- Install SimplyEmail in one line:
root@kali:~# curl -s https://raw.githubusercontent.com/killswitch-GUI/SimplyEmail/ master/setup/oneline-setup.sh | bash root@kali:~# cd SimplyEmail (SE) root@kali:~/SimplyEmail# ./SimplyEmail.py
or
root@kali:~# docker pull simplysecurity/simplyemail root@kali:~# docker run -ti simplysecurity/simplyemail
DONT trust a one-line command, no issue:
git clone --branch dev https://github.com/killswitch-GUI/SimplyEmail.git cd SimplyEmail ./setup/setup.sh cd .. cd SimplyEmail (SE) root@kali:~/SimplyEmail# ./SimplyEmail.py
Get Started on Mac OSX
Install brew: https://coolestguidesontheplanet.com/installing-homebrew-on-os-x-el-capitan-10-11- package-manager-for-unix-apps/ $ sudo easy_install pip $ sudo brew install libmagic $ pip install python-magic $ brew install autoenv $ echo "source $(brew --prefix autoenv)/activate.sh" >> ~/.bash_profile $ git clone --branch master https://github.com/killswitch-GUI/SimplyEmail.git $ ./setup/setup.sh
Standard Help
============================================================ Current Version: v1.4.2 | Website: CyberSyndicates.com ============================================================ Twitter: @real_slacker007 | Twitter: @Killswitch_gui ============================================================ ------------------------------------------------------------ ______ ________ __ __ / / | / / | /$$$$$$ $$$$$$$$/ _____ ____ ______ $$/$$ | $$ __$$/$$ |__ / / / / $$ | $$ $$ | $$$$$$ $$$$ |$$$$$$ $$ $$ | $$$$$$ $$$$$/ $$ | $$ | $$ |/ $$ $$ $$ | / __$$ $$ |_____$$ | $$ | $$ /$$$$$$$ $$ $$ | $$ $$/$$ $$ | $$ | $$ $$ $$ $$ $$ | $$$$$$/ $$$$$$$$/$$/ $$/ $$/ $$$$$$$/$$/$$/ ------------------------------------------------------------ usage: SimplyEmail.py [-all] [-e company.com] [-l] [-t html / flickr / google] [-s] [-n] [-verify] [-v] [--json json-emails.txt] Email enumeration is a important phase of so many operation that a pen-tester or Red Teamer goes through. There are tons of applications that do this but I wanted a simple yet effective way to get what Recon-Ng gets and theHarvester gets. (You may want to run -h) optional arguments: -all Use all non API methods to obtain Emails -e company.com Set required email addr user, ex ale@email.com -l List the current Modules Loaded -t html / flickr / google Test individual module (For Linting) -s Set this to enable 'No-Scope' of the email parsing -n Set this to enable Name Generation -verify Set this to enable SMTP server email verify -v Set this switch for verbose output of modules --json json-emails.txt Set this switch for json output to specfic file
Run SimplyEmail
Let’s say your target is cybersyndicates.com
./SimplyEmail.py -all -e cybersyndicates.com or in verbose ./SimplyEmail.py -all -v -e cybersyndicates.com or in verbose and no "Scope" ./SimplyEmail.py -all -v -e cybersyndicates.com -s or with email verification ./SimplyEmail.py -all -v -verify -e cybersyndicates.com or with email verification & Name Creation ./SimplyEmail.py -all -v -verify -n -e cybersyndicates.com or json automation ./SimplyEmail.py -all -e cybersyndicates.com --json cs-json.txt
This will run ALL modules that have API Key placed in the SimpleEmail.ini file and will run all non-API based modules.
List Modules SimpleEmail
Current modules:
- Modules/AskSearch.py
- Modules/CanarioAPI.py **(Deprecated)**
- Modules/CanaryBinSearch.py **(Deprecated)**
- Modules/EmailHunter.py
- Modules/ExaleadDOCSearch.py
- Modules/ExaleadDOCXSearch.py
- Modules/ExaleadPDFSearch.py
- Modules/ExaleadPPTXSearch.py
- Modules/ExaleadSearch.py
- Modules/ExaleadXLSXSearch.py
- Modules/FlickrSearch.py
- Modules/GitHubCodeSearch.py
- Modules/GitHubGistSearch.py
- Modules/GitHubUserSearch.py
- Modules/GoogleCsvSearch.py
- Modules/GoogleDocSearch.py
- Modules/GoogleDocxSearch.py
- Modules/GooglePDFSearch.py
- Modules/GooglePPTXSearch.py
- Modules/GoogleSearch.py
- Modules/GoogleXLSXSearch.py
- Modules/HtmlScrape.py
- Modules/PasteBinSearch.py
- Modules/RedditPostSearch.py
- Modules/SearchPGP.py
- Modules/WhoisAPISearch.py
- Modules/Whoisolgy.py
- Modules/YahooSearch.py
API based searches can be painful and hard to configure. The main aspect of SimplyEmail is to easily integrate these aspects, while not compromising the ease of using this tool. Using the configuration file, you can simply add your corresponding API key and get up and running. Modules are automatically identified as API based searches, checks if the corresponding keys are present and if the keys are present it will run the module.
Canar.io API Search
Canario is a service that allows you to search for potentially leaked data that has been exposed on the Internet. Passwords, e-mail addresses, hostnames, and other data have been indexed to allow for easy searching.
Simply Register for a key here: [canar.io] (https://canar.io/register/) or https://canar.io/register/ Place the key in the SimplyEmail.ini at [APIKeys] section, the module will now initiate when the –all flag is user of the -t.
Name Generation
Sometimes SimplyEmail will only find the standard email addresses or just a few emails. In this case email creation may be your saving grace. Using name generation can allow you not only scrape names from diffrent sites but allow you to auto detect the format to some accuracy.
LinkedIn Name Generation
Using Bing and work from PhishBait I was able to implement LinkedIn name lookups from the company name.
Connect6.com Name Generation
Connect6 is also a great source for names, and also a bit flaky to find the source.
============================================================ Current Version: v1.1 | Website: CyberSyndicates.com ============================================================ Twitter: @real_slacker007 | Twitter: @Killswitch_gui ============================================================ [*] Now Starting Connect6 Scrape: [*] SimplyEmail has attempted to find correct URL for Connect6: URL detected: www.connect6.com/Vfffffff,%20LLC/c [>] Is this URL correct?: n Potential URL: www.connect6.com/Vffffffff,%20LLC/c Potential URL: www.connect6.com/fffffff/p/181016043240247014147078237069133079124 017210127108009097255039209172025193089206212192166241042174198072085028234035215 132077249038065254013074 Potential URL: www.connect6.com/Cfffff/p/0340970470810900851111472101850301720090 780491690220982122362110952201950011770300451871991312262102232452050840791411932 47011181189036140240023 Potential URL: www.connect6.com/Jfffffff/p/10209213603504803613602421822707822624 2230121102078233031208236153124239181008089103120004217018 Potential URL: www.connect6.com/Adam-Salerno/p/0212520742130801421441441731511860 840541920891240121682331220540570470430850860500132170262420852130022240840360302 44077024184140161144046156080 [!] GoogleDork This: site:connect6.com "Vfffff.com" [-] Commands Supported: (B) ack - (R) etry [>] Please Provid a URL: b
Verifying Emails via target SMTP server:
More often than not you will have at least a few invalid emails gathered from recon. SimplyEmail now supports the ability to verify and check if the email is valid.
- Looks up MX records
- Sorts based on priority
- Checks if SMTP server will respond other than 250
- If the server is suitable, checks for 250 codes
- Outputs a (.txt) file with verified emails.
============================================================ Curent Version: v1.0 | Website: CyberSyndicates.com ============================================================ Twitter: @real_slacker007 | Twitter: @Killswitch_gui ============================================================ [*] Email reconnaissance has been completed: Email verification will allow you to use common methods to attempt to enumerate if the email is valid. This grabs the MX records, sorts and attempts to check if the SMTP server sends a code other than 250 for known bad addresses [>] Would you like to verify email(s)?: y [*] Attempting to resolve MX records! [*] MX Host: gmail-smtp-in.l.google.com. [*] Checking for valid email: alwathiqlegaltranslation@gmail.com [!] Email seems valid: alwathiqlegaltranslation@gmail.com
Understanding Reporting Options:
One of the most frustrating aspects of Pen-testing is the tools’ ability to report the findings and make those easily readable. This may be for the data provided to a customer or just the ability to report on source of the data.
Let’s cover the two different reports generated.
With this option results are generated and appended to a running text file called Email_List.txt. this makes it easy to find past searches or export to tool of choice.
Example:
---------------------------------- Email Recon: 11/11/2015 05:13:32 ---------------------------------- bo@mandiant.com in@mandiant.com sc@mandiant.com je@mandiant.com su@mandiant.com ---------------------------------- Email Recon: 11/11/2015 05:15:42 ---------------------------------- bo@mandiant.com in@mandiant.com sc@mandiant.com je@mandiant.com su@mandiant.com
Using the –json test.txt flag will alow you to output standard JSON text file for automation needs. This can be currently used with the email scraping portion only, maybe name generation and email verification to come. These helpers will be soon in the SQL DB and API for more streamline automation.
Example Output:
{ "current_version": "v1.4.1", "data_of_collection": "26/06/2016", "domain_of_collection": "---SNIP---", "email_collection_count": 220, "emails": [ { "collection_data": "26/06/2016", "collection_time": "18:47:42", "email": "---SNIP---", "module_name": "Searching PGP" }, ---SNIP--- { "collection_data": "26/06/2016", "collection_time": "18:51:46", "email": "---SNIP---", "module_name": "Exalead PDF Search for Emails" } ], "time_of_collection": "18:53:04", "tool_of_collection": "SimplyEmail" }