Skip to content

a6avind/spoofcheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dns_dump.py
dns_dump.py
 
 
requirements.txt
requirements.txt
 
 
spoofcheck.py
spoofcheck.py
 
 

Repository files navigation

SpoofCheck

A Python tool to check if a domain can be spoofed by analyzing its SPF and DMARC records. This Project is a shameless rip off spoofcheck which was written in python2.

This is my effort to make it compatible with python3.

  • Analyzes SPF (Sender Policy Framework) records
  • Checks DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies
  • Identifies weak configurations that could allow email spoofing
  • Examines organizational DMARC records

Usage

python3 spoofcheck.py example.com

What Makes a Domain Spoofable?

A domain is considered spoofable if any of these conditions are met:

  1. No SPF record exists
  2. SPF record exists but never specifies ~all or -all
  3. No DMARC record exists
  4. DMARC policy is set to p=none
  5. Organizational DMARC record is weak or nonexistent

Setup

Run pip3 install -r requirements.txt from the command line to install the required dependencies.

About

Spoofcheck

Topics

email python3 spf spoofing dmarc

Resources

Readme

License

Apache-2.0 license
Activity

Stars

39 stars

Watchers

1 watching

Forks

10 forks
Report repository

Languages