Email Spoofing with Python Tools
Today, I'll talk about a couple of tools written in Python that can be used in our processes of Ethical Hacking. They show if a domain is spoofeable and could be used to send a fake email that deceives the victim. A tool that's really been more useful, perhaps because of its simplicity, is the SpoofCheck. This tool allows you to check a series of conditions to show whether a domain is spoofeable or not. The tool will tell you if the domain you want to replace is probably spoofeable or not. Additionally, the SimpleEmailSpoofer tool is a script written in Python that handles connections to a local SMTP server Postfix. It carries out sending e-mail with the parameters and attributes that you indicate to the application.
Installation or download of these applications is very simple. They can be obtained directly from their Github repositories. Once you've downloaded both tools with the git clone command, you must install the dependencies ith the execution of the command pip install –r requirements.txt
When is a domain spoofeable? The SpoofCheck tool handles checking a number of conditions. Here, we can see the conditions are evaluated and determine if a domain is spoofeable or not:
- Absence of SPF record or DMARC.
- The domain DNS SPF record does not specify ~ all or -all.
- The DMARC policy is set to p = none or does not exist.
The SimpleEmailSpoofer tool is very simple to set up and run. The first thing is to have a file in which we include the HTML code body. Shown below, there's a small example of an email from Apple. In the body, you can see the loading an image, which is the apple of Apple. The file generated should use a number of parameters to send email. Before you can use SimpleEmailSpoofer, you need to be sure that Postfix is installed on the system. If not installed, you must run the command apt-get install postfix, and later service postfix start.
Different parameters are used to indicate the file with the body of the message, the email address to send the email, the sender address you want to spoof and name of the user who sent the email. Finally, the parameter -j allows us to indicate the subject with which the mail is sent. If we review the email that's been set up, we see how it could easily pass for a real mail. The above tools are useful to have in our backpack for our audits and ethical hacking. The SpoofCheck tool is especially important, as it allows us to infer if a domain is spoofeable and see whether we'll succeed or not with the manipulation and creation of a false email on our audit.
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!