A modular and interactive toolkit to detect email spoofing vulnerabilities using SPF, DKIM, and DMARC analysis.
This project provides a centralized Bash script that helps you check one or multiple domains for email spoofing misconfigurations. Whether you're testing your own domain or auditing others, this script gives you actionable insights into their spoofability.
Before using this toolkit, make sure your system meets the following:
- π» OS: Linux (Kali, Ubuntu, Termux, WSL)
- π Internet Connection: Required for DNS lookups
- π§° Tools: dig, grep, sed, awk, tee (usually pre-installed)
Make sure git and required tools are installed:
sudo apt update && sudo apt install git dnsutils coreutils -yAfter installing prerequisites, follow these steps:
# 1. Clone the repository
git clone https://github.com/tomsec8/MXSpoof.git
# 2. Enter the project directory
cd MXSpoof
# 3. Give execute permission to the script
chmod +x mxspoof.sh
# 4. Run the script
./mxspoof.shDuring execution, you can choose one or more of the following:
| Mode | Description |
|---|---|
| π Single Domain | Analyze spoofability of a single domain |
| π Domain List | Input a file with multiple domains for batch testing |
| πΎ Save Results | Optionally save the results to a TXT file after each session |
Project by TomSec8
Feel free to open issues or pull requests with suggestions or fixes.
This project includes or is inspired by public DNS lookup tools, security standards, and community best practices.
This project is licensed under the MIT License β see the LICENSE file for details.