mirror of
https://github.com/steffenfritz/mxcheck.git
synced 2026-04-25 21:15:58 +03:00
No description
|
|
||
|---|---|---|
| .github | ||
| .idea | ||
| resources | ||
| vendor | ||
| .gitignore | ||
| asn.go | ||
| asn_test.go | ||
| AUTHORS.rst | ||
| bimi.go | ||
| blacklists.go | ||
| CHANGELOG | ||
| checkversion.go | ||
| checkversion_test.go | ||
| connect.go | ||
| connect_test.go | ||
| CONTRIBUTING.md | ||
| dane.go | ||
| dkim.go | ||
| dmarc.go | ||
| dns.go | ||
| dns_test.go | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| mtasts.go | ||
| mxcheck.1 | ||
| nfpm.yaml | ||
| openrelay.go | ||
| openrelay_test.go.GH_DISABLED | ||
| output.go | ||
| output_test.go | ||
| README.md | ||
| SECURITY.md | ||
| smtpsmuggling.go | ||
| tlscheck.go | ||
| tlscheck_test.go.GH_DISABLED | ||
| tlsrpt.go | ||
| ui.go | ||
| versionmsg.go | ||
mxcheck is an info scanner for e-mail servers.
It checks
- DNS records: A, MX, PTR, SPF, MTA-STS, DKIM, DMARC (fully parsed), TLSRPT, BIMI
- DANE/TLSA records per MX host (RFC 6698, RFC 7672): usage, selector, matching type, certificate data
- AS Number and AS Country
- the support of StartTLS and the certificate
- TLS certificate details on port 465: expiry date, Subject CN, Issuer CN, SANs
- open ports: 25, 465, 587
- if the service is listed by blacklists
- if it leaks information by server string and VRFY command
- if the e-mail server is vulnerable to SMTPSmuggling
- and if the server is an open relay
You can set mailFrom, mailTo, the DNS server, DKIM selector and output a report in tsv format.
-b, --blacklist Check if the service is on blacklists
-d, --dnsserver string The dns server to be requested (default "8.8.8.8")
-g, --smuggle Scan for SMTPSmuggling vulnerability
-p, --disable-port-scan Disable SMTP port scan
-f, --mailfrom string Set the mailFrom address (default "info@foo.wtf")
-t, --mailto string Set the mailTo address (default "info@baz.wtf")
-n, --no-prompt Answer yes to all questions
-s, --service string The service host to check (mandatory flag)
-S, --dkim-selector The DKIM selector. If set a dkim check is performed on the provided service domain
-V, --verbose Show timestamps in output
-v, --version Version and license
-u, --updatecheck Check if a new version of mxcheck is available
-w, --write-tsv Write tsv formated report to file
Version
v2.0.0
Installation
go install github.com/steffenfritz/mxcheck@v2.0.0
or
download a pre-compiled binary.
or
use Kali Linux repositories
Usage Example
./mxcheck -s 2600.com
./mxcheck -s 2600.com -v
./mxcheck -s 2600.com -d 8.8.8.8
./mxcheck -s 2600.com -n -f info@baz.com -t boss@foo.org -w -S default
./mxcheck -s 2600.com -n -f info@baz.com -t boss@foo.org -w -S default -b -g
Check for authentication
There is no check whether the server needs authentication. However, you can do two runs:
The first one uses a from and to address outside the mail server's scope, e.g.:
./mxcheck -s example.com -f info@baz.com -t boss@foo.org
The second one uses a from and a to address from the mail server's scope, e.g.:
./mxcheck -s example.com -f info@example.com -t boss@example.com
If the first one returns Server is not an open relay and the second one returns Server is probably an open relay the server is not an open relay, but you can send mails from local to local addresses without authentication.
Documentation and contact
mxcheck has a man page :)
Furthermore, you can find a documentation and contact information here: https://mxcheck.fritz.wtf
The logo was created by Alex/Lignum5. Thanks, mate :)