Bulk Domain-based Message Authentication, Reporting and Conformance scanner.
DMARC also known as Domain-based Message Authentication Reporting and Conformance is a free and open technical specification that is used to authenticate an email by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners large and small can fight business email compromise, phishing and spoofing.
During my last year bug hunting activity, missing DMARC on email domain is vulnerability that worth to be reported to program owners. According to Bugcrowd VRT, this finding has P4 Priority.
Server Security Misconfiguration > Mail Server Misconfiguration > Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Example of valid finding on Bogcrowd:
So, i create this tool to check is DMARC enabled or missing from domain.
Print Help
┌──(miku㉿nakano)-[~/dmarcscan]
└─$ bash dmarcscan.sh
█▀▄ █▀▄▀█ ▄▀█ █▀█ █▀▀ █▀ █▀▀ ▄▀█ █▄░█
█▄▀ █░▀░█ █▀█ █▀▄ █▄▄ ▄█ █▄▄ █▀█ █░▀█
Domain-based Message Authentication, Reporting and Conformance Scanner
Example: bash dmarc-multiprocess.sh -l domain.txt -t 30
options:
-l Files contain lists of domain.
-d Single domain check
-t Adjust multi process. Default is 15
-h Print this Help.
Bulk DMARC check from the lists.
bash dmarcscan.sh -l domains.txt -t 30
Single domain check
bash dmarcscan.sh -d linuxsec.org
Basicly, this tool will run dig command to check DMARC existence on target.
- If DMARC exist on target, you will get Found result.
- If DMARC exist but using p=none, you will get p=none Found result.
- And if there is no DMARC record on target, you will get Not Found result.
This is good write up about exploiting this kind of vulnerability and reporting to program owners.
Feel free to contribute if you want to improve this tools.