mikechabot / smtp-email-spoofer-py

Python 3.x based email spoofer
GNU General Public License v3.0
231 stars 51 forks source link
email-sender email-spoofer python smtp

smtp-email-spoofer-py

Python 3.x based email spoofer

For educational purposes only. Do not send to or from addresses that you do not own.

Email spoofing is often used for spam campaigns and phishing attacks. If you use this tool inappropriately, you could violate of the CAN-SPAM Act of 2003 and/or the Computer Fraud and Abuse Act. You'd also be committing wire fraud. Use your head.


Table of Contents

Getting Started

  1. $ git clone https://github.com/mikechabot/smtp-email-spoofer-py.git
  2. Activate virtualenv
  3. $ pip install -r requirements.txt
  4. $ python spoof.py

Instructions on creating and activating virtualenv can be found here: https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/

Commands

smtp-email-spoofer-py offers two global commands: wizard and cli:

$ py spoof.py -h
usage: spoof.py [-h] {wizard,cli} ...

Python 3.x based email spoofer

optional arguments:
  -h, --help    show this help message and exit

commands:
  {wizard,cli}  Allowed commands
    wizard      Use the step-by-step wizard
    cli         Pass arguments directly

Wizard

Issue the wizard command to use the step-by-step wizard:

$ py spoof.py wizard
  1. Enter the SMTP server information to establish a connection over TLS:
logo
  1. Optionally provide credentials to login to the SMTP server:
logo
  1. Compose the forged message:

Load the HTML message body from a file, or compose it within the shell

logo
  1. Send the message:
logo

CLI

Issue the cli -h command to view the help:

$ py spoof.py cli -h
usage: spoof.py cli [-h] (--noauth | --username USERNAME)
                    [--password PASSWORD] --host HOST --port PORT --sender
                    SENDER --name NAME --recipients RECIPIENTS
                    [RECIPIENTS ...] --subject SUBJECT --filename FILENAME

optional arguments:
  -h, --help            show this help message and exit
  --noauth              Disable authentication check
  --username USERNAME   SMTP username
  --password PASSWORD   SMTP password (required with --username)

required arguments:
  --host HOST           SMTP hostname
  --port PORT           SMTP port number
  --sender SENDER       Sender address (e.g. spoofed@domain.com)
  --name NAME           Sender name (e.g. John Smith)
  --recipients RECIPIENTS [RECIPIENTS ...]
                        Recipient addresses (e.g. victim@domain.com ...)
  --subject SUBJECT     Subject line
  --filename FILENAME   Message body filename (e.g. example.html)
  1. Issue the cli command along with the appropriate arguments:

If --noauth is not specified, --username and --password are required.

logo

Result

logo