-
Notifications
You must be signed in to change notification settings - Fork 198
/
spoofcheck.py
executable file
·154 lines (105 loc) · 4.34 KB
/
spoofcheck.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#! /usr/bin/env python
import sys
from colorama import init as color_init
import emailprotectionslib.dmarc as dmarclib
import emailprotectionslib.spf as spflib
from libs.PrettyOutput import output_good, output_bad, \
output_info, output_error, output_indifferent
def check_spf_redirect_mechanisms(spf_record):
redirect_domain = spf_record.get_redirect_domain()
if redirect_domain is not None:
output_info("Processing an SPF redirect domain: %s" % redirect_domain)
return is_spf_record_strong(redirect_domain)
else:
return False
def check_spf_include_mechanisms(spf_record):
include_domain_list = spf_record.get_include_domains()
for include_domain in include_domain_list:
output_info("Processing an SPF include domain: %s" % include_domain)
strong_all_string = is_spf_record_strong(include_domain)
if strong_all_string:
return True
return False
def check_spf_all_string(spf_record):
strong_spf_all_string = True
if spf_record.all_string is not None:
if spf_record.all_string == "~all" or spf_record.all_string == "-all":
output_indifferent("SPF record contains an All item: " + spf_record.all_string)
else:
output_good("SPF record All item is too weak: " + spf_record.all_string)
strong_spf_all_string = False
else:
output_good("SPF record has no All string")
strong_spf_all_string = False
return strong_spf_all_string
def is_spf_record_strong(domain):
strong_spf_record = True
spf_record = spflib.SpfRecord.from_domain(domain)
if spf_record is not None:
output_info("Found SPF record:")
output_info(str(spf_record.record))
strong_all_string = check_spf_all_string(spf_record)
if strong_all_string is False:
redirect_strength = check_spf_redirect_mechanisms(spf_record)
include_strength = check_spf_include_mechanisms(spf_record)
strong_spf_record = False
if redirect_strength is True:
strong_spf_record = True
if include_strength is True:
strong_spf_record = True
else:
output_good(domain + " has no SPF record!")
strong_spf_record = False
return strong_spf_record
def get_dmarc_record(domain):
dmarc = dmarclib.DmarcRecord.from_domain(domain)
if dmarc is not None:
output_info("Found DMARC record:")
output_info(str(dmarc.record))
return dmarc
def check_dmarc_extras(dmarc_record):
if dmarc_record.pct is not None and dmarc_record.pct != str(100):
output_indifferent("DMARC pct is set to " + dmarc_record.pct + "% - might be possible")
if dmarc_record.rua is not None:
output_indifferent("Aggregate reports will be sent: " + dmarc_record.rua)
if dmarc_record.ruf is not None:
output_indifferent("Forensics reports will be sent: " + dmarc_record.ruf)
def check_dmarc_policy(dmarc_record):
policy_strength = False
if dmarc_record.policy is not None:
if dmarc_record.policy == "reject" or dmarc_record.policy == "quarantine":
policy_strength = True
output_bad("DMARC policy set to " + dmarc_record.policy)
else:
output_good("DMARC policy set to " + dmarc_record.policy)
else:
output_good("DMARC record has no Policy")
return policy_strength
def is_dmarc_record_strong(domain):
dmarc_record_strong = False
dmarc = get_dmarc_record(domain)
if dmarc is not None:
dmarc_record_strong = check_dmarc_policy(dmarc)
check_dmarc_extras(dmarc)
else:
output_good(domain + " has no DMARC record!")
return dmarc_record_strong
if __name__ == "__main__":
color_init()
spoofable = False
try:
domain = sys.argv[1]
spf_record_strength = is_spf_record_strong(domain)
if spf_record_strength is False:
spoofable = True
dmarc_record_strength = is_dmarc_record_strong(domain)
if dmarc_record_strength is False:
spoofable = True
else:
spoofable = False
if spoofable:
output_good("Spoofing possible for " + domain + "!")
else:
output_bad("Spoofing not possible for " + domain)
except IndexError:
output_error("Usage: " + sys.argv[0] + " [DOMAIN]")