โ โ โฃผโกโฃฟโ โขโฃฟโฃโฃฟโฃโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโขธโกโฃฟโฃฟโฃฟโฃโฃฟโฃฟโฃฟโฃฟ
โกโฃธโกโฃผโฃฏโ โฃพโฃฟโขธโฃฟโขธโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโกโ ธโ โขนโกฟโฃฟโฃฟโขปโฃฟโฃฟโฃฟ
โกโกโฃธโขโฃซโก
โฃถโขโกถโกโฃฟโฃฟโฃฟโฃฟโฃฟโขฟโฃโ โ ฐโ โ โ โ โ โ โ ปโฃฟโขน
โฃงโฃฑโกทโฃฑโ ฟโ โ โ ผโฃโ โฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโ โฃฐโฃฟโฃฟโกโ โ โ โ โ โ โ
โกโกโขโ โก โ โ โ โ โฃพโขปโฃฟโฃฟโกฟโกนโกณโ โ โ โ โ โ โขโ โ โ โ โ โ โโโโ โโ โโโโ โโโ โโโ โโโโ โโโ โโโ โโโ โ
โกโ โขโขฐโกโ โ โกโ โฃฟโฃฟโฃฟโฃฟโฃฑโฃฟโกโ โ โ โขโกโ โ โขฐโ โ โ โ โ โโ โโโ โโ โโโ โโโโ โโ โโโโ โโ โโโโ โโ โโ โ
โ โ โ โฃฟโฃงโ ดโฃโฃกโขโฃฟโฃฟโฃฟโฃทโฃฟโฃฟโกโขโ โ คโ โ โฃ โฃ โฃธโข โ โ โ โ โโโโ โโโโ โโโโโโโโ โโ โโโโ โโ โ โ โ
โขโ โ โฃฟโฃฟโฃทโฃฌโฃตโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃทโฃโขทโกถโขโกฐโฃฟโฃฟโ โ โ โ โ โ โ โ โโโ โโ โโโ โโโโ โโ โโโโ โโ โโ โโ โ
โฃฟโ โ โฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃทโฃถโฃพโฃฟโฃฟโกโขโ โ โขธโก โ โโโโ โโ โโโโ โโโ โโโ โโโโ โโ โโโโ โโ โโโ โ
โฃฟโ โ โ โขฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโขโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃโขโกโ โขโฃชโก
โกโ โ โ โ โฃพโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโฃฟโกฟโขฟโฃโฃปโฃฉโฃพโฃโฃดโฃฟโฃฟโก
๐ฏ Domain Spoofing Vulnerability Analyzer (โโฟโ)
SHUT UP and --------------> HACKKK
Detecting email spoofing attack vectors...
Created by Max Muxammil
v1.0 - Enhanced with Rich Dashboard, Email Validation & Analysis
Domain Spoofing Vulnerability Analyzer (Python Edition)
A specialized defensive security tool for detecting email spoofing vulnerabilities by analyzing SPF, DMARC, and DKIM configurations to determine domain spoofing risk. Now with enhanced Rich terminal UI and comprehensive email validation capabilities.
- Rich Dashboard: Beautiful bordered panels with color-coded output
- Custom Progress Bars: Real-time animated progress tracking
- Professional Banner: ASCII art with Rich formatting
- Color-Coded Results: Green (secure), Red (vulnerable), Yellow (warning)
- SPF Record Analysis: Detects missing, weak, or dangerous policies
- DMARC Policy Evaluation: Checks enforcement levels and subdomain policies
- DKIM Signature Validation: Scans multiple selectors and key strengths
- MX Record Assessment: Identifies routing and wildcard vulnerabilities
- Format Validation: Regex-based email syntax checking
- Domain Matching: Verifies email domain against target domain
- SMTP Connectivity: Tests mail server reachability on port 25
- Real-time Verification: Attempts email existence validation
- Detailed Reporting: Comprehensive validation results with status indicators
- Protection Score: 0-100 scoring system based on vulnerabilities
- Risk Levels: CRITICAL, HIGH, MEDIUM, LOW, VERY_LOW classifications
- Spoofability Assessment: Determines if domain can be spoofed
- Actionable Recommendations: Specific remediation guidance
- โ Missing SPF Records (CRITICAL)
- ๐จ Dangerous Policies (
+allallows any sender) โ ๏ธ Weak Policies (~allsoft fail,?allneutral)- ๐ Incomplete Records (missing
allmechanism) - ๐ Overly Permissive (too many includes)
- โ Missing DMARC Policy (CRITICAL)
- ๐ Policy Strength (
none,quarantine,reject) - ๐ Subdomain Weaknesses (weaker subdomain policies)
- ๐ Partial Enforcement (percentage < 100%)
- โ Missing DKIM (HIGH risk)
- ๐ Weak Cryptographic Keys (< 2048 bits)
- ๐ Common Selectors (default, selector1, selector2, google, k1, s1, s2)
- ๐ฌ MX Record Analysis (missing or wildcard MX)
- ๐ Mail Routing (potential manipulation vectors)
- ๐ DNS Configuration (resolution and timeout handling)
- Python 3.7+
- DNS resolution capability
- Internet connection for DNS queries
# Install required packages
pip3 install -r requirements.txt
# Or install manually
pip3 install dnspython requests rich# Clone or download the script
wget https://raw.githubusercontent.com/maxmuxammil/mx-chan/main/mxchan.py
chmod +x mxchan.pypython3 mxchan.py example.com# Validate email address
python3 mxchan.py example.com --email admin@example.com
python3 mxchan.py example.com -e user@gmail.com# Enable debug output for troubleshooting
python3 mxchan.py --debug gmail.com
python3 mxchan.py -d example.com --email user@example.compython3 mxchan.py --help # Show help with Rich banner
python3 mxchan.py [OPTIONS] DOMAIN # Full syntax-e, --email EMAIL: Email address to validate (optional)-d, --debug: Enable debug output for DNS queries-h, --help: Show help message with Rich banner
โญโโโโโโโโโโโโโโโโโโโโโโโโโ MX-Chan Spoofing Analyzer โโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ฏ Domain Spoofing Vulnerability Analyzer (โโฟโ) โ
โ SHUT UP and --------------> HACKKK โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
๐ Analyzing SPF records [โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ] 20%
๐ Analyzing DMARC records [โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ] 40%
๐ Analyzing DKIM records [โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ] 60%
๐ Checking additional vectors [โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ] 80%
๐ Calculating protection score [โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ] 100%
================================================================================
๐ฏ DOMAIN SPOOFING VULNERABILITY REPORT
================================================================================
๐ Target Domain: example.com
๐จ Spoofing Risk: HIGH
๐ฏ Domain Status: SPOOFABLE
๐ก๏ธ Protection Score: 45/100
๐ Vulnerabilities Found: 3
๐จ DISCOVERED VULNERABILITIES
================================================================================
1. ๐จ [CRITICAL] SPF Missing
๐ฏ Vulnerability: No SPF record found
๐ฅ Impact: Domain can be easily spoofed from any IP address
๐ง Recommendation: Implement SPF record immediately with '-all' mechanism
๐ Technical Details: Missing SPF allows unlimited spoofing potential
2. ๐จ [CRITICAL] DMARC Missing
๐ฏ Vulnerability: No DMARC record found
๐ฅ Impact: No policy enforcement against domain spoofing
๐ง Recommendation: Implement DMARC policy starting with p=none, then escalate to p=reject
๐ Technical Details: Missing DMARC allows spoofing with no reporting
๐ง EMAIL VALIDATION REPORT
================================================================================
๐ง Email Address: admin@example.com
๐ Format: โ
VALID
๐ Domain Match: โ
MATCHES
๐ฌ SMTP Server: โ UNREACHABLE
๐ Email Exists: โ UNKNOWN
๐ VALIDATION DETAILS
------------------------------------------------------------
โข Format: Valid format
โข Domain_Match: Email domain matches target domain
โข Smtp: No SMTP servers reachable on port 25
โข Existence: Could not determine primary MX server
| Level | Icon | Score Impact | Description | Action Required |
|---|---|---|---|---|
| CRITICAL | ๐จ | -30 points | Immediate security risk | Fix immediately |
| HIGH | ๐ถ | -20 points | Significant vulnerability | Address promptly |
| MEDIUM | -10 points | Moderate security concern | Plan remediation | |
| LOW | โ | -5 points | Minor configuration issue | Monitor and improve |
- Base Score: 100/100 (perfect protection)
- Vulnerability Deductions: Based on severity levels above
- Final Score: Maximum of 0 (completely vulnerable)
- CRITICAL: Any critical vulnerabilities present
- HIGH: 2+ high-risk vulnerabilities
- MEDIUM: 1 high-risk OR 3+ medium-risk vulnerabilities
- LOW: 1+ medium-risk vulnerabilities
- VERY LOW: No significant vulnerabilities detected
; Basic SPF record (blocks all unauthorized senders)
example.com. IN TXT "v=spf1 -all"
; SPF with Google Workspace
example.com. IN TXT "v=spf1 include:_spf.google.com -all"
; SPF with multiple providers
example.com. IN TXT "v=spf1 include:_spf.google.com include:spf.protection.outlook.com -all"
; Start with monitoring (p=none)
_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com"
; Progress to quarantine suspicious emails
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
; Full protection (reject unauthorized emails)
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:dmarc@example.com"
- Generate DKIM Keys: Use 2048-bit RSA or stronger
- Configure Email Provider: Enable DKIM in your email service
- Publish Public Key: Add DKIM record to DNS
selector1._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."
- Primary Resolvers: 8.8.8.8, 1.1.1.1, 1.0.0.1
- Timeout Settings: 3 seconds per query, 10 seconds total lifetime
- Error Handling: Graceful fallback for NXDOMAIN and NoAnswer
- Format Validation: RFC-compliant regex checking
- Domain Extraction: Parse and validate domain portion
- MX Record Lookup: Find mail exchange servers
- SMTP Testing: Direct connection attempts on port 25
- Response Analysis: Interpret connection results
- Custom Progress Bars: Terminal-safe animated indicators
- Real-time Updates: Live progress display during analysis
- Phase Indicators: Clear status for each analysis step
- Bordered Panels: Professional presentation with Rich library
- Color Coding: Consistent color scheme throughout interface
- Text Formatting: Bold, italic, and colored text elements
- Alignment: Centered and left-aligned content as appropriate
This tool is designed for defensive security purposes only. It should be used to:
- โ Assess your own domains and email infrastructure
- โ Conduct authorized security assessments with proper permissions
- โ Improve email authentication configurations and policies
- โ Educate teams about email spoofing vulnerabilities
- dnspython (>=2.0.0): DNS resolution and record parsing
- requests (>=2.25.0): HTTP requests for additional lookups
- rich (>=10.0.0): Enhanced terminal UI and formatting
This project is licensed under the MIT License - see the LICENSE file for details.
- Built for defensive security and domain protection awareness
- Inspired by the need for better email authentication visibility
- Thanks to the DNS and email security community for standards development
- Rich library for beautiful terminal interfaces
##Screenshot
โจ Stay secure and keep those spoofing attacks away! (โโฟโ) ๐ก๏ธ Remember: Strong email authentication prevents domain spoofing!