Skip to content

MailSpoof v1.2.0

Latest
Latest

Choose a tag to compare

View all tags
@syed-sameer-ul-hassan syed-sameer-ul-hassan released this 11 Jun 19:08
· 2 commits to main since this release
v1.2.0
c389082

MailSpoof v1.2.0 - The Ultimate Phishing Simulation & Tracking Update

We are incredibly excited to announce the release of MailSpoof v1.2.0! This major update transforms MailSpoof from a powerful spoofing tool into a full-fledged, professional phishing simulation framework. We've added comprehensive tracking capabilities, mass deployment options, payload attachments, and significantly expanded our template library.

Major Highlights

Embedded HTTP Tracking Server

MailSpoof now runs a concurrent, multi-threaded HTTP Tracking Server on port 8080 right alongside the built-in SMTP server.

  • Open Tracking: Automatically injects invisible 1x1 tracking pixels into your HTML templates.
  • Click Tracking: Coming soon to track exactly who clicked which link.
  • Real-Time Logs: View tracking hits live in your console or recorded in ~/.mailspoof/tracking.log.

Bulk Target Delivery (CSV)

You no longer need to script out a loop to test an entire organization. You can now pass a CSV file of target emails directly to the tool:

mailspoof test 1 --target-list employees.csv --smtp-host smtp.gmail.com --profile corp

The tool will asynchronously queue and deliver the simulation to hundreds of targets with just one command.

Attachment Payloads

To properly test corporate email gateways, spam filters, and user awareness, you can now attach files directly to your simulations.

mailspoof test 47 victim@company.com --attach HR_Policy_Update.pdf --attach Salary.docx

Test how well your security appliances handle macro-enabled documents or executable attachments.

Instant Docker Deployment

Deploying MailSpoof on a cloud VPS is now completely frictionless. We have provided a pre-configured Dockerfile and docker-compose.yml.

  • Run docker-compose up -d to instantly launch the SMTP server, HTTP Tracking Server, and bind all volumes to persist your audit logs and custom templates.

Advanced Header Injection

Red teamers require absolute control over email headers. You can now inject specific headers to bypass filters or simulate complex spoofing scenarios:

  • --reply-to attacker@evil.com
  • --x-mailer "Microsoft Outlook 16.0"

17 Brand New Professional Templates

We have expanded the built-in template library from 45 to 62 fully branded, responsive HTML templates. The new templates focus heavily on logistics, document sharing, and IT infrastructure.

New Templates Include:

  • [46] IT Helpdesk - Password Expiry Alert (Credential Harvesting)
  • [47] HR - Policy Update (Attachment Testing)
  • [48] Microsoft 365 - Unusual Activity Alert
  • [49] DHL - Package Delivery Failed (Logistics)
  • [50] FedEx - Package On Hold (Logistics)
  • [51] Apple ID - Account Suspended
  • [52] Google - Critical Security Alert
  • [53] Amazon - Account Locked
  • [54] Corporate VPN - Certificate Expired (IT Infrastructure)
  • [55] DocuSign - Signature Request (Document Phishing)
  • [56] SharePoint - File Shared With You (Document Phishing)
  • [57] Zoom - Meeting Invitation
  • [58] Coinbase - Suspicious Withdrawal (Financial)
  • [59] Office 365 - Mailbox Quota Exceeded
  • [60] Wise - Wire Transfer Confirmation (Financial)
  • [61] GitHub - SSH Key Added Alert
  • [62] New Device Login Alert

Bug Fixes & Optimizations

  • Uninstall Crash Resolved: Fixed a critical SyntaxError in uninstall.py where the banner printing function was completely missing its body, causing the script to crash immediately upon execution.
  • Improved Logging: Errors during SMTP handshake are now parsed more cleanly and output directly to the CLI interface for faster troubleshooting.
  • Cross-Platform Installers: Refined install.sh and install_termux.sh to handle dependencies better across Debian, Arch, Fedora, and macOS.

Getting Started

If you are upgrading from an older version, simply download the latest .deb package or tar.gz archive attached to this release.

# Debian / Ubuntu Users:
sudo dpkg -i mailspoof-v1.2.0.deb
sudo apt-get install -f

For all other systems, extract the source zip/tarball and run the universal installer:

bash install.sh

Documentation & Support

Happy (and responsible) testing!

Assets 2
Loading