A comprehensive and fast DMARC security analysis tool that detects vulnerabilities in email authentication configurations.
- Fast DNS Resolution: Optimized DNS resolver with caching and concurrent lookups
- Comprehensive Analysis: Checks DMARC, SPF, DKIM, and MX records
- Security Vulnerability Detection: Identifies common security misconfigurations
- JSON Reporting: Generate detailed JSON reports for automation
- Performance Optimized: Fast analysis with intelligent caching
- Python 3.7+
- Internet connection for DNS lookups
- Clone or download the project
- Install dependencies:
pip install -r requirements.txtpython dmarc_analyzer.py domain.com# Verbose output with detailed information
python dmarc_analyzer.py --verbose example.com
# Generate JSON report
python dmarc_analyzer.py --output report.json example.com
# Show only discovered records
python dmarc_analyzer.py --records-only example.com
# Disable colored output
python dmarc_analyzer.py --no-color example.comdomain: Target domain to analyze (required)-o, --output: Save JSON report to file-v, --verbose: Enable verbose output-r, --records-only: Show only discovered DNS records--no-color: Disable colored terminal output
The tool provides color-coded output:
- π΄ CRITICAL: Immediate action required
- π HIGH: Important security issues
- π‘ MEDIUM: Security concerns
- π΅ LOW: Minor issues
- π’ INFO: Informational messages
Detailed JSON report with structured data:
{
"domain": "example.com",
"timestamp": "2024-01-15T10:30:00",
"issues": [...],
"summary": {
"total_issues": 5,
"critical": 1,
"high": 2,
"medium": 1,
"low": 1
}
}- Record Existence: Checks for DMARC record presence
- Policy Analysis: Evaluates policy settings (none/quarantine/reject)
- Reporting Configuration: Validates rua/ruf parameters
- Subdomain Policy: Checks subdomain policy settings
- Percentage Settings: Analyzes pct parameter usage
- Record Validation: Verifies SPF record format
- Mechanism Analysis: Checks for insecure mechanisms
- Include Optimization: Identifies excessive DNS lookups
- Policy Strength: Evaluates all mechanism usage
- Third-party Services: Detects unsecured third-party includes
- Record Discovery: Finds DKIM records across common selectors
- Key Strength: Analyzes RSA key lengths
- Syntax Validation: Checks DKIM record format
- Selector Optimization: Identifies multiple DKIM configurations
- Mail Server Discovery: Finds and validates MX records
- Server Connectivity: Tests mail server availability
- Priority Analysis: Evaluates MX record priorities
- MTA-STS: Checks for Mail Transfer Agent Strict Transport Security
- TLS-RPT: Validates TLS reporting configuration
- STARTTLS: Tests for secure mail transport
- π΄ CRITICAL: Missing DMARC record, major security vulnerabilities
- π HIGH: Weak policies, insecure configurations
- π‘ MEDIUM: Suboptimal settings, improvement opportunities
- π΅ LOW: Minor issues, optimization suggestions
- π’ INFO: Informational findings, best practices
0: Success (no issues found)1: General issues detected2: High severity issues found3: Critical issues requiring immediate attention130: Analysis interrupted by user
- Multiple DNS Servers: Uses Google (8.8.8.8, 8.8.4.4) and Cloudflare (1.1.1.1, 1.0.0.1)
- Caching: Intelligent DNS result caching for performance
- Timeout Handling: Robust timeout and retry mechanisms
- Concurrent Lookups: Parallel DNS queries for speed
- Smart Caching: Avoids redundant DNS queries
- Concurrent Processing: Parallel analysis of different record types
- Optimized Timeouts: Balanced speed and reliability
- Memory Efficient: Minimal memory footprint
- Graceful Degradation: Continues analysis even if some checks fail
- Detailed Logging: Comprehensive error reporting
- User-friendly Messages: Clear, actionable error descriptions
- Recovery Mechanisms: Automatic retry with alternative DNS servers
$ python dmarc_analyzer.py google.com
[INFO] Starting DMARC analysis for google.com
[SUCCESS] DMARC record found
[WARNING] Policy set to monitoring only (p=none)
[INFO] Analysis completed in 2.34 seconds$ python dmarc_analyzer.py --verbose example.com
[INFO] Starting DMARC analysis for example.com
[INFO] Checking DMARC record...
[INFO] Checking SPF record...
[INFO] Checking DKIM records...
[WARNING] No DMARC record found
[CRITICAL] Missing DMARC record - high security risk$ python dmarc_analyzer.py --output security_report.json example.com
[INFO] Analysis completed
[SUCCESS] JSON report saved to security_report.jsonDMARC/
βββ dmarc_analyzer.py # Main analyzer script
βββ requirements.txt # Python dependencies
βββ README.md # This file
- DMARCAnalyzer: Main analysis engine
- DNSResolver: Optimized DNS resolution with caching
- SecurityIssue: Data structure for security findings
- Logger: Colored logging utility
def check_new_security_feature(self):
"""Add new security check"""
try:
# Your check logic here
if issue_found:
self._add_issue(
severity="MEDIUM",
category="NEW_CHECK",
title="Issue Title",
description="Issue description",
solution="How to fix it"
)
except Exception as e:
if self.verbose:
Logger.error(f"Check failed: {e}")- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License.
This tool is designed for educational and security testing purposes. Always ensure you have proper authorization before testing domains you don't own. The authors are not responsible for any misuse of this tool.
DNS Timeout Errors
- Check your internet connection
- Try using different DNS servers
- Increase timeout values if needed
Permission Errors
- Ensure you have write permissions for output files
- Run with appropriate user privileges
Import Errors
- Verify all dependencies are installed:
pip install -r requirements.txt - Check Python version compatibility
- Use
--records-onlyfor quick record discovery - Disable colors with
--no-colorfor automation - Use JSON output for programmatic analysis
