Sp00fer: tool for mail server testing

Sp00fer

Sp00fer is a tool for mail server testing (e.g. for open mail relays etc.) and for spoofing checks on specified domains.

Install

Linux

git clone https://github.com/qsecure-labs/Sp00fer.git

chmod +x install.sh

./install.sh

Windows (For windows the pcap argument which saves the traffic is not implemented):

git clone https://github.com/qsecure-labs/Sp00fer.git

pip3 install -r requirements.txt

JSON file structure

A JSON file is used as a template for each scenario you want to send. The reserved words which change depending on what you choose in the arguments are:

• CLIENTEMAIL which is replaced by the value of the –email argument
• CLIENTDOMAIN which is replaced by the value of the –domain argument
• CLIENTNAME which is derived by the value of the –email argument’s local part (e.g. info@client.com will become “info”)
• TESTERDOMAIN which is replaced by the value of the –tester argument

Example of the JSON is:

[{

    "scenario_no": "1",

    "comment": "Test number 1 description",

    "mailfrom": "CLIENTEMAIL",

    "headerfrom": "CLIENTEMAIL",

    "to": "CLIENTEMAIL",

    "subject": "Test number 1",

    "body": "This is a test e-mail message.\n\nPlease forward it to Pentester@[yourdomain] \n\nThank you,\nTest"

},

{

    "scenario_no": "2",

    "comment": "Test number 2 description",

    "mailfrom": "TESTERDOMAIN",

    "headerfrom": "TESTERDOMAIN",

    "to": "TESTERDOMAIN",

    "subject": "Test number 2",

    "body": "This is a test e-mail message.\n\nPlease forward it to Pentester@[yourdomain] \n\nThank you,\nTest"

}]

Use

python3 spoofer.py -h

Disclaimer

Sp00fer comes without warranty and is meant to be used by penetration testers during approved penetration testing assessments and/or social engineering assessments. Sp00fer’s developers and QSecure decline all responsibility in case the tool is used for malicious purposes or in any illegal context.

Copyright (c) 2019 QSecure Labs

Source: https://github.com/qsecure-labs/