Skip to content
/ mailpl0it Public

Mailpl0it is a small utility that hunts the homepage of exploit-db looking for user supplied quer(y/ies) and notifies the user via email if an exploit is found for the supplied query.

License

MIT license
31 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bad-bit/mailpl0it

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

LICENSE

LICENSE

 
 

OP.jpg

OP.jpg

 
 

README.md

README.md

 
 

TODO

TODO

 
 

mailpl0it.py

mailpl0it.py

 
 

terminal.jpg

terminal.jpg

 
 

Repository files navigation

Mailpl0it

Mailpl0it is a small utility that hunts the homepage of exploit-db looking for user supplied quer(y/ies) and notifies the user via email if an exploit is found for the supplied query.

Please note that the utility has only been made for Gmail inboxes. The utility uses Python's libraries to send emails, so in order to receive emails on the mailbox - the user will have to toggle this switch.

Please refer the "Points to note" section below for more details.

Mailpl0it was made:

  • To get notified only for user-specified, specific class of exploits on the mailbox.
  • Out of pure curiosity while playing around with the requests library (Already aware of exploit-db's RSS feed, still, import requests, because why not!).

Installation

Built on native libraries with zero dependencies. Clone and launch!

git clone https://github.com/bad-bit/mailpl0it.git

Usage

python mailpl0it.py -l "Remote Code Execution, Citrix, Privilege Escalation" -m mailid@gmail.com -p passw0rd

alt text

OUTPUT in the mailbox.

alt text


> Help message:

mailpl0it.py [-h] -l WORDLIST [-s SLEEPTIME] -m EMAIL [-p PASSWORD]

optional arguments:
  -h, --help            show this help message and exit
  -l WORDLIST, --list WORDLIST
                        Comma seperated words to hunt on exploit-db. Example:
                        mailpl0it.py -l "LPE, RCE"
  -s SLEEPTIME, --sleep SLEEPTIME
                        Time to sleep in seconds before checking exploit-db
                        for new results. Default is 3600s / 1 hour.
  -m EMAIL, --email EMAIL
                        Your email-id to receive notification emails.
  -p PASSWORD, --password PASSWORD
                        Your email-id's password.

It is recommended to launch the utility from a tmux or a Byobu session on a VPS for a seamless experience and infinite hunting! :D

Points to note

  • Since the utility relies on the native "email.message" library, it is inevitable to avoid using password for authentication to the mailing server. The user will have to either pass the recipient email's password as an argument (-p) or for the more paranoid ones - hardcode the credentials of the recipient email by editing a single line (line 130) inside the script. It is recommended to create a throwaway account for this utility which you can dedicate only for this purpose without having to worry about harcoding your credentials in clear text! :D

  • The utility has been tested only on Gmail. By default, Gmail doesn't allow Python to send emails to your mailbox. The user can however manually enable it by visiting https://myaccount.google.com/lesssecureapps. This setting can't be enabled for accounts having 2FA. Again, it is recommended to create a throwaway account for this utility which you can dedicate only for this purpose without having to worry about harcoding your credentials in clear text! :D

About

Mailpl0it is a small utility that hunts the homepage of exploit-db looking for user supplied quer(y/ies) and notifies the user via email if an exploit is found for the supplied query.

Topics

custom feed exploit-db

Resources

Readme

License

MIT license
Activity

Stars

31 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages