search

Emails

hashtag
Chrome extension

LogoExtensionsRocketReachchevron-right

hashtag
Google Dork

hashtag
Find email adresses

LogoGitHub - Josue87/EmailFinder: Search emails from a domain through search enginesGitHubchevron-right
https://hunter.io/discoverhunter.iochevron-right
LogoEmail Finder • Free email search for B2B sales | Snov.ioSnov.iochevron-right
LogoContactOut - Find Anyone's Email & PhoneContactOutchevron-right

hashtag
Mail is used on different sites like twitter, etc.

LogoGitHub - megadose/holehe: holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.GitHubchevron-right
https://github.com/RetrO-M/Hawkergithub.comchevron-right
https://osint.rocks/osint.rockschevron-right
Logohttps://epieos.com/epieos.comchevron-right
LogoCastrick - Find clues about anyoneCastrickchevron-right
Social Mediachevron-right

hashtag
Opsec / Anonymity

OpSec / Anonymitychevron-right

hashtag
Email Spoofing

Check SPF, DKIM, DMARC

Strict DMARC policy (such as “p=reject”) is not defined.

LogoGitHub - CanIPhish/CanIBeSpoofed: CanIBeSpoofed is a console project utilising functionality built for the https://caniphish.com/free-phishing-tools/email-spoofing-test website. This project facilitates scanning of domains to gain visibility over email supply chain and SPF/DMARC vulnerabilities.GitHubchevron-right
LogoGitHub - MattKeeley/Spoofy: Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.GitHubchevron-right
LogoGitHub - a6avind/spoofcheck: SpoofcheckGitHubchevron-right
LogoHow To Spoof An Email Address In 5 StepsCanIPhishchevron-right
LogoPhishing: how to prevent email spoofing? [SPF, DKIM, DMARC]VAADATA - Ethical Hacking Serviceschevron-right

hashtag
MailSecOps

LogoGitHub - 0xhav0c/MailSecOps: MailSecOps is an email and mail gateway security testing tool. With this script, you can perform mail spoofing, relay tests and security checks for a specific domain. The tool also helps to verify SPF, DMARC, SSL/TLS and other security tests.GitHubchevron-right

hashtag
Online Tool - Spoof Mail

LogoEmkei's Fake Maileremkei.czchevron-right

hashtag
DMARC-SPF-Checker

LogoGitHub - fdzdev/DMARC-SPF-Checker: Python tool designed to identify misconfigured DMARC and SPF settings in domains. It resolves DNS records, checks for DMARC policies, SPF records, and logs the results for each domain. Additionally, it provides the option to send a spoofed email for testing purposes if misconfigurations are detected. Supports bulk and individual scanning.GitHubchevron-right

hashtag
With Gophish

LogoPhishing Attack with Spoofed Mail from ScratchMediumchevron-right

hashtag
With Social-Engineer Toolkit

triangle-exclamation

In this example, we use brevo as a smtp relay server. The mail received will be of the form username_spoofed@smtp_relay_domain rather than username_spoofed@domain_spoofed, as brevo modifies the domain name for security reasons.

https://www.youtube.com/watch?v=lR_Ck3-_AGQarrow-up-right

https://app.brevo.com/arrow-up-right

hashtag
Email Security Checklist

LogoGitHub - hoangcuongflp/Email-Security-Checklist: You’ve hardened your servers, locked down your website and are ready to take on the internet. But all your hard work was in vain, because someone fell for a phishing email and wired money to a scammer, while another user inadvertently downloaded and installed malware from an email link that opened a backdoor into the network. Email is as important as the website when it comes to security. As a channel for social engineering, malware delivery and resource exploitation, a combination of best practices and user education should be enacted to reduce the risk of an email-related compromise. By following this 13 step checklist, you can make your email configuration resilient to the most common attacks and make sure it stays that way.GitHubchevron-right

hashtag
Resources

Logoredteamrecipe.com is for sale! Check it out on ExpiredDomains.comExpiredDomains.comchevron-right

hashtag
Open Relay

SMTP (25, 465)chevron-right

hashtag
Google Account - GHunt

LogoGitHub - mxrch/GHunt: 🕵️‍♂️ Offensive Google framework.GitHubchevron-right
LogoGhunt 2.0: Gmail OSINT Guide | Part -1HACKLIDOchevron-right

hashtag
Extract email from commit history in GitHub repos

LogoGitHub - TheImposterz/Gitmail-Harvester: Gitmail Harvester is a powerful OSINT/Red Team and Pentest tool designed to extract email addresses from commit history in GitHub repositoriesGitHubchevron-right

hashtag
Interesting Books

Interesting Bookschevron-right
circle-info

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

PreviousToolsNextDark Web Exposure

Last updated