Home Security Tools SimplyEmail – Email Recon Made Fast and Easy, With a Framework To Build On

SimplyEmail – Email Recon Made Fast and Easy, With a Framework To Build On

by ethhack
  • Install SimplyEmail in one line:
root@kali:~# curl -s https://raw.githubusercontent.com/killswitch-GUI/SimplyEmail/
master/setup/oneline-setup.sh | bash
root@kali:~# cd SimplyEmail
(SE) root@kali:~/SimplyEmail# ./SimplyEmail.py

or

root@kali:~# docker pull simplysecurity/simplyemail
root@kali:~# docker run -ti simplysecurity/simplyemail

DONT trust a one-line command, no issue:

git clone --branch dev https://github.com/killswitch-GUI/SimplyEmail.git
cd SimplyEmail
./setup/setup.sh
cd ..
cd SimplyEmail
(SE) root@kali:~/SimplyEmail# ./SimplyEmail.py
NOTE: SimplyEmail uses autoenv to activate the Python Virtualenv.. It may prompt you the first time during a CD into the SimplyEmail dir.

Get Started on Mac OSX

Install brew:
https://coolestguidesontheplanet.com/installing-homebrew-on-os-x-el-capitan-10-11-
package-manager-for-unix-apps/

$ sudo easy_install pip
$ sudo brew install libmagic
$ pip install python-magic
$ brew install autoenv
$ echo "source $(brew --prefix autoenv)/activate.sh" >> ~/.bash_profile
$ git clone --branch master https://github.com/killswitch-GUI/SimplyEmail.git
$ ./setup/setup.sh

Standard Help

 ============================================================
 Current Version: v1.4.2 | Website: CyberSyndicates.com
 ============================================================
 Twitter: @real_slacker007 |  Twitter: @Killswitch_gui
 ============================================================
------------------------------------------------------------
   ______  ________                       __ __
 /      /        |                     /  /  |
/$$$$$$  $$$$$$$$/ _____  ____   ______ $$/$$ |
$$ __$$/$$ |__   /     /     /      /  $$ |
$$      $$    |  $$$$$$ $$$$  |$$$$$$  $$ $$ |
 $$$$$$  $$$$$/   $$ | $$ | $$ |/    $$ $$ $$ |
/  __$$ $$ |_____$$ | $$ | $$ /$$$$$$$ $$ $$ |
$$    $$/$$       $$ | $$ | $$ $$    $$ $$ $$ |
 $$$$$$/ $$$$$$$$/$$/  $$/  $$/ $$$$$$$/$$/$$/

------------------------------------------------------------
usage: SimplyEmail.py [-all] [-e company.com] [-l] [-t html / flickr / google]
                      [-s] [-n] [-verify] [-v] [--json json-emails.txt]

Email enumeration is a important phase of so many operation that a pen-tester
or Red Teamer goes through. There are tons of applications that do this but I
wanted a simple yet effective way to get what Recon-Ng gets and theHarvester
gets. (You may want to run -h)

optional arguments:
  -all                  Use all non API methods to obtain Emails
  -e company.com        Set required email addr user, ex ale@email.com
  -l                    List the current Modules Loaded
  -t html / flickr / google
                        Test individual module (For Linting)
  -s                    Set this to enable 'No-Scope' of the email parsing
  -n                    Set this to enable Name Generation
  -verify               Set this to enable SMTP server email verify
  -v                    Set this switch for verbose output of modules
  --json json-emails.txt
                        Set this switch for json output to specfic file

Run SimplyEmail

Let’s say your target is cybersyndicates.com

./SimplyEmail.py -all -e cybersyndicates.com

or in verbose
./SimplyEmail.py -all -v -e cybersyndicates.com

or in verbose and no "Scope"
./SimplyEmail.py -all -v -e cybersyndicates.com -s

or with email verification
./SimplyEmail.py -all -v -verify -e cybersyndicates.com 

or with email verification & Name Creation
./SimplyEmail.py -all -v -verify -n -e cybersyndicates.com 

or json automation
./SimplyEmail.py -all -e cybersyndicates.com --json cs-json.txt

This will run ALL modules that have API Key placed in the SimpleEmail.ini file and will run all non-API based modules.

List Modules SimpleEmail

Current modules:

  • Modules/AskSearch.py    
  • Modules/CanarioAPI.py **(Deprecated)**   
  • Modules/CanaryBinSearch.py **(Deprecated)**
  • Modules/EmailHunter.py  
  • Modules/ExaleadDOCSearch.py
  • Modules/ExaleadDOCXSearch.py
  • Modules/ExaleadPDFSearch.py
  • Modules/ExaleadPPTXSearch.py
  • Modules/ExaleadSearch.py
  • Modules/ExaleadXLSXSearch.py
  • Modules/FlickrSearch.py 
  • Modules/GitHubCodeSearch.py
  • Modules/GitHubGistSearch.py
  • Modules/GitHubUserSearch.py
  • Modules/GoogleCsvSearch.py
  • Modules/GoogleDocSearch.py
  • Modules/GoogleDocxSearch.py
  • Modules/GooglePDFSearch.py
  • Modules/GooglePPTXSearch.py
  • Modules/GoogleSearch.py 
  • Modules/GoogleXLSXSearch.py
  • Modules/HtmlScrape.py   
  • Modules/PasteBinSearch.py
  • Modules/RedditPostSearch.py
  • Modules/SearchPGP.py    
  • Modules/WhoisAPISearch.py
  • Modules/Whoisolgy.py    
  • Modules/YahooSearch.py

API based searches can be painful and hard to configure. The main aspect of SimplyEmail is to easily integrate these aspects, while not compromising the ease of using this tool. Using the configuration file, you can simply add your corresponding API key and get up and running. Modules are automatically identified as API based searches, checks if the corresponding keys are present and if the keys are present it will run the module.

Canar.io API Search

Canario is a service that allows you to search for potentially leaked data that has been exposed on the Internet. Passwords, e-mail addresses, hostnames, and other data have been indexed to allow for easy searching.

Simply Register for a key here: [canar.io] (https://canar.io/register/) or https://canar.io/register/ Place the key in the SimplyEmail.ini at [APIKeys] section, the module will now initiate when the –all flag is user of the -t.

Name Generation

Sometimes SimplyEmail will only find the standard email addresses or just a few emails. In this case email creation may be your saving grace. Using name generation can allow you not only scrape names from diffrent sites but allow you to auto detect the format to some accuracy.

LinkedIn Name Generation

Using Bing and work from PhishBait I was able to implement LinkedIn name lookups from the company name.

Connect6.com Name Generation

Connect6 is also a great source for names, and also a bit flaky to find the source.

============================================================
 Current Version: v1.1 | Website: CyberSyndicates.com
 ============================================================
 Twitter: @real_slacker007 |  Twitter: @Killswitch_gui
 ============================================================
 [*] Now Starting Connect6 Scrape:
 [*] SimplyEmail has attempted to find correct URL for Connect6:
     URL detected: www.connect6.com/Vfffffff,%20LLC/c 
 [>] Is this URL correct?: n
    Potential URL: www.connect6.com/Vffffffff,%20LLC/c 
    Potential URL: www.connect6.com/fffffff/p/181016043240247014147078237069133079124
    017210127108009097255039209172025193089206212192166241042174198072085028234035215
    132077249038065254013074 
    Potential URL: www.connect6.com/Cfffff/p/0340970470810900851111472101850301720090
    780491690220982122362110952201950011770300451871991312262102232452050840791411932
    47011181189036140240023 
    Potential URL: www.connect6.com/Jfffffff/p/10209213603504803613602421822707822624
    2230121102078233031208236153124239181008089103120004217018 
    Potential URL: www.connect6.com/Adam-Salerno/p/0212520742130801421441441731511860
    840541920891240121682331220540570470430850860500132170262420852130022240840360302
    44077024184140161144046156080 
 [!] GoogleDork This: site:connect6.com "Vfffff.com"
 [-] Commands Supported: (B) ack - (R) etry
 [>] Please Provid a URL: b

Verifying Emails via target SMTP server:

More often than not you will have at least a few invalid emails gathered from recon. SimplyEmail now supports the ability to verify and check if the email is valid.

  • Looks up MX records
  • Sorts based on priority
  • Checks if SMTP server will respond other than 250
  • If the server is suitable, checks for 250 codes
  • Outputs a (.txt) file with verified emails.
============================================================
 Curent Version: v1.0 | Website: CyberSyndicates.com
 ============================================================
 Twitter: @real_slacker007 |  Twitter: @Killswitch_gui
 ============================================================
 [*] Email reconnaissance has been completed:

    Email verification will allow you to use common methods
    to attempt to enumerate if the email is valid.
    This grabs the MX records, sorts and attempts to check
    if the SMTP server sends a code other than 250 for known bad addresses

 [>] Would you like to verify email(s)?: y
 [*] Attempting to resolve MX records!
 [*] MX Host: gmail-smtp-in.l.google.com.
 [*] Checking for valid email: alwathiqlegaltranslation@gmail.com
 [!] Email seems valid: alwathiqlegaltranslation@gmail.com

Understanding Reporting Options:

One of the most frustrating aspects of Pen-testing is the tools’ ability to report the findings and make those easily readable. This may be for the data provided to a customer or just the ability to report on source of the data.

Let’s cover the two different reports generated.

With this option results are generated and appended to a running text file called Email_List.txt. this makes it easy to find past searches or export to tool of choice. 


Example:
----------------------------------
  Email Recon: 11/11/2015 05:13:32
----------------------------------
bo@mandiant.com
in@mandiant.com
sc@mandiant.com
je@mandiant.com
su@mandiant.com
----------------------------------
  Email Recon: 11/11/2015 05:15:42
----------------------------------
bo@mandiant.com
in@mandiant.com
sc@mandiant.com
je@mandiant.com
su@mandiant.com

Using the –json test.txt flag will alow you to output standard JSON text file for automation needs. This can be currently used with the email scraping portion only, maybe name generation and email verification to come. These helpers will be soon in the SQL DB and API for more streamline automation. 

Example Output:

{
    "current_version": "v1.4.1", 
    "data_of_collection": "26/06/2016", 
    "domain_of_collection": "---SNIP---", 
    "email_collection_count": 220, 
    "emails": [
        {
            "collection_data": "26/06/2016", 
            "collection_time": "18:47:42", 
            "email": "---SNIP---", 
            "module_name": "Searching PGP"
        }, 
       ---SNIP---
        {
            "collection_data": "26/06/2016", 
            "collection_time": "18:51:46", 
            "email": "---SNIP---", 
            "module_name": "Exalead PDF Search for Emails"
        }
    ], 
    "time_of_collection": "18:53:04", 
    "tool_of_collection": "SimplyEmail"
}



Source link

Related Articles

Leave a Comment