v4d1 / SpoofThatMail

Bash script to check if a domain or list of domains can be spoofed based in DMARC records

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Help newlines not escaped

klikevil opened this issue · comments

$ ./SpoofThatMail.sh 

███████╗██████╗  ██████╗  ██████╗ ███████╗                          
██╔════╝██╔══██╗██╔═══██╗██╔═══██╗██╔════╝                          
███████╗██████╔╝██║   ██║██║   ██║█████╗                            
╚════██║██╔═══╝ ██║   ██║██║   ██║██╔══╝                            
███████║██║     ╚██████╔╝╚██████╔╝██║                               
╚══════╝╚═╝      ╚═════╝  ╚═════╝ ╚═╝                               
                                                                    
████████╗██╗  ██╗ █████╗ ████████╗    ███╗   ███╗ █████╗ ██╗██╗     
╚══██╔══╝██║  ██║██╔══██╗╚══██╔══╝    ████╗ ████║██╔══██╗██║██║     
   ██║   ███████║███████║   ██║       ██╔████╔██║███████║██║██║     
   ██║   ██╔══██║██╔══██║   ██║       ██║╚██╔╝██║██╔══██║██║██║     
   ██║   ██║  ██║██║  ██║   ██║       ██║ ╚═╝ ██║██║  ██║██║███████╗
   ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝╚══════╝ by securihub.com 
                                                                 

Wrong execution\n
Accepted parameters:\n
Use -d along with a domain name, example sh SpoofThatMail.sh -d domain.com
Null string will be detected and ignored\n
Use -f along with a file containing domain names, example sh SpoofThatMail.sh -f domains.txt
Note that the path provided for the file must be a valid one\n
diff --git a/SpoofThatMail.sh b/SpoofThatMail.sh
old mode 100644
new mode 100755
index 80e2397..2e7e05b
--- a/SpoofThatMail.sh
+++ b/SpoofThatMail.sh
@@ -6,11 +6,11 @@ YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 
 help () {
-	echo "Accepted parameters:\n"
-	echo "Use -d along with a domain name, example sh SpoofThatMail.sh -d domain.com"
-	echo "Null string will be detected and ignored\n"
-	echo "Use -f along with a file containing domain names, example sh SpoofThatMail.sh -f domains.txt"
-	echo "Note that the path provided for the file must be a valid one\n"
+	echo -e "Accepted parameters:\n"
+	echo -e "Use -d along with a domain name, example sh SpoofThatMail.sh -d domain.com"
+	echo -e "Null string will be detected and ignored\n"
+	echo -e "Use -f along with a file containing domain names, example sh SpoofThatMail.sh -f domains.txt"
+	echo -e "Note that the path provided for the file must be a valid one\n"
 }
 
 check_url () {
@@ -20,17 +20,17 @@ check_url () {
 	output=$(nslookup -type=txt _dmarc."$domain")
 	case "$output" in
 		*p=reject*)
-			echo "$domain is ${GREEN}NOT vulnerable${NC}"
+			echo -e "$domain is ${GREEN}NOT vulnerable${NC}"
 		;;
 		*p=quarantine*)
-			echo "$domain ${YELLOW}can be vulnerable${NC} (email will be sent to spam)"
+			echo -e "$domain ${YELLOW}can be vulnerable${NC} (email will be sent to spam)"
 		;;
 		*p=none*)
-			echo "$domain is ${RED}vulnerable${NC}"
+			echo -e "$domain is ${RED}vulnerable${NC}"
 			retval=1
 		;;
 		*)
-			echo "$domain is ${RED}vulnerable${NC} (No DMARC record found)"
+			echo -e "$domain is ${RED}vulnerable${NC} (No DMARC record found)"
 			retval=1
 		;;
 	esac
@@ -49,7 +49,7 @@ check_file () {
 			check_url $line
 			VULNERABLES=$((VULNERABLES=VULNERABLES+$?))
 		done < $input
-		echo "\n$VULNERABLES out of $COUNTER domains are ${RED}vulnerable ${NC}"
+		echo -e "\n$VULNERABLES out of $COUNTER domains are ${RED}vulnerable ${NC}"
 
 }
 
@@ -73,7 +73,7 @@ main () {
 
 }
 
-echo "
+echo -e "
 ███████╗██████╗  ██████╗  ██████╗ ███████╗                          
 ██╔════╝██╔══██╗██╔═══██╗██╔═══██╗██╔════╝                          
 ███████╗██████╔╝██║   ██║██║   ██║█████╗                            
@@ -90,7 +90,7 @@ echo "
                                                                  
 "
 if [ $# != 2  ];then
-	echo "Wrong execution\n"
+	echo -e "Wrong execution\n"
 	help
 	exit 0
 fi
commented

I will work on this asap but im quiet busy right now, please try executing with sh SpoofThatMail.sh as you can see in the README image

Changing the #!/bin/bash for #!/bin/sh should fix this for this use case.

Right now there's an inconsistency where if you execute the command as the readme says, it is executed in sh (bash in legacy mode) whereas if you do ./Spoof... it is executed in regular bash.

Lining up both use cases will probably solve issues like this one (I suppose using bash instead of sh would be the better solution)

Changing the #!/bin/bash for #!/bin/sh should fix this for this use case.

Right now there's an inconsistency where if you execute the command as the readme says, it is executed in sh (bash in legacy mode) whereas if you do ./Spoof... it is executed in regular bash.

Lining up both use cases will probably solve issues like this one (I suppose using bash instead of sh would be the better solution)

Yeah, i saw this project on twitter and it said it was a bash script so an alternative would definitely be changing the shebang I just figured i'd help the output be as clean as possible, not an urgent issue-- everything else in the script looks clean and functions as intended to.

ezoic increase your site revenue