spam folder, even if the email doesn't fail validation due to lax policies. Installation: $ pip3 install mailspoof Examples: CLI mailspoof outputs JSON, making it easy to query with a tool like jq. $ printf "google.com\napple.com\nmicrosoft.com" > /tmp/list $ mailspoof -d github.com -d reddit.com -iL /tmp/list
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Steghide is a steganography program for hiding data in image and audio files.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
A repository providing guidance on mitigating hardware and firmware security vulnerabilities including side-channel attacks, UEFI hardening, and microcode vulnerabilities.
PHP Script demonstrating a smart honey pot for email form protection.
Android application for learning about vulnerabilities in modern Android apps and testing pentesting skills.
CHIPSEC is a framework for analyzing the security of PC platforms and components, with tools for low-level interfaces and forensic capabilities.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
Introspy-Android is a blackbox tool for understanding Android app behavior and identifying security issues at runtime.
A set of tools for securing JavaScript projects against software supply chain attacks.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.