Python 3.x based email spoofer
For educational purposes only. Do not send to or from addresses that you do not own.
Email spoofing is often used for spam campaigns and phishing attacks. If you use this tool inappropriately, you could violate of the CAN-SPAM Act of 2003 and/or the Computer Fraud and Abuse Act. You'd also be committing wire fraud. Use your head.
$ git clone https://github.com/mikechabot/smtp-email-spoofer-py.git
- Activate
virtualenv
$ pip install -r requirements.txt
$ python spoof.py
Instructions on creating and activating
virtualenv
can be found here: https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/
smtp-email-spoofer-py
offers two global commands: wizard
and cli
:
$ py spoof.py -h
usage: spoof.py [-h] {wizard,cli} ...
Python 3.x based email spoofer
optional arguments:
-h, --help show this help message and exit
commands:
{wizard,cli} Allowed commands
wizard Use the step-by-step wizard
cli Pass arguments directly
Issue the wizard
command to use the step-by-step wizard:
$ py spoof.py wizard
- Enter the SMTP server information to establish a connection over TLS:
- Optionally provide credentials to login to the SMTP server:
- Compose the forged message:
Load the HTML message body from a file, or compose it within the shell
- Send the message:
Issue the cli -h
command to view the help:
$ py spoof.py cli -h
usage: spoof.py cli [-h] (--noauth | --username USERNAME)
[--password PASSWORD] --host HOST --port PORT --sender
SENDER --name NAME --recipients RECIPIENTS
[RECIPIENTS ...] --subject SUBJECT --filename FILENAME
optional arguments:
-h, --help show this help message and exit
--noauth Disable authentication check
--username USERNAME SMTP username
--password PASSWORD SMTP password (required with --username)
required arguments:
--host HOST SMTP hostname
--port PORT SMTP port number
--sender SENDER Sender address (e.g. spoofed@domain.com)
--name NAME Sender name (e.g. John Smith)
--recipients RECIPIENTS [RECIPIENTS ...]
Recipient addresses (e.g. victim@domain.com ...)
--subject SUBJECT Subject line
--filename FILENAME Message body filename (e.g. example.html)
- Issue the
cli
command along with the appropriate arguments:
If
--noauth
is not specified,--username
and--password
are required.