SimplyEmail not only takes email addresses and other information, but also scrubs domains for documents such as text, Word, or Excel spreadsheets. In addition, there are a wide range of different website and search engines that can be used. These include Reddit, Pastebin, and CanaryBin. One of the best features is that the tool creates a report in HTML, which comes in handy when you are preparing your report.
SimplyEmail is a Python script that has a number of modules. Installing it is fairly easy.
Use the following steps to install SimplyEmail:
- Navigate to the GitHub site at https://github.com/killswitch-GUI/SimplyEmail
- Enter the following code:
curl -s https://raw.githubusercontent.com/killswitch-GUI/SimplyEmail/master/setup/oneline-setup.sh | bash
- Once the startup script has completed, you can execute the scripts.
The help menu can be accessed by typing this:
#./SimplyEmail.py -h Current Version: v1.0 | Website: CyberSyndicates.com ============================================================ Twitter: @real_slacker007 | Twitter: @Killswitch_gui ============================================================ [-s] [-v]
Email enumeration is an important phase of so many operations that a pen tester or Red Teamer goes through. There are tons of applications that do email enumeration, but I wanted a simple yet effective way to get what Recon-Ng provide and theharvester (you may want to run -h):
optional arguments: -all Use all non API methods to obtain Emails -e company.com Set required email addr user, ex [email protected] -l List the current Modules Loaded -t html / flickr / google Test individual module (For Linting) -s Set this to enable 'No-Scope' of the email parsing -v Set this switch for verbose output of modules
To start a search, type in the following:
#./SimplyEmail -all -e example.com
The script then runs. Beware that if there is no information, there will be errors in the return. This does not mean you have made an error, but rather that there are no results for the search. While the tool runs, you will see the following output on your screen:
[*] Starting: PasteBin Search for Emails [*] Starting: Google PDF Search for Emails [*] Starting: Exalead DOCX Search for Emails [*] Starting: Exalead XLSX Search for Emails [*] Starting: HTML Scrape of Taget Website [*] Starting: Exalead Search for Emails [*] Starting: Searching PGP [*] Starting: OnionStagram Search For Instagram Users [*] HTML Scrape of Taget Website has completed with no Email(s) [*] Starting: RedditPost Search for Emails [*] OnionStagram Search For Instagram Users: Gathered 23 Email(s)! [*] Starting: Ask Search for Emails
After the searches have been conducted, you will receive a request to verify email addresses. This verification process can take some time, but in a targeted attack where you want to socially engineer or phish specific individuals, it may be prudent. A simple Y/N will suffice:
[*] Email reconnaissance has been completed: Email verification will allow you to use common methods to attempt to enumerate if the email is valid. This grabs the MX records, sorts and attempts to check if the SMTP server sends a code other than 250 for known bad addresses [>] Would you like to verify email(s)?:
After the verification question, the final question is the report generation phase:
[*] Email reconnaissance has been completed: File Location: /root/Desktop/SimplyEmail Unique Emails Found: 246 Raw Email File: Email_List.txt HTML Email File: Email_List.html Domain Performed: example.com [>] Would you like to launch the HTML report?:
The report output is an HTML file with the types of searches that have been conducted and the data that has been found. If you are good at HTML, you can even brand this report with your own logo and include it in the final pen test report.