Tool

CLI

Email Security

Spoofy

by MattKeeley

732stars

75forks

11watchers

Updated 5 months ago

About

Spoofy is a Python-based tool that determines if domains are vulnerable to email spoofing by analyzing their SPF and DMARC records with real-world tested logic.

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Primary Use Case

Security professionals and email administrators use Spoofy to assess the spoofability of domains in bulk or individually, helping them identify weaknesses in SPF and DMARC configurations that could allow email spoofing attacks. This tool is especially useful for risk assessment and automating vulnerability scans related to email security.

Key Features

Authoritative DNS lookups with fallback to Cloudflare DNS
Accurate bulk domain spoofability checks
Custom spoof logic based on real-world testing, not speculation
SPF DNS query counting for performance insights
Multithreading support for faster processing
Output options including stdout and Excel (xls) format

Installation

Ensure Python 3 or higher is installed (Python 2 not supported)
Clone the repository or download the source code
Install dependencies using: pip3 install -r requirements.txt

Usage

>_ ./spoofy.py -d example.com -t 10

Check spoofability of a single domain 'example.com' using 10 threads

>_ ./spoofy.py -iL domains.txt -o xls

Process a list of domains from 'domains.txt' and output results in Excel format

Security Frameworks

Reconnaissance

Discovery

Defense Evasion

Credential Access

Impact

Usage Insights

Integrate Spoofy into continuous security monitoring pipelines to regularly assess domain spoofability and prevent phishing attacks.
Use Spoofy results to prioritize remediation of SPF and DMARC misconfigurations in bulk domain environments.
Combine Spoofy with email gateway monitoring tools to enhance detection of spoofed emails.
Leverage multithreading and bulk scanning features to scale assessments across large enterprise domain portfolios.
Incorporate Spoofy findings into purple team exercises to simulate and defend against email spoofing attack scenarios.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about Spoofy. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile

Red Team70%

Blue Team60%

Purple Team65%

Details

LicenseOther

LanguagePython

Open Issues9

Topics

application-security

appsec

cybersecurity

deliverability

dmarc

email-security

emails

infosec

penetration-testing

penetration-testing-tools

Related Tools

mailcow-dockerized

mailcow/mailcow-dockerized

Tool

mailcow: dockerized - 🐮 + 🐋 = 💕

10.4K

10 months ago

espoofer

chenjj/espoofer

Tool

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

1.7K

3 months ago

docker-postfix

bokysan/docker-postfix

Tool

Multi architecture simple SMTP server (postfix null relay) host for your Docker and Kubernetes containers. Based on Debian/Ubuntu/Alpine.

609

10 months ago

sublime-rules

sublime-security/sublime-rules

Tool

Sublime rules for email attack detection, prevention, and threat hunting.

334

4 months ago

spamscope

SpamScope/spamscope

Tool

Fast Advanced Spam Analysis Tool

305

5 months ago

EmailAnalyzer

keraattin/EmailAnalyzer

Tool

With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.

269

8 months ago