Features: Added DNSSEC, MX records, checking of Microsoft Cloud tenant, SPF multiple alls, enhanced/refactored output and reporting

[FlyingPhish]

Hey! A regular tool I use and wanted to contribute some changes I've made.

Added:

DNSSEC
This automatically runs, no args.
[?] DNSSEC: Not detected OR [+] DNSSEC: Enabled

MX Records
This automatically runs, no args. It has a hardcoded list of different providers based on mx hostname.

[*] MX records: MX record info
[*] Email provider: ProofPoint|Mailgun|Microsoft Exchange

Microsoft Cloud Tenant
This automatically runs to identify if the domain uses MS cloud.
[*] Microsoft tenant domains: redacted.onmicrosoft.com, redacted.mail.onmicrosoft.com

You can pass --expand-tenant, which will add the default domains .onmicrosoft.com and .mail.onmicrosoft.com to the scope (workers), which'll repeat the standard functionality against those domains. This will only run if those subdomains exists

There is a safeguard to prevent duplicate jobs from running, so if you pass the onmicrosoft as a domain (either direct or in a file), it won't rerun this functionality as it's already in scope.

└─Δ python .\spoofy.py -d redacted.com --dkim --expand-tenant
[*] Microsoft tenant domain discovered: redacted.onmicrosoft.com
[*] Microsoft tenant domain discovered: redacted.mail.onmicrosoft.com

DOMAIN INFORMATION
[*] Domain: redacted.com
[*] Subdomain: No
[*] DNS Server: IP

CLOUD PROVIDER DETECTION
[*] Microsoft 365 customer detected
[*] Tenant domains: redacted.onmicrosoft.com, redacted.mail.onmicrosoft.com

EMAIL INFRASTRUCTURE
[*] MX records: 10 redacted-com.mail.protection.outlook.com
[*] Email provider: Microsoft Exchange Online

SPF ANALYSIS
[*] SPF record: REDACTED -all
[+] SPF all mechanism: -all (strict - rejects unauthorized)
[?] SPF DNS queries: 7 (acceptable, RFC limit is 10)

DMARC ANALYSIS
[*] DMARC record: REDACTED
[!] DMARC policy: none - ALLOWS SPOOFING (no enforcement)
[+] DMARC percentage: 100% (full enforcement)
[*] DMARC ASPF alignment: r (relaxed)
[*] DMARC subdomain policy: none
[*] Aggregate reporting: REDACTED

ADDITIONAL SECURITY
[?] DNSSEC: Not detected
[+] DKIM selectors found:
[*]    m1._domainkey.redacted.com -> v=DKIM1;k=rsa;REDACTED

SPOOFABILITY ASSESSMENT
[!] Domain spoofable via: DMARC policy set to 'none'
[*] Original analysis: Subdomain spoofing possible for redacted.com.
[!] Overall security posture: WEAK

════════════════════════════════════════════════════════════

DOMAIN INFORMATION
[*] Domain: redacted.onmicrosoft.com
[*] Subdomain: Yes
[*] DNS Server: IP

CLOUD PROVIDER DETECTION
[*] Microsoft 365 customer detected

EMAIL INFRASTRUCTURE
[*] MX records: 0 redacted.mail.protection.outlook.com
[*] Email provider: Microsoft Exchange Online

SPF ANALYSIS
[*] SPF record: v=spf1 include:spf.protection.outlook.com -all
[+] SPF all mechanism: -all (strict - rejects unauthorized)
[+] SPF DNS queries: 1 (efficient)

DMARC ANALYSIS
[!] No DMARC record found - ALLOWS EMAIL SPOOFING

ADDITIONAL SECURITY
[?] DNSSEC: Not detected
[?] No DKIM selectors enumerated

SPOOFABILITY ASSESSMENT
[!] Domain spoofable via: No DMARC record
[*] Original analysis: Spoofing possible for redacted.onmicrosoft.com.
[!] Overall security posture: WEAK

════════════════════════════════════════════════════════════

DOMAIN INFORMATION
[*] Domain: redacted.mail.onmicrosoft.com
[*] Subdomain: Yes
[*] DNS Server: IP

EMAIL INFRASTRUCTURE
[!] No MX records found

SPF ANALYSIS
[!] No SPF record found - allows spoofing from any server

DMARC ANALYSIS
[!] No DMARC record found - ALLOWS EMAIL SPOOFING

ADDITIONAL SECURITY
[?] DNSSEC: Not detected
[?] No DKIM selectors enumerated

SPOOFABILITY ASSESSMENT
[!] Domain spoofable via: No SPF record, No DMARC record
[*] Original analysis: Spoofing possible for redacted.mail.onmicrosoft.com.
[!] Overall security posture: WEAK

═══════════════════════════════════════════════════════════