Zum Inhalt springen
1337skills 1337skills - Referenzen

sendEmail

Overview

Abschnitt betitelt „Overview“

sendEmail is a lightweight, cross-platform command-line SMTP email client that enables sending emails directly from the terminal. It supports authentication, TLS/SSL encryption, attachments, and HTML content, making it essential for security testing, automated reporting, and authorized phishing assessments during penetration tests.

Key Capabilities:

  • Send emails via SMTP without a mail client
  • Support for TLS and SSL encryption
  • SMTP authentication (basic and advanced)
  • File attachments and embedded content
  • HTML and plain text emails
  • Batch email sending
  • Certificate validation control
  • Cross-platform compatibility (Linux, macOS, BSD, Windows)

Installation

Abschnitt betitelt „Installation“

From Source

Abschnitt betitelt „From Source“
# Clone or download sendEmail
git clone https://github.com/mogul/sendEmail.git
cd sendEmail

# Or download standalone script
wget http://www.sendEmail.org/sendEmail-v1.56.tar.gz
tar xzf sendEmail-v1.56.tar.gz
cd sendEmail-v1.56

# Make executable
chmod +x sendEmail

Via Package Manager

Abschnitt betitelt „Via Package Manager“
# Kali Linux (pre-installed)
sendEmail -h

# Debian/Ubuntu
apt-get update
apt-get install sendemail

# macOS
brew install sendEmail

# Arch Linux
pacman -S sendEmail

Install Perl Dependencies (if needed)

Abschnitt betitelt „Install Perl Dependencies (if needed)“
# sendEmail is a Perl script, requires Perl
which perl
perl --version

# Install required Perl modules
cpan Net::SMTP::SSL
cpan Net::SMTP::TLS
cpan IO::Socket::SSL

# Or using apt
apt-get install libnet-smtp-ssl-perl
apt-get install libnet-smtp-tls-perl

Verify Installation

Abschnitt betitelt „Verify Installation“
sendEmail -v
sendEmail -h
which sendEmail

Basic Usage

Abschnitt betitelt „Basic Usage“

Send Simple Email

Abschnitt betitelt „Send Simple Email“
# Basic email sending
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -u "Subject Line" \
  -m "Email body text"

Send with Authentication

Abschnitt betitelt „Send with Authentication“
# Send via SMTP with credentials
sendEmail -f sender@gmail.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -xu sender@gmail.com \
  -xp "password" \
  -u "Subject" \
  -m "Message body" \
  -o tls=yes

Send with Attachment

Abschnitt betitelt „Send with Attachment“
# Send email with file attachment
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Important Document" \
  -m "Please find attached" \
  -a /path/to/file.pdf

# Multiple attachments
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -a file1.pdf file2.xlsx file3.zip \
  -m "Files attached"

Common sendEmail Commands

Abschnitt betitelt „Common sendEmail Commands“
CommandPurpose
-f ADDRESSFrom email address (required)
-t ADDRESSTo email address (required)
-cc ADDRESSCarbon copy address
-bcc ADDRESSBlind carbon copy
-s HOST:PORTSMTP server and port (required)
-u SUBJECTEmail subject line
-m MESSAGEEmail body message
-a FILEAttach file (can use multiple times)
-xu USERNAMESMTP username for authentication
-xp PASSWORDSMTP password
-o tls=yesEnable TLS encryption
-o ssl=yesEnable SSL encryption
-c FILEUse configuration file
-vVerbose output
-qQuiet mode

Practical Examples

Abschnitt betitelt „Practical Examples“

Gmail SMTP Configuration

Abschnitt betitelt „Gmail SMTP Configuration“
# Send via Gmail (requires app-specific password)
sendEmail -f username@gmail.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -xu username@gmail.com \
  -xp "app_specific_password" \
  -u "Test Email" \
  -m "This is a test email from Gmail" \
  -o tls=yes

# Note: Gmail requires 2FA app password, not regular password

Outlook/Office 365 Configuration

Abschnitt betitelt „Outlook/Office 365 Configuration“
# Send via Office 365/Outlook
sendEmail -f user@company.onmicrosoft.com \
  -t recipient@example.com \
  -s smtp.office365.com:587 \
  -xu user@company.onmicrosoft.com \
  -xp "password" \
  -u "Company Email" \
  -m "Message body" \
  -o tls=yes

Local SMTP Server (No Auth)

Abschnitt betitelt „Local SMTP Server (No Auth)“
# Send via local mail server
sendEmail -f admin@internal.local \
  -t user@internal.local \
  -s localhost:25 \
  -u "Status Report" \
  -m "Daily system report"

HTML Email

Abschnitt betitelt „HTML Email“
# Send HTML content
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "HTML Email Test" \
  -m '<html><body><h1>Hello</h1><p>This is HTML content</p></body></html>' \
  -o message-content-type=html

Email with Multiple Recipients

Abschnitt betitelt „Email with Multiple Recipients“
# Multiple recipients
sendEmail -f sender@example.com \
  -t user1@example.com \
  -t user2@example.com \
  -cc supervisor@example.com \
  -bcc admin@example.com \
  -s smtp.example.com:587 \
  -u "Multi-recipient email" \
  -m "Sent to multiple recipients"

Advanced Techniques

Abschnitt betitelt „Advanced Techniques“

Batch Email Sending

Abschnitt betitelt „Batch Email Sending“
# Create recipient list
cat > recipients.txt << 'EOF'
user1@example.com
user2@example.com
user3@example.com
EOF

# Send to multiple addresses
while read email; do
  sendEmail -f sender@example.com \
    -t "$email" \
    -s smtp.example.com:587 \
    -xu username \
    -xp password \
    -u "Personalized Subject" \
    -m "Message body" \
    -o tls=yes
done < recipients.txt

Configuration File

Abschnitt betitelt „Configuration File“
# Create configuration file
cat > email.conf << 'EOF'
from=sender@example.com
to=recipient@example.com
cc=cc@example.com
subject=Test Email
message=This is the email body

smtp=smtp.example.com:587
username=sender@example.com
password=secretpassword

tls=yes
verbose=yes
EOF

# Use configuration file
sendEmail -c email.conf

Email with Custom Headers

Abschnitt betitelt „Email with Custom Headers“
# Add custom headers
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Subject" \
  -m "Body" \
  -o "header-custom-header:custom-value"

Read Message from File

Abschnitt betitelt „Read Message from File“
# Create email body in file
cat > email_body.txt << 'EOF'
Dear Recipient,

This is a formatted email message
sent from the command line.

Best regards,
Security Team
EOF

# Send with file content
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "File-based Message" \
  -m "$(cat email_body.txt)"

Automated Report Sending

Abschnitt betitelt „Automated Report Sending“
# Generate and send report daily
cat > send_daily_report.sh << 'EOF'
#!/bin/bash

# Generate report
REPORT_FILE="/tmp/daily_report_$(date +%Y%m%d).txt"
cat > "$REPORT_FILE" << 'REPORT'
DAILY SECURITY REPORT
=====================
Date: $(date)
Scan Results: [Data]
Alerts: [Data]
REPORT

# Send via email
sendEmail -f admin@company.com \
  -t security-team@company.com \
  -s smtp.company.com:587 \
  -xu admin@company.com \
  -xp "password" \
  -u "Daily Security Report" \
  -m "$(cat $REPORT_FILE)" \
  -a "$REPORT_FILE" \
  -o tls=yes
EOF

chmod +x send_daily_report.sh

# Schedule with cron
echo "0 9 * * * /path/to/send_daily_report.sh" | crontab -

Security Testing Scenarios

Abschnitt betitelt „Security Testing Scenarios“

Phishing Simulation (Authorized)

Abschnitt betitelt „Phishing Simulation (Authorized)“
# Create phishing simulation email (with authorization)
sendEmail -f it-security@company.com \
  -t employee@company.com \
  -s smtp.company.com:587 \
  -xu admin \
  -xp password \
  -u "Important Security Update Required" \
  -m '<html><body>
  <p>Click here to update your password:</p>
  <a href="http://internal-test.local/password-reset">Update Password</a>
  </body></html>' \
  -o message-content-type=html \
  -o tls=yes

Credential Stuffing Test (Lab Environment)

Abschnitt betitelt „Credential Stuffing Test (Lab Environment)“
# Test multiple credentials against SMTP server
for cred in user1:pass1 user2:pass2 user3:pass3; do
  USERNAME=$(echo $cred | cut -d: -f1)
  PASSWORD=$(echo $cred | cut -d: -f2)
  
  sendEmail -f test@example.com \
    -t test@example.com \
    -s target-smtp.local:587 \
    -xu "$USERNAME" \
    -xp "$PASSWORD" \
    -u "Test" \
    -m "Testing credentials" \
    -o tls=yes 2>&1 | grep -i "success\|error"
done

Proof of Concept - Email Spoofing

Abschnitt betitelt „Proof of Concept - Email Spoofing“
# Test email spoofing (open relay) - authorized lab only
sendEmail -f boss@company.com \
  -t attacker@attacker.com \
  -s open-relay-server:25 \
  -u "Spoofed Email Test" \
  -m "This email appears to come from the boss"

Email Template Examples

Abschnitt betitelt „Email Template Examples“

Professional Report Format

Abschnitt betitelt „Professional Report Format“
cat > report_email.txt << 'EOF'
SECURITY ASSESSMENT REPORT
==========================

Period: [Date Range]
Client: [Organization]
Assessment Type: [Type of Test]

EXECUTIVE SUMMARY
-----------------
[Summary of findings]

VULNERABILITIES IDENTIFIED
---------------------------
[Vulnerability details]

RECOMMENDATIONS
----------------
[Security improvements]

NEXT STEPS
----------
[Follow-up actions]
EOF

sendEmail -f assessor@company.com \
  -t client@example.com \
  -s smtp.gmail.com:587 \
  -xu assessor@gmail.com \
  -xp "password" \
  -u "Security Assessment Report - [Date]" \
  -m "$(cat report_email.txt)" \
  -a security_report.pdf \
  -o tls=yes

Incident Alert Format

Abschnitt betitelt „Incident Alert Format“
cat > incident_alert.txt << 'EOF'
SECURITY INCIDENT ALERT
======================
Severity: [HIGH/MEDIUM/LOW]
Time Detected: [Timestamp]
Affected Systems: [List]
Description: [Details]

Action Required: [Instructions]
Contact: [Escalation contact]
EOF

sendEmail -f security-ops@company.com \
  -t incident-response@company.com \
  -cc ciso@company.com \
  -s smtp.company.com:587 \
  -xu security-ops \
  -xp password \
  -u "[ALERT] Incident Detected" \
  -m "$(cat incident_alert.txt)" \
  -o tls=yes

Integration with Other Tools

Abschnitt betitelt „Integration with Other Tools“

Chain with System Commands

Abschnitt betitelt „Chain with System Commands“
# Get system information and email
SYSTEM_INFO=$(uname -a)
DISK_USAGE=$(df -h)
MEMORY_INFO=$(free -h)

sendEmail -f admin@company.com \
  -t admin@company.com \
  -s localhost:25 \
  -u "System Report" \
  -m "System: $SYSTEM_INFO
Disk: $DISK_USAGE
Memory: $MEMORY_INFO"

Combine with Backup Status

Abschnitt betitelt „Combine with Backup Status“
# Send backup status email
BACKUP_STATUS=$(rsync -av /data /backup 2>&1)

sendEmail -f backup@company.com \
  -t admin@company.com \
  -s smtp.company.com:587 \
  -xu backup \
  -xp password \
  -u "Backup Report - $(date +%Y-%m-%d)" \
  -m "$(echo "$BACKUP_STATUS" | tail -20)" \
  -o tls=yes

Email Penetration Test Results

Abschnitt betitelt „Email Penetration Test Results“
# Email scan results
NMAP_RESULTS=$(nmap -sV target.local)

sendEmail -f pentester@company.com \
  -t client@example.com \
  -s smtp.company.com:587 \
  -u "Penetration Test Results" \
  -m "Scan results attached" \
  -a nmap_results.txt \
  -o tls=yes

Troubleshooting

Abschnitt betitelt „Troubleshooting“

Authentication Failed

Abschnitt betitelt „Authentication Failed“
# Verify credentials
sendEmail -f sender@gmail.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -xu sender@gmail.com \
  -xp "password" \
  -u "Test" \
  -m "Test" \
  -o tls=yes \
  -v

# Gmail requires app-specific password, not account password
# Generate app-specific password in Gmail settings

TLS Connection Errors

Abschnitt betitelt „TLS Connection Errors“
# Test TLS connection
openssl s_client -connect smtp.gmail.com:587 -starttls smtp

# Disable certificate validation (not recommended)
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -xu username \
  -xp password \
  -u "Test" \
  -m "Test" \
  -o tls=yes \
  -o tls-certfile=/dev/null \
  -o tls-strict-certs=no

Port Connection Issues

Abschnitt betitelt „Port Connection Issues“
# Test SMTP port connectivity
nc -zv smtp.gmail.com 587
telnet smtp.gmail.com 587

# Try alternate ports
sendEmail -s smtp.gmail.com:25
sendEmail -s smtp.gmail.com:465  # SSL
sendEmail -s smtp.gmail.com:587  # TLS

Encoding Issues

Abschnitt betitelt „Encoding Issues“
# Handle non-ASCII characters
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Spécial Chäracters" \
  -m "Message with special chars: ñ, é, ü" \
  -o message-charset=UTF-8

Best Practices

Abschnitt betitelt „Best Practices“

Secure Credential Handling

Abschnitt betitelt „Secure Credential Handling“
# Use configuration file instead of command line
chmod 600 email.conf
# Protects password from being visible in process list

# Or use environment variables
export SEND_EMAIL_PASSWORD="password"
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -xu username \
  -xp "$SEND_EMAIL_PASSWORD" \
  -u "Subject" \
  -m "Body"

Logging and Auditing

Abschnitt betitelt „Logging and Auditing“
# Log all email sends
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Subject" \
  -m "Body" \
  -v >> email_log.txt 2>&1

# Review logs
tail -f email_log.txt

Rate Limiting

Abschnitt betitelt „Rate Limiting“
# Avoid SMTP rate limits with delays
for email in $(cat recipients.txt); do
  sendEmail -f sender@example.com \
    -t "$email" \
    -s smtp.example.com:587 \
    -u "Subject" \
    -m "Body"
  
  # Wait between sends
  sleep 5
done
Abschnitt betitelt „Security and Legal Considerations“

Authorized Testing Only

Abschnitt betitelt „Authorized Testing Only“
  • Only send authorized emails during authorized assessments
  • Ensure written permission before conducting phishing simulations
  • Document all email sending activities
  • Follow organizational and legal guidelines

Email Spoofing Awareness

Abschnitt betitelt „Email Spoofing Awareness“
  • Email spoofing is illegal when used maliciously
  • Only test in isolated lab environments or with written authorization
  • Understand implications of unauthenticated SMTP servers

Compliance Considerations

Abschnitt betitelt „Compliance Considerations“
# Include proper disclaimers in security test emails
DISCLAIMER="
---
This email was sent as part of an authorized security assessment.
If you are not the intended recipient, please delete and report to IT.
---"

sendEmail -f assessor@company.com \
  -t employee@company.com \
  -s smtp.company.com:587 \
  -u "Security Awareness Test" \
  -m "Test content$DISCLAIMER" \
  -o tls=yes

Alternatives and Comparison

Abschnitt betitelt „Alternatives and Comparison“
ToolPurposeDifferences
sendEmailSimple SMTP clientLightweight, Perl-based
mail/mailxSystem mail utilityLimited features
muttEmail clientFull client with interactivity
curlTransfer toolCan send via SMTP with —mail-from
ssmtpSMTP clientMinimal, for system notifications

Additional Resources

Abschnitt betitelt „Additional Resources“
  • SMTP Protocol and Standards (RFC 5321)
  • TLS/SSL Encryption and Certificates
  • Email Header Format and Standards
  • Phishing Simulation Best Practices
  • Email Security and Authentication (SPF, DKIM, DMARC)