Sp00fer is a tool which automates the procedure of sending emails in the following cases:

  1. When testing a client organization’s mail server
  2. When testing if the client’s domain is spoofable (by using pentester’s mail server)
  3. In social engineering attacks (it was not built for this, but it has the functionality to be used for such a case)

The tool is very simple. You just generate your JSON file with the email templates you want to use. You can also generate it by using the reserved words (CLIENTEMAIL, CLIENTDOMAIN, CLIENTNAME, TESTERDOMAIN, SERVERIP) which makes your JSON more scalable and usable for future engagements. Sp00fer will look for those words and will replace them with the relevant arguments given (email, domain, email (will take the local part), tester and server arguments respectively).

The JSON should be in the following format:

[{
    "scenario_no": "1",
    "comment": "Test number 1 description",
    "mailfrom": "CLIENTEMAIL",
    "headerfrom": "CLIENTEMAIL",
    "to": "CLIENTEMAIL",
    "subject": "Test number 1",
    "body": "This is a test e-mail message.\n\nPlease forward it to Pentester@[yourdomain] \n\nThank you,\nTest",
    "server": "SERVERIP"
},
{
    "scenario_no": "2",
    "comment": "Test number 2 description",
    "mailfrom": "TESTERDOMAIN",
    "headerfrom": "TESTERDOMAIN",
    "to": "TESTERDOMAIN",
    "subject": "Test number 2",
    "body": "This is a test e-mail message.\n\nPlease forward it to Pentester@[yourdomain] \n\nThank you,\nTest",
    "server": "SERVERIP"
}]

If there are no reserved words in the JSON, Sp00fer will just use what you provided in the parameters.

Example of running the tool for case number 1:

python3 spoofer.py --email info@clientdomain --json JSON_Config/client_mail_server.json -d clientdomain --server [CLIENT’S MAIL SERVER IP] --port 25 --tester pentester@pentesterdomain --delay 3 --pcap output.txt --ehlo [somedomain]

A “Results” directory will be automatically generated which will contain a “domain.txt” file with the results and one “output.txt” with the full communication derived from the .cap file and presented in a more readable way.

You can find the tool on our Github page: https://github.com/qsecure-labs/Sp00fer