Home
Softono
mxcheck

mxcheck

Open source Go
Website GitHub
136
Stars
13
Forks
0
Issues
3
Watchers
2 months
Last Commit
Vulnerability Scanning

About mxcheck

mxcheck is an info and security scanner for e-mail servers.

Platforms

Web Self-hosted Linux

Languages

Go

Links

Website Source Code
s
Published by
steffenfritz
Visit View Profile

README.md

View on GitHub

mxcheck logo

mxcheck is an info scanner for e-mail servers.

It checks

  • DNS records: A, MX, PTR, SPF, MTA-STS, DKIM, DMARC (fully parsed), TLSRPT, BIMI
  • DANE/TLSA records per MX host (RFC 6698, RFC 7672): usage, selector, matching type, certificate data
  • AS Number and AS Country
  • the support of StartTLS and the certificate
  • TLS certificate details on port 465: expiry date, Subject CN, Issuer CN, SANs
  • open ports: 25, 465, 587
  • if the service is listed by blacklists
  • if it leaks information by server string and VRFY command
  • if the e-mail server is vulnerable to SMTPSmuggling
  • and if the server is an open relay

You can set mailFrom, mailTo, the DNS server, DKIM selector and output a report in tsv format.

-b, --blacklist          Check if the service is on blacklists
-d, --dnsserver string   The dns server to be requested (default "8.8.8.8")
-g, --smuggle            Scan for SMTPSmuggling vulnerability
-p, --disable-port-scan  Disable SMTP port scan
-f, --mailfrom string    Set the mailFrom address (default "[email protected]")
-t, --mailto string      Set the mailTo address (default "[email protected]")
-n, --no-prompt          Answer yes to all questions
-s, --service string     The service host to check (mandatory flag)
-S, --dkim-selector      The DKIM selector. If set a dkim check is performed on the provided service domain
-V, --verbose            Show timestamps in output
-v, --version            Version and license
-u, --updatecheck        Check if a new version of mxcheck is available
-w, --write-tsv          Write tsv formated report to file

Version

v2.0.0

Go Report Card Go Reference License: GPL v3 Build status Reviewed by Hound OpenSSF Scorecard OpenSSF Best Practices

Kali

Installation

go install github.com/steffenfritz/[email protected]

or

download a pre-compiled binary.

or

use Kali Linux repositories

Usage Example

./mxcheck -s 2600.com
./mxcheck -s 2600.com -v
./mxcheck -s 2600.com -d 8.8.8.8
./mxcheck -s 2600.com -n -f [email protected] -t [email protected] -w -S default
./mxcheck -s 2600.com -n -f [email protected] -t [email protected] -w -S default -b -g

asciicast

Check for authentication

There is no check whether the server needs authentication. However, you can do two runs:

The first one uses a from and to address outside the mail server's scope, e.g.:

./mxcheck -s example.com -f [email protected] -t [email protected]

The second one uses a from and a to address from the mail server's scope, e.g.:

./mxcheck -s example.com -f [email protected] -t [email protected]

If the first one returns Server is not an open relay and the second one returns Server is probably an open relay the server is not an open relay, but you can send mails from local to local addresses without authentication.

Documentation and contact

mxcheck has a man page :)

Furthermore, you can find a documentation and contact information here: https://mxcheck.fritz.wtf

The logo was created by Alex/Lignum5. Thanks, mate :)