GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → DefensiveOrigins → AutoSPFRecon

DefensiveOrigins / AutoSPFRecon

Licence: GPL-3.0 License
Automatic Sender Policy Framework Reconnaissance

Programming Languages

shell
77523 projects
Automatic Sender Policy Framework Reconnaissance 
v1a
Proof of Concept: This shell script will read SysLog messages for Bind9 messages, looking for queries originating from SMTP servers processing SPF records.

Twitter: @Krelkci
Github: Relkci
WWW: https://www.blackhillsinfosec.com

See blog post for information.
	Blog on Auto SPF Recon: https://www.blackhillsinfosec.com/offensive-spf-how-to-automate-anti-phishing-reconnaissance-using-sender-policy-framework/
	Blog on SPFv1 for the masses: https://www.blackhillsinfosec.com/how-to-configure-spfv1-explained-for-the-masses/
	
Installation:
	cd /opt/
	git-clone https://github.com/Relkci/AutoSPFRecon.git

Pre-Reqs:
	apt-get install bind9
	apt-get install logtail
	apt-get install python-setuptools
	easy_install click
	easy_install shodan

Setup your SMTP Relay (I used SendGrid)
	nano /etc/ssmtp/ssmtp.conf

Setup your BIND9 Domain -named.conf
	nano /etc/bind/named.conf

zone "AutoSPF.YOURDOMAIN.TLD" {
        type master;
        notify no;
        file "/etc/bind/autospf.yourdomain.tld";
};

Setup your BIND9 Domain - zone file
	nano /etc/bind/autospf.yourdomain.tld
$TTL 3D
@       IN      SOA     autospf.ns.yourdomain.tld. [email protected] (
                        199802151       ; serial, todays date + todays serial #
                        21600              ; refresh, seconds
                        3600              ; retry, seconds
                        604800              ; expire, seconds
                        30 )            ; minimum, seconds
;
                NS      ns              ; Inet Address of name server
;
localhost       A       127.0.0.1
ns      A       IP-OF-AutoSPFRecon

Configure Bind to log DNS queries to /var/log/syslog:
	#below command toggles query logging, be sure it is enabled
	rdnc querylog
	#confirm it is turned on with 
	tail -n 2 /var/log/syslog


Setup your DNS records
	See the blog post: [TBA] 
	**CAUTION** Setting the SPF RECORD AS BELOW WILL TELL ALL MAIL SERVERS TO REJECT YOUR EMAIL
	See our blog post on SPF Records to create a proper SPF record for your organization.

On your TLD nameserver:
	Type: A 	Host: autospf.ns.yourdomain.tld Value: IP-OF-AutoSPFRecon
	Type: NS 	Host: autospf.yourdomain.tld 	Value: autospf.ns.yourdomain.tld
	Type: TXT	Host: @ 						Value: "v=spf1 -exists:%{i}.autospf.yourdomain.tld -all"

Files:
	AutoReconSFP.sh - Main Script

Setup Crontab: 
	This script can be configured to be triggered by crontab every x minutes.
	crontab -e
	Add the following:
	*/5 * * * * /opt/AutoReconSFP/AutoReconSPF.sh
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].