Spoofcheck – Domain Spoofer Checker in kali linux

Spoofcheck is a python based tool that is used to check whether the domain can be spoofed or not. This is the best tool for web developers who are creating websites and web applications and want to host on web servers. The script checks SPF and DMARC history of weak configurations and settings of the domain from the domain company. The tool also gives you an alert if the domain address has DMARC configuration that sends HTTP requests and HTTPS request on failed SPF/DKIM emails. This tool is based on the technique that the domains are spoofable if any of these two conditions become true Lack of SPF or DMARC record. The first condition states that check if SPF record never specifies ~all or -all on the domain address. The second condition states that check whether DMARC policy of the domain is set to p =none or p= nonexistent. The tool has the following dependencies dnspython, colorama, email protection lib, tldextract.

Installation of spoofcheck

Step 1: Open your kali linux operating system and open the terminal of the operating system. Use the following command to install the tool.

git clone https://github.com/BishopFox/spoofcheck.git
cd spoofcheck

Step 2: The tool has been downloaded successfully in your kali Linux operating system. Now you have to install the requirements of the tool using the following command.

pip install -r requirements.txt

All the requirements had been downloaded and installed in your kali Linux operating system. Now we will see examples to use the tool.

Usage

Example: Use the spoofcheck tool to determine whether the domain can be spoofed or not.

./spoofcheck.py <domain>

You can see that we have entered the domain as google.com and after performing scanning the tool is reflecting that spoofing is not possible for google.com. This is how you can check on your own domain address or target. This tool is very helpful for web developers who are seeking domain addresses for their websites.