Publications

Further to our vulnerability research, our consultants are working around the clock to study and research new hacking techniques that may be used by unauthorized individual/malicious attackers to compromise the security of a network, system and/or software application. The results of our work are compiled in an authoritative report/whitepaper and subsequently published on the Internet with the intent to help organizations better secure their systems.
Moreover, our consultants are regularly invited to present their research work, speak on current security topics and demonstrate offensive and defensive techniques at leading industry events and conferences around Cyprus, such as Bsides Cyprus, Blachat USA and  the Cyprus Computer Society's Annual Open Hack Day Event and Computrain's Cybercrime Security Forum.

Sp00fer

Sp00fer

Posted by Evangelos Nikolaou
29 October 2019

Sp00fer is a tool that automates the procedure of sending emails in the following cases:

  1. When testing a client organization’s mail server
  2. When testing if the client’s domain is spoofable (by using the pentester’s mail server)
  3. In social engineering attacks (it was not built for this, but it has the functionality to be used for such a case)

The tool is very simple. You just generate your JSON file with the email templates you want to use. You can also generate it by using the reserved words (CLIENTEMAIL, CLIENTDOMAIN, CLIENTNAME, TESTERDOMAIN, SERVERIP) which makes your JSON more scalable and usable for future engagements. Sp00fer will look for those words and will replace them with the relevant arguments given (email, domain, email (will take the local part), tester and server arguments respectively).

The JSON should be in the following format:

[{
"scenario_no": "1",
"comment": "Test number 1 description",
"mailfrom": "CLIENTEMAIL",
"headerfrom": "CLIENTEMAIL",
"to": "CLIENTEMAIL",
"subject": "Test number 1",
"body": "This is a test e-mail message.\n\nPlease forward it to Pentester@[yourdomain] \n\nThank you,\nTest",
"server": "SERVERIP"
},
{
"scenario_no": "2",
"comment": "Test number 2 description",
"mailfrom": "TESTERDOMAIN",
"headerfrom": "TESTERDOMAIN",
"to": "TESTERDOMAIN",
"subject": "Test number 2",
"body": "This is a test e-mail message.\n\nPlease forward it to Pentester@[yourdomain] \n\nThank you,\nTest",
"server": "SERVERIP"
}]

If there are no reserved words in the JSON, Sp00fer will just use what you provided in the parameters.

Example of running the tool for case number 1:

python3 spoofer.py --email info@clientdomain --json JSON_Config/client_mail_server.json -d clientdomain --server [CLIENT’S MAIL SERVER IP] --port 25 --tester pentester@pentesterdomain --delay 3 --pcap output.txt --ehlo [somedomain]

A “Results” directory will be automatically generated which will contain a “domain.txt” file with the results and one “output.txt” with the full communication derived from the .cap file and presented in a more readable way.

You can find the tool on our Github page: https://github.com/qsecure-labs/Sp00fer

Work with us

Learn more about us or
Book an online appointment!

Image

Next level IT infrastructure
& Security services.

© 2021, QSecure
Image

Next level IT infrastructure
& Security services.

© 2021, QSecure

Head Office

109 Prodromou Str. (Office 101),
2064, Strovolos Nicosia, Cyprus

Contact Info

info@qsecure.com.cy
Ph: (+357) 22 028014

Head Office

109 Prodromou Str. (Office 101),
2064, Strovolos Nicosia, Cyprus

Contact Info

info@qsecure.com.cy
Ph: (+357) 22 028014
Follow Us -