Checkout help parameters:
$ ./autoaudit -h
usage: audit_cli.py [-h] {dns,smtp,send,check_setup} ...
positional arguments:
{dns,smtp,send,check_setup}
sub-commands help
dns check mail-specific DNS config
smtp scan SMTP server for security issues
send send various test emails
check_setup get info about your own IP (useful to check your setup)
optional arguments:
-h, --help show this help message and exit
$ /autoaudit dns -h
usage: audit_cli.py dns [-h] domain
positional arguments:
domain
optional arguments:
-h, --help show this help message and exit
$ ./autoaudit smtp -h
usage: audit_cli.py smtp [-h] -t HOST [-p PORT] -s SENDER_ADDR
optional arguments:
-h, --help show this help message and exit
-t HOST, --host HOST mail server address
-p PORT, --port PORT SMTP server port
-s SENDER_ADDR, --sender-address SENDER_ADDR
email address used to send mails
$ ./autoaudit send -h
usage: audit_cli.py send [-h] -t HOST [-p PORT] -s SENDER_ADDR -r RECIPIENT
optional arguments:
-h, --help show this help message and exit
-t HOST, --host HOST mail server address
-p PORT, --port PORT SMTP server port
-s SENDER_ADDR, --sender-address SENDER_ADDR
email address used to send mails
-r RECIPIENT, --recipient RECIPIENT
mail address of the recipient
$ ./autoaudit check_setup -h
usage: audit_cli.py check_setup [-h] -s SENDER_ADDR
optional arguments:
-h, --help show this help message and exit
-s SENDER_ADDR, --sender-address SENDER_ADDR
email address used to send mailsChecking DNS config of "nmap.com":
$ ./autoaudit dns nmap.com
{
"ipv4_reverse_match": {
"ALT1.ASPMX.L.GOOGLE.com.": {
"142.250.150.27": [
"la-in-f27.1e100.net."
]
},
"ASPMX.L.GOOGLE.com.": {
"108.177.119.27": [
"ei-in-f27.1e100.net."
]
},
"ALT2.ASPMX.L.GOOGLE.com.": {
"74.125.200.27": [
"sa-in-f27.1e100.net."
]
},
"ASPMX2.GOOGLEMAIL.com.": {
"142.250.150.27": [
"la-in-f27.1e100.net."
]
},
"ASPMX3.GOOGLEMAIL.com.": {
"74.125.200.26": [
"sa-in-f26.1e100.net."
]
}
},
"ipv6_reverse_match": {
"ALT1.ASPMX.L.GOOGLE.com.": {
"2a00:1450:4010:c1c::1a": [
"la-in-f26.1e100.net."
]
},
"ASPMX.L.GOOGLE.com.": {
"2a00:1450:4013:c04::1a": [
"ef-in-x1a.1e100.net.",
"ef-in-f26.1e100.net."
]
},
"ASPMX2.GOOGLEMAIL.com.": {
"2a00:1450:4010:c1c::1b": [
"la-in-f27.1e100.net."
]
},
"ALT2.ASPMX.L.GOOGLE.com.": {
"2404:6800:4003:c00::1a": [
"sa-in-f26.1e100.net.",
"sa-in-x1a.1e100.net."
]
},
"ASPMX3.GOOGLEMAIL.com.": {
"2404:6800:4003:c00::1b": [
"sa-in-f27.1e100.net.",
"sa-in-x1b.1e100.net."
]
}
},
"dmarc_record": "Error: Could not resolve domain '_dmarc.nmap.com'",
"mx_record": [
"5 ALT1.ASPMX.L.GOOGLE.com.",
"1 ASPMX.L.GOOGLE.com.",
"10 ASPMX2.GOOGLEMAIL.com.",
"5 ALT2.ASPMX.L.GOOGLE.com.",
"10 ASPMX3.GOOGLEMAIL.com."
],
"spf_record": {
"mx": [
{
"nmap.com": [
"5 ALT1.ASPMX.L.GOOGLE.com.",
"1 ASPMX.L.GOOGLE.com.",
"10 ASPMX2.GOOGLEMAIL.com.",
"5 ALT2.ASPMX.L.GOOGLE.com.",
"10 ASPMX3.GOOGLEMAIL.com."
]
}
],
"ip4": [
"45.33.49.119"
],
"a": [
{
"nmap.com": [
"45.33.49.119",
"2600:3c01:e000:3e6::6d4e:7061"
]
}
],
"ip6": [
"2600:3c01:e000:3e6::6d4e:7061"
],
"include": [
{
"sender.zohobooks.com": {
"include": [
{
"transmail.net": {
"ip4": [
"136.143.188.0/24",
"135.84.80.0/24",
"135.84.82.0/24",
"117.20.43.11/32",
"136.143.184.0/24"
]
}
}
]
}
},
{
"_spf.google.com": {
"include": [
{
"_netblocks.google.com": {
"ip4": [
"35.190.247.0/24",
"64.233.160.0/19",
"66.102.0.0/20",
"66.249.80.0/20",
"72.14.192.0/18",
"74.125.0.0/16",
"108.177.8.0/21",
"173.194.0.0/16",
"209.85.128.0/17",
"216.58.192.0/19",
"216.239.32.0/19"
]
}
},
{
"_netblocks2.google.com": {
"ip6": [
"2001:4860:4000::/36",
"2404:6800:4000::/36",
"2607:f8b0:4000::/36",
"2800:3f0:4000::/36",
"2a00:1450:4000::/36",
"2c0f:fb50:4000::/36"
]
}
},
{
"_netblocks3.google.com": {
"ip4": [
"172.217.0.0/19",
"172.217.32.0/20",
"172.217.128.0/19",
"172.217.160.0/20",
"172.217.192.0/19",
"172.253.56.0/21",
"172.253.112.0/20",
"108.177.96.0/19",
"35.191.0.0/16",
"130.211.0.0/22"
]
}
}
]
}
}
]
}
}Scanning a mailservere:
$ ./autoaudit smtp -t mail.anything.anywhere -p 25 -s test@test.com
{
"vrfy_available": false,
"expn_available": false,
"is_open_relay": false,
"optional_starttls": true
}- "From:" different from "MAIL FROM:" ✅
- VRFY available ✅
- EXPN available ✅
- Open relay ✅
- STARTLS optional (downgrade attack) ✅
- Malware
- EICAR test ✅
- Zipped EICAR test ✅
- PE file
- Excel with macro
- Word with macro
- Server fingerprinting
- List available commands
- Banner grabbing
- Check NTLM auth
- Username enumeration, with wordlist (VRFY, EXPN or RCPT TO)
- Message size
- Invalid domain in "MAIL FROM:" and "From:" header ✅
- Spoof mail to look like it came from the recipient itself ✅
- Invalid domain in EHLO, "MAIL FROM:" and "From:" header ✅
- Get relevant records
- SPF ✅
- DKIM
- DMARC ✅
- walk SPF records ✅
- check registration domain entries (possible takover)
- mail server reverse ip ✅
- get mailservers (MX) ✅
- get mailaddresses from ✅
- DNS SOA ✅
- DMARC ✅
- Get subdomains and check for MX records