Simple python script to check for email spoofing on a given domain.
$ git clone https://github.com/mathis2001/Sp00fy
$ cd Sp00fy
$ python3 sp00fy.py-
Python3
-
Pip3
-
dns.resolver
-
requests
-
requests_html
if you want to use the email find funtion you will have to copy your hunter.io api key access and paste it in your environment variables as 'HUNTER_KEY'.
usage: ./sp00fy.py [-h] [-d DOMAIN] [-f] [-l LIMIT] [-s]optional arguments:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN Target domain
-f, --find-emails Find emails for the given domain
-s, --send Send email anonymously
-l LIMIT, --limit LIMIT Number of results wanted
You want to verify if your domain is vulnerable to email spoofing ?
You can use this tool to simply check your DMARC record. If it is potentially vulnerable, you can check for emails by using the '-f' option and use one of them to simulate the spoofing of it (exp: [email protected]). The anonymous mailer option is now available, it use https://emkei.cz to send your anonymous spoofed email.
If you receive the mail in your mailbox or spam, it confirm that your domain is vulnerable.