update Tool to version 2.0

.gitignore

@@ -4,6 +4,4 @@ __pycache__/*
 .DS_Store
 *.pyc
 *.log
-/log/smtp.log
-/log/mta.log
-config/account.json
+.bak

README.md

@@ -51,38 +51,7 @@ git clone https://github.com/EmailTestTools/EmailTestTools.git
 sudo pip install -r requirements.txt
 ```
 
-## Configure
-
-- Set the recipient address in `config.py`
-
-  ```python
-  # Change receiveUser to what you like to test.
-  receiveUser = "[email protected]"
-  ```
-
-- Configure your email  account in `config/account.json`.
-
-```json
-{
-  "gmail.com": {
-    "user": "[email protected]",
-    "apipass": "apipass",
-    "passwd": "passwd",
-    "smtp_server": "mail.test.com:25",
-    "imap_server": "imap.test.com:143",
-    "pop3_server": "pop.test.com:110",
-    "ssl_smtp_server": "mail.test.com:465",
-    "ssl_imap_server": "imap.test.com:993",
-    "ssl_pop3_server": "pop.test.com:995"}
-}
-```
-
-You can configure more than one account, and designate sending account in `config.py `.
-
-```python
-# The domain name to be tested
-target_domain = "gmail.com"
-```
+> Set the default configuration in the `config.yaml` file.
 
 ## Fuzzing 
 
@@ -94,18 +63,18 @@ target_domain = "gmail.com"
 | Short Form | Long Form | Description                                                  |
 | ---------- | --------- | ------------------------------------------------------------ |
 | -r         | --rfc     | The RFC number of the ABNF rule to be extracted.             |
-| -t         | --target  | The field to be fuzzed in ABNF rules.                        |
+| -f         | --field   | The field to be fuzzed in ABNF rules.                        |
 | -c         | --count   | The amount of ambiguity data that needs to be generated according to ABNF rules. |
 
 **Example:**
 
 ```bash
-python3 pre_fuzz.py -r 5322 -t from -c 255
+python3 pre_fuzz.py -r 5322 -f from -c 255
 ```
 
 **Screenshots:**
 
-<div align=center><img src="./img/screenshots.png" width = "800" height = "500" alt="screenshots" align=center /></div>
+<div align=center><img src="./img/screenshots2.png" width = "800"  alt="screenshots" align=center /></div>
 
 **Generated Test Sample:**
 
@@ -131,30 +100,35 @@ For more test samples, please check this [file](https://github.com/EmailTestTool
 
 #### 2. Send spoofing emails with malformed sender address
 
-[run_test.py](./run_test.py) will use the generated samples to test the security verification logic of the target mail system. We also carefully control the message sending rate with intervals over 10 minutes to minimize the impact's target email services.
+[run_fuzz_test.py](./run_fuzz_test.py) will use the generated samples to test the security verification logic of the target mail system. We also carefully control the message sending rate with intervals over 10 minutes to minimize the impact's target email services.
 
-You can choose **Shared MTA** or **Direct MTA** to send spoofing emails. At the same time, you can also choose **MIME From** or **MAIL From**  header to test.
+**Usage:**
 
-| Short Form | Long Form | Description                                       |
-| ---------- | --------- | ------------------------------------------------- |
-| -m         | --mode    | Attack mode ( SMTP: Shared MTA, MTA: Direct MTA). |
-| -t         | --target  | The target field to test. (MIME / MAIL )          |
+| Short Form | Long Form | Description                                                  |
+| ---------- | --------- | ------------------------------------------------------------ |
+| -m         | --mode    | The attack mode with spoofing emails (s: Shared MTA, d: Direct MTA) |
+| -t         | --target  | Select target under attack mode.                             |
+| -a         | --attack  | Select a specific attack method to send spoofing email.      |
+
+**Example:**
 
 For example, if you want to use Direct MTA to fuzz MIME From header, you can execute:
 
 ```bash
-python3 run_test.py -m MTA -t MIME
+python3 run_test.py -m d -t gmail -a A2.1
 ```
 
-By the way, if you want to use Shared MTA , you need to configure  email sending account in `config/account.json` and `config.py`.
+By the way, if you want to use Shared MTA , you need to configure  email sending account in `config/config.yaml`.
 
 #### 3. Analyze and summarize the employed adversarial techniques
 
-We analyze and summarize the employed adversarial techniques that make email sender spoofing successful in practice.  We use two scripts to verify vulnerabilities in the real world.
+We analyze and summarize the employed adversarial techniques that make email sender spoofing successful in practice.  We use [spoofing.py](./spoofing.py)  to verify vulnerabilities in the real world.
+
+**Usage:**
+
+<div align=center><img src="./img/usage.png" width = "800"  alt="screenshots" align=center /></div>
 
-[smtp_send.py](./smtp_send.py) simulates as user's MUA to Sender's MTA via SMTP protocol (**Shared MTA**). It is to test the security issues of the Sender's MTA and test whether the receiver can accept the abnormal emails.
 
-[mta_send.py](./mta_send.py) simulate as Sender's MTA to communicate with Receiver's MTA (**Direct MTA**). This tool can be simulated as any email sender and can test receiver's security.
 
 ## Evaluation 
 
@@ -174,20 +148,6 @@ We provide an evaluation  tool to help email administrators to evaluate and stre
 
 The body of these forged emails contains detailed information about each header in email and corresponding defense measures, such as rejecting the letter, providing security warnings on the front end, etc. If a forged email enters the inbox of the target mail system, the administrator can easily understand the attack principle and take effective measures to defend it.
 
-It should be noted that when using Direct MTA to test, some email headers need to be manually specified in some email spoofing attacks. So you may need to configure these headers' default values in `config.py`. 
-
-```python
-# Some default values in Direct MTA Attack when the attack does not specify these parameter values
-mail_from = '[email protected]'
-mime_from = '[email protected]'
-reply_to = mime_from
-sender = "[email protected]"
-to_email = '[email protected]'
-subject = 'This is subject'
-content = """This is content"""
-helo = 'test.com'
-```
-
 The following is an example of using this tool to evaluate the security of the target email system.
 
 You can see that some spoofing emails have entered the inbox of the target email system. This means that the target system may be  vulnerable to the corresponding attacks
@@ -202,4 +162,4 @@ You can get more information by reading the content of the email, including deta
 
 ## Version
 
-Current version is 1.2
+Current version is 2.0

config.py

@@ -1,43 +1,16 @@
 #!/usr/bin/env python
-
-import os, json
-from util.util import init_log, banner
+import os,json
+from core.util import init_log
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 LOG_FILE = BASE_DIR + '/log/run.log'
 FUZZ_PATH = BASE_DIR + '/config/fuzz.json'
 RULE_PATH = BASE_DIR + '/config/rule.json'
-ACCOUNT_PATH = BASE_DIR + '/config/account.json'
-
-logger = init_log(LOG_FILE)
+CONFIG_PATH = BASE_DIR + '/config/config.yaml'
 
 with open(RULE_PATH, 'r') as f:
     CONFIG_RULES = json.load(f)
 
-with open(ACCOUNT_PATH, 'r') as f:
-    ACCOUNTS = json.load(f)
-
-# The domain name to be tested
-target_domain = "gmail.com"
+DEFAULT_EMAIL = '[email protected]'
 
-account = ACCOUNTS[target_domain]
-user = account['user']
-passwd = account['apipass']
-smtp_server = account['smtp_server']
-
-# Change receiveUser to what you like to test.
-receiveUser = "[email protected]"
-
-# Some default values in Direct MTA Attack
-mail_from = '[email protected]'
-mime_from = '[email protected]'
-reply_to = mime_from
-sender = "[email protected]"
-to_email = receiveUser
-subject = 'This is subject'
-content = """This is content"""
-helo = 'test.com'
-filename = None
-image = None
-
-#
+logger = init_log(LOG_FILE)

config/config.yaml

@@ -0,0 +1,175 @@
+share_mode:
+  default:
+    username: [email protected] # username via SMTP login
+    password: xxxxxx # password via SMTP login
+    host: mails.tsinghua.edu.cn # SMTP server
+    port: 25 # Optional, default 25
+    use_tls: False # Optional, default False
+    use_ssl: False # Optional, default False
+    debug_level: False # Optional, default False
+
+  gmail.com:
+    username: [email protected]
+    password: xxxx
+    host: smtp.gmail.com
+    port: 25
+
+
+direct_mode:
+  default:
+    host: 163.com # Target email service domain, e.g. [email protected] ==> 163.com
+    port: 25 # Optional, default 25
+    use_tls: False # Optional, default False
+    use_ssl: False # Optional, default False
+    debug_level: False # Optional, default False
+
+
+attack:
+  default:
+    subject: "Normal Email Test!"
+    body: "If you can see this email, it means that the email can be delivered normally. :)"
+    html:
+    attachments:
+    date:
+    mail_from:
+    mime_from:
+    to:
+    cc:
+    bcc:
+    reply_to:
+    mail_to:
+    extra_headers:
+    helo:
+    autoencode: False
+
+ # A1 attack
+  A1:
+    mail_from: "[email protected]"
+    subject: "[Warning] Maybe you are vulnerable to the A1 attack!"
+    body: "A1: The Inconsistency between Auth username and Mail From headers."
+    description: "A1: The Inconsistency between Auth username and Mail From headers."
+    defense: "Prohibit sending such emails!"
+
+  # A2 attack
+  A2.1:
+    mime_from: "[email protected]"
+    subject: "[Warning] Maybe you are vulnerable to the A2 attack!"
+    body: "A2.1: The Inconsistency between Mail From and From headers, with different username."
+    description: "A2.1: The Inconsistency between Mail From and From headers, with different username."
+    defense: "You should Add a reminder to remind users that the sender is inconsistent with MAIL FROM on UI."
+
+
+  # A2 attack
+  A2.2:
+    mime_from: "[email protected]"
+    subject: "[Warning] Maybe you are vulnerable to the A2 attack!"
+    body: "A2.2: The Inconsistency between Mail From and From headers, with different domain."
+    description: "A2.2: The Inconsistency between Mail From and From headers, with different username."
+    defense: "You should Add a reminder to remind users that the sender is inconsistent with MAIL FROM on UI."
+
+
+  # A3 attack
+  A3:
+    helo: "mail.spoofing.com"
+    mail_from: ""
+    subject: "[Warning] Maybe you are vulnerable to the A3 attack!"
+    body: "A3: Empty Mail From Attack."
+    description: "A3: Empty Mail From Attack."
+    defense: "You should Add a reminder to remind users that the sender is inconsistent with MAIL FROM on UI."
+
+
+  # A4 attack
+  A4:
+    mime_from: "[email protected]"
+    extra_headers: {"From": "[email protected]"}
+    subject: "[Warning] Maybe you are vulnerable to the A4 attack!"
+    body: "A4: Multiple From Headers."
+    description: "A4: Multiple From Headers."
+    defense: "You should reject such emails which contain multiple from headers."
+
+  # A5 attack
+  A5:
+    mime_from: "<[email protected]>, <[email protected]>"
+    extra_headers: {"Sender": "[email protected]"}
+    subject: "[Warning] Maybe you are vulnerable to the A5 attack!"
+    body: "A5: Multiple From Headers."
+    description: "A5: Multiple From Headers."
+    defense: "You should display all sender addresses and remind users that it may be forged emails on UI."
+
+  # A6 attack
+  A6:
+    mime_from: "<[email protected]\xffattack.com>"
+    subject: "[Warning] Maybe you are vulnerable to the A6 attack!"
+    body: "A6: Parsing Inconsistencies Attacks."
+    autoencode: False
+    description: "A6: Parsing Inconsistencies Attacks."
+    defense: "You should reject such emails which contain special chars in From header."
+
+  # A7 attack
+  A7:
+    mime_from: "<{{ b64([email protected]) }}{{ b64(\xff) }}@attack.com>"
+    subject: "[Warning] Maybe you are vulnerable to the A7 attack!"
+    body: "A7: Encoding Based Attack."
+    description: "A7: Encoding Based Attack."
+    defense: "You should Add a reminder to remind users."
+
+  # A8 attack
+  A8:
+    mail_from: "<[email protected]>"
+    mime_from: "<[email protected]>"
+    subject: "[Warning] Maybe you are vulnerable to the A8 attack!"
+    body: "A8: The Subdomain Attack."
+    description: "A8: The Subdomain Attack."
+    defense: "You should Add a reminder to remind users"
+
+
+
+  # A9-A11 need manual config the email forwarding service. We test those attacks manually.
+
+
+  # A12 attack
+  A12.1:
+    mime_from: "<[email protected]>"
+    subject: "[Warning] Maybe you are vulnerable to the A12 attack!"
+    body: "A12.1: IDN Homograph Attack with IDN domain."
+    description: "A12.1: IDN Homograph Attack with IDN domain."
+    defense: "You can only display the original address with Punycode character, if a domain label contains characters from multiple different languages."
+
+
+  # A12 attack
+  A12.2:
+    mime_from: "<[email protected]>"
+    subject: "[Warning] Maybe you are vulnerable to the A12 attack!"
+    body: "A12.2: IDN Homograph Attack with IDN username."
+    description: "A12.2: IDN Homograph Attack with IDN username."
+    defense: "You can only display the original address with Punycode character, if a domain label contains characters from multiple different languages."
+
+
+  # A13 attack
+  A13:
+    mime_from: "<Alice@[email protected]>"
+    subject: "[Warning] Maybe you are vulnerable to the A6 attack!"
+    body: "A13: Missing UI Rendering Attack."
+    description: "A13: Missing UI Rendering Attack"
+    defense: "You should reject emails which contains special and not allowed characters in the sender address or add a warning in the UI."
+
+  # A14 attack
+  A14.1:
+    mime_from: "\u202emoc.qq@\u202d@test.com"
+    subject: "[Warning] Maybe you are vulnerable to the A6 attack!"
+    body: "A14: Right-to-left Override Attack in username."
+    description: "A14: Right-to-left Override Attack in username."
+    defense: "You should reject emails which contain these special characters in the sender address or add a warning on UI."
+
+
+  A14.2:
+    mime_from: "test@\u202etest.com\u202d"
+    subject: "[Warning] Maybe you are vulnerable to the A6 attack!"
+    body: "A14: Right-to-left Override Attack in domain."
+    description: "A14: Right-to-left Override Attack in domain."
+    defense: "You should reject emails which contain these special characters in the sender address or add a warning on UI."
+
+global_parameters:
+  subject: "Template subject"
+  mail_to: "[email protected]" # Change receiveUser to what you like to test.
+