SpoofThatMail icon indicating copy to clipboard operation
SpoofThatMail copied to clipboard

Published 20 hours ago verified publisher icon v4d1

Help newlines not escaped

Open klikevil opened this issue 3 years ago • 3 comments 

$ ./SpoofThatMail.sh 

███████╗██████╗  ██████╗  ██████╗ ███████╗                          
██╔════╝██╔══██╗██╔═══██╗██╔═══██╗██╔════╝                          
███████╗██████╔╝██║   ██║██║   ██║█████╗                            
╚════██║██╔═══╝ ██║   ██║██║   ██║██╔══╝                            
███████║██║     ╚██████╔╝╚██████╔╝██║                               
╚══════╝╚═╝      ╚═════╝  ╚═════╝ ╚═╝                               
                                                                    
████████╗██╗  ██╗ █████╗ ████████╗    ███╗   ███╗ █████╗ ██╗██╗     
╚══██╔══╝██║  ██║██╔══██╗╚══██╔══╝    ████╗ ████║██╔══██╗██║██║     
   ██║   ███████║███████║   ██║       ██╔████╔██║███████║██║██║     
   ██║   ██╔══██║██╔══██║   ██║       ██║╚██╔╝██║██╔══██║██║██║     
   ██║   ██║  ██║██║  ██║   ██║       ██║ ╚═╝ ██║██║  ██║██║███████╗
   ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝╚══════╝ by securihub.com 
                                                                 

Wrong execution\n
Accepted parameters:\n
Use -d along with a domain name, example sh SpoofThatMail.sh -d domain.com
Null string will be detected and ignored\n
Use -f along with a file containing domain names, example sh SpoofThatMail.sh -f domains.txt
Note that the path provided for the file must be a valid one\n

diff --git a/SpoofThatMail.sh b/SpoofThatMail.sh
old mode 100644
new mode 100755
index 80e2397..2e7e05b
--- a/SpoofThatMail.sh
+++ b/SpoofThatMail.sh
@@ -6,11 +6,11 @@ YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 
 help () {
-	echo "Accepted parameters:\n"
-	echo "Use -d along with a domain name, example sh SpoofThatMail.sh -d domain.com"
-	echo "Null string will be detected and ignored\n"
-	echo "Use -f along with a file containing domain names, example sh SpoofThatMail.sh -f domains.txt"
-	echo "Note that the path provided for the file must be a valid one\n"
+	echo -e "Accepted parameters:\n"
+	echo -e "Use -d along with a domain name, example sh SpoofThatMail.sh -d domain.com"
+	echo -e "Null string will be detected and ignored\n"
+	echo -e "Use -f along with a file containing domain names, example sh SpoofThatMail.sh -f domains.txt"
+	echo -e "Note that the path provided for the file must be a valid one\n"
 }
 
 check_url () {
@@ -20,17 +20,17 @@ check_url () {
 	output=$(nslookup -type=txt _dmarc."$domain")
 	case "$output" in
 		*p=reject*)
-			echo "$domain is ${GREEN}NOT vulnerable${NC}"
+			echo -e "$domain is ${GREEN}NOT vulnerable${NC}"
 		;;
 		*p=quarantine*)
-			echo "$domain ${YELLOW}can be vulnerable${NC} (email will be sent to spam)"
+			echo -e "$domain ${YELLOW}can be vulnerable${NC} (email will be sent to spam)"
 		;;
 		*p=none*)
-			echo "$domain is ${RED}vulnerable${NC}"
+			echo -e "$domain is ${RED}vulnerable${NC}"
 			retval=1
 		;;
 		*)
-			echo "$domain is ${RED}vulnerable${NC} (No DMARC record found)"
+			echo -e "$domain is ${RED}vulnerable${NC} (No DMARC record found)"
 			retval=1
 		;;
 	esac
@@ -49,7 +49,7 @@ check_file () {
 			check_url $line
 			VULNERABLES=$((VULNERABLES=VULNERABLES+$?))
 		done < $input
-		echo "\n$VULNERABLES out of $COUNTER domains are ${RED}vulnerable ${NC}"
+		echo -e "\n$VULNERABLES out of $COUNTER domains are ${RED}vulnerable ${NC}"
 
 }
 
@@ -73,7 +73,7 @@ main () {
 
 }
 
-echo "
+echo -e "
 ███████╗██████╗  ██████╗  ██████╗ ███████╗                          
 ██╔════╝██╔══██╗██╔═══██╗██╔═══██╗██╔════╝                          
 ███████╗██████╔╝██║   ██║██║   ██║█████╗                            
@@ -90,7 +90,7 @@ echo "
                                                                  
 "
 if [ $# != 2  ];then
-	echo "Wrong execution\n"
+	echo -e "Wrong execution\n"
 	help
 	exit 0
 fi

klikevil avatar Jan 12 '22 16:01 klikevil

I will work on this asap but im quiet busy right now, please try executing with sh SpoofThatMail.sh as you can see in the README image

v4d1 avatar Jan 12 '22 17:01 v4d1

Changing the #!/bin/bash for #!/bin/sh should fix this for this use case.

Right now there's an inconsistency where if you execute the command as the readme says, it is executed in sh (bash in legacy mode) whereas if you do ./Spoof... it is executed in regular bash.

Lining up both use cases will probably solve issues like this one (I suppose using bash instead of sh would be the better solution)

rsf92 avatar Jan 12 '22 18:01 rsf92

Changing the #!/bin/bash for #!/bin/sh should fix this for this use case.

Right now there's an inconsistency where if you execute the command as the readme says, it is executed in sh (bash in legacy mode) whereas if you do ./Spoof... it is executed in regular bash.

Lining up both use cases will probably solve issues like this one (I suppose using bash instead of sh would be the better solution)

Yeah, i saw this project on twitter and it said it was a bash script so an alternative would definitely be changing the shebang I just figured i'd help the output be as clean as possible, not an urgent issue-- everything else in the script looks clean and functions as intended to.

klikevil avatar Jan 12 '22 20:01 klikevil