Uncategorized
- CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers
- TKCERT/mail-security-tester - A testing framework for mail security and filtering solutions
- pwnsdx/Mailsploit - (Released in December 2017) Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks
- 0xbharath/assets-from-spf - A Python script to parse net blocks & domain names from SPF record
- CaledoniaProject/imap2mailbox - 将IMAP邮箱转换为本地的maildir格式
- anonaddy - Anonymous Email Forwarding
- trumail - A Fast and Free Email Verification API written in Go - 开源的,验证邮箱是否可用,有官方JSON API
Spoofing
- Abusing Data Protection Laws For D0xing & Account Takeovers - Reply-To响应头的技巧
- chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures
- 眼见不一定为实:对电子邮件伪造攻击的大规模分析
Outlook
Exchange
- Ridter/owa_info - 工具会探测Exchange的版本,并尝试去获取内网IP地址和Exchange主机名
- MiSecurity/exchange_proxy - Security proxy server for Exchange server
- RowTeam/SharpExchangeKing - Exchange 服务器安全性的辅助测试工具 - 没开源还做了混淆,安全性未知,慎重使用
- cisp/GetMail - 利用NTLM Hash读取Exchange邮件
- dafthack/MailSniper - a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms
- sensepost/ruler - A tool to abuse Exchange services - 能给owa下发规则
- 3xpl01tc0d3r/Abusing-Outlook - This repository contains some details about abusing outlook
- Quickbreach/ExchangeRelayX - An NTLM relay tool to the EWS endpoint for on-premise exchange servers
- mikesiegel/ews-crack - EWS basic authentication bruteforce tool
- rasta-mouse/EWSToolkit - Abusing Exchange via EWS - 能给outlook装插件
- nccgroup/OutlookLeakTest - List of HTML tags that might send requests to other resources automatically or by user interaction
- 3gstudent/APT34-Jason - Use to perform Microsoft exchange account brute-force
- Transport Agent 插件 - 修改标题、丢弃邮件、保存eml格式文件、仅保存附件、全文检索