michael/Spoofy
1
0
Fork 0
mirror of https://github.com/MattKeeley/Spoofy.git synced 2026-02-03 13:33:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: readme

Browse Source
This commit is contained in:
Matt Keeley
2022-09-23 21:30:07 -07:00
committed by GitHub
parent b87aa53d43
commit aa3c669d7e
1 changed files with 29 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@@ -1,27 +1,41 @@
# SpoofChecker
# Spoofy
A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing.
[![forthebadge](https://forthebadge.com/images/badges/made-with-python.svg)](https://www.python.org/)
[![forthebadge](https://forthebadge.com/images/badges/contains-tasty-spaghetti-code.svg)](https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.thewholesomedish.com%2Fspaghetti%2F&psig=AOvVaw3OneeN_AB3XxZzgCPPTtfv&ust=1614550372646000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCJjQwf2Ki-8CFQAAAAAdAAAAABAD)
[![forthebadge](https://forthebadge.com/images/badges/it-works-why.svg)](https://www.youtube.com/watch?v=kyti25ol438)
Additionally it will alert if the domain has DMARC configuration that sends mail or HTTP requests on failed SPF/DKIM emails.
`Spoofy` is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
## Usage and Examples
`Spoofy` requires **Python 3+**. Python 2 is not supported. Usage is shown below:
```console
Usage:
./spoofy.py -d [DOMAIN]
OR
./spoofy.py -iL [DOMAIN_LIST]
```
./spoofcheck.py -d [DOMAIN]
OR
./spoofcheck.py -iL [DOMAIN_LIST]
## Domain are spoofable if the following conditions are met:
<CHART>
Domains are spoofable if any of the following conditions are met:
- Lack of an SPF or DMARC record
- SPF record never specifies `~all` or `-all`
- DMARC policy is set to `p=none` or is nonexistent
## Disclaimer
> This tool is only for testing and academic purposes and can only be used where
> strict consent has been given. Do not use it for illegal purposes! It is the
> end users responsibility to obey all applicable local, state and federal laws.
> Developers assume no liability and are not responsible for any misuse or damage
> caused by this tool and software.
## Credit
## Dependencies
- `dnspython`
- `colorama`
Tool was heavily inspired by [Bishop Fox's](https://github.com/BishopFox/) project called [spoofcheck](https://github.com/BishopFox/spoofcheck/).
Also big thank you to Calamity for the dmarc and spf insights!
## Setup
## License
Run `pip3 install -r requirements.txt` from the command line to install the required dependencies.
This project is licensed under the GPLv3 License - see the [LICENSE](LICENSE)
file for details