Emails

Chrome extension

LogoExtensionsRocketReach

Google Dork

intext:"@domain.com"

intext:"@example.com" site:linkedin.com

Find email adresses

LogoGitHub - Josue87/EmailFinder: Search emails from a domain through search enginesGitHub
https://hunter.io/discoverhunter.io
LogoEmail Finder • Free email search for B2B sales | Snov.ioSnov.io
LogoContactOut - Find Anyone’s Email & PhoneContactOut

Mail is used on different sites like twitter, etc.

LogoGitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.GitHub
LogoGitHub - RetrO-M/Hawker: ☆ An OSINT tool in python to find information about an email or phone number and get information about a URL then get information about an IP addressGitHub
Logoosint.rocks
LogoEpieos, the ultimate OSINT toolEpieos
LogoCastrick - Find clues about anyoneCastrick
Social Media

Opsec / Anonymity

OpSec / Anonymity

Email Spoofing

Check SPF, DKIM, DMARC

# dig TXT _dmarc.domain.com

; <<>> DiG 9.18.24-1-Debian <<>> TXT _dmarc.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7149
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_dmarc.domain.com.		IN	TXT

;; AUTHORITY SECTION:
domain.com.		60	IN	SOA	dns112.blah.net. tech.blah.net. 2024102800 86400 3600 3600000 60

;; Query time: 63 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Nov 18 23:41:06 EST 2024
;; MSG SIZE  rcvd: 104
ANSWER: 0 -> DMARC not configured

Strict DMARC policy (such as “p=reject”) is not defined.

LogoGitHub - CanIPhish/CanIBeSpoofed: CanIBeSpoofed is a console project utilising functionality built for the https://caniphish.com/free-phishing-tools/email-spoofing-test website. This project facilitates scanning of domains to gain visibility over email supply chain and SPF/DMARC vulnerabilities.GitHub
LogoGitHub - MattKeeley/Spoofy: Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.GitHub
LogoGitHub - a6avind/spoofcheck: SpoofcheckGitHub
./spoofy.py -d domain.com
LogoHow To Spoof An Email Address In 5 StepsCanIPhish
LogoPhishing: how to prevent email spoofing? [SPF, DKIM, DMARC]VAADATA - Ethical Hacking Services

MailSecOps

LogoGitHub - 0xhav0c/MailSecOps: MailSecOps is an email and mail gateway security testing tool. With this script, you can perform mail spoofing, relay tests and security checks for a specific domain. The tool also helps to verify SPF, DMARC, SSL/TLS and other security tests.GitHub

Online Tool - Spoof Mail

LogoEmkei's Anonymous Mailer

DMARC-SPF-Checker

LogoGitHub - fdzdev/DMARC-SPF-Checker: Python tool designed to identify misconfigured DMARC and SPF settings in domains. It resolves DNS records, checks for DMARC policies, SPF records, and logs the results for each domain. Additionally, it provides the option to send a spoofed email for testing purposes if misconfigurations are detected. Supports bulk and individual scanning.GitHub

With Gophish

LogoPhishing Attack with Spoofed Mail from ScratchMedium

With Social-Engineer Toolkit

In this example, we use brevo as a smtp relay server. The mail received will be of the form username_spoofed@smtp_relay_domain rather than username_spoofed@domain_spoofed, as brevo modifies the domain name for security reasons.

https://www.youtube.com/watch?v=lR_Ck3-_AGQ

https://app.brevo.com/

Email Security Checklist

LogoGitHub - hoangcuongflp/Email-Security-Checklist: You’ve hardened your servers, locked down your website and are ready to take on the internet. But all your hard work was in vain, because someone fell for a phishing email and wired money to a scammer, while another user inadvertently downloaded and installed malware from an email link that opened a backdoor into the network. Email is as important as the website when it comes to security. As a channel for social engineering, malware delivery and resource exploitation, a combination of best practices and user education should be enacted to reduce the risk of an email-related compromise. By following this 13 step checklist, you can make your email configuration resilient to the most common attacks and make sure it stays that way.GitHub

Resources

LogoTop Phishing TechniquesRedTeamRecipe

Open Relay

SMTP (25, 465)

Google Account - GHunt

LogoGitHub - mxrch/GHunt: 🕵️‍♂️ Investigate Google emails and documents.GitHub
LogoGhunt 2.0: Gmail OSINT Guide | Part -1HACKLIDO

Extract email from commit history in GitHub repos

LogoGitHub - Imp0sters/Gitmail-Harvester: Gitmail Harvester is a powerful OSINT/Red Team and Pentest tool designed to extract email addresses from commit history in GitHub repositoriesGitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

PreviousToolsNextDark Web Exposure

Last updated