콘텐츠로 이동
1337skills 1337skills - 치트시트

sendEmail

Overview

섹션 제목: “Overview”

sendEmail is a lightweight, cross-platform command-line SMTP email client that enables sending emails directly from the terminal. It supports authentication, TLS/SSL encryption, attachments, and HTML content, making it essential for security testing, automated reporting, and authorized phishing assessments during penetration tests.

Key Capabilities:

  • Send emails via SMTP without a mail client
  • Support for TLS and SSL encryption
  • SMTP authentication (basic and advanced)
  • File attachments and embedded content
  • HTML and plain text emails
  • Batch email sending
  • Certificate validation control
  • Cross-platform compatibility (Linux, macOS, BSD, Windows)

Installation

섹션 제목: “Installation”

From Source

섹션 제목: “From Source”
# Clone or download sendEmail
git clone https://github.com/mogul/sendEmail.git
cd sendEmail

# Or download standalone script
wget http://www.sendEmail.org/sendEmail-v1.56.tar.gz
tar xzf sendEmail-v1.56.tar.gz
cd sendEmail-v1.56

# Make executable
chmod +x sendEmail

Via Package Manager

섹션 제목: “Via Package Manager”
# Kali Linux (pre-installed)
sendEmail -h

# Debian/Ubuntu
apt-get update
apt-get install sendemail

# macOS
brew install sendEmail

# Arch Linux
pacman -S sendEmail

Install Perl Dependencies (if needed)

섹션 제목: “Install Perl Dependencies (if needed)”
# sendEmail is a Perl script, requires Perl
which perl
perl --version

# Install required Perl modules
cpan Net::SMTP::SSL
cpan Net::SMTP::TLS
cpan IO::Socket::SSL

# Or using apt
apt-get install libnet-smtp-ssl-perl
apt-get install libnet-smtp-tls-perl

Verify Installation

섹션 제목: “Verify Installation”
sendEmail -v
sendEmail -h
which sendEmail

Basic Usage

섹션 제목: “Basic Usage”

Send Simple Email

섹션 제목: “Send Simple Email”
# Basic email sending
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -u "Subject Line" \
  -m "Email body text"

Send with Authentication

섹션 제목: “Send with Authentication”
# Send via SMTP with credentials
sendEmail -f sender@gmail.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -xu sender@gmail.com \
  -xp "password" \
  -u "Subject" \
  -m "Message body" \
  -o tls=yes

Send with Attachment

섹션 제목: “Send with Attachment”
# Send email with file attachment
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Important Document" \
  -m "Please find attached" \
  -a /path/to/file.pdf

# Multiple attachments
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -a file1.pdf file2.xlsx file3.zip \
  -m "Files attached"

Common sendEmail Commands

섹션 제목: “Common sendEmail Commands”
CommandPurpose
-f ADDRESSFrom email address (required)
-t ADDRESSTo email address (required)
-cc ADDRESSCarbon copy address
-bcc ADDRESSBlind carbon copy
-s HOST:PORTSMTP server and port (required)
-u SUBJECTEmail subject line
-m MESSAGEEmail body message
-a FILEAttach file (can use multiple times)
-xu USERNAMESMTP username for authentication
-xp PASSWORDSMTP password
-o tls=yesEnable TLS encryption
-o ssl=yesEnable SSL encryption
-c FILEUse configuration file
-vVerbose output
-qQuiet mode

Practical Examples

섹션 제목: “Practical Examples”

Gmail SMTP Configuration

섹션 제목: “Gmail SMTP Configuration”
# Send via Gmail (requires app-specific password)
sendEmail -f username@gmail.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -xu username@gmail.com \
  -xp "app_specific_password" \
  -u "Test Email" \
  -m "This is a test email from Gmail" \
  -o tls=yes

# Note: Gmail requires 2FA app password, not regular password

Outlook/Office 365 Configuration

섹션 제목: “Outlook/Office 365 Configuration”
# Send via Office 365/Outlook
sendEmail -f user@company.onmicrosoft.com \
  -t recipient@example.com \
  -s smtp.office365.com:587 \
  -xu user@company.onmicrosoft.com \
  -xp "password" \
  -u "Company Email" \
  -m "Message body" \
  -o tls=yes

Local SMTP Server (No Auth)

섹션 제목: “Local SMTP Server (No Auth)”
# Send via local mail server
sendEmail -f admin@internal.local \
  -t user@internal.local \
  -s localhost:25 \
  -u "Status Report" \
  -m "Daily system report"

HTML Email

섹션 제목: “HTML Email”
# Send HTML content
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "HTML Email Test" \
  -m '<html><body><h1>Hello</h1><p>This is HTML content</p></body></html>' \
  -o message-content-type=html

Email with Multiple Recipients

섹션 제목: “Email with Multiple Recipients”
# Multiple recipients
sendEmail -f sender@example.com \
  -t user1@example.com \
  -t user2@example.com \
  -cc supervisor@example.com \
  -bcc admin@example.com \
  -s smtp.example.com:587 \
  -u "Multi-recipient email" \
  -m "Sent to multiple recipients"

Advanced Techniques

섹션 제목: “Advanced Techniques”

Batch Email Sending

섹션 제목: “Batch Email Sending”
# Create recipient list
cat > recipients.txt << 'EOF'
user1@example.com
user2@example.com
user3@example.com
EOF

# Send to multiple addresses
while read email; do
  sendEmail -f sender@example.com \
    -t "$email" \
    -s smtp.example.com:587 \
    -xu username \
    -xp password \
    -u "Personalized Subject" \
    -m "Message body" \
    -o tls=yes
done < recipients.txt

Configuration File

섹션 제목: “Configuration File”
# Create configuration file
cat > email.conf << 'EOF'
from=sender@example.com
to=recipient@example.com
cc=cc@example.com
subject=Test Email
message=This is the email body

smtp=smtp.example.com:587
username=sender@example.com
password=secretpassword

tls=yes
verbose=yes
EOF

# Use configuration file
sendEmail -c email.conf

Email with Custom Headers

섹션 제목: “Email with Custom Headers”
# Add custom headers
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Subject" \
  -m "Body" \
  -o "header-custom-header:custom-value"

Read Message from File

섹션 제목: “Read Message from File”
# Create email body in file
cat > email_body.txt << 'EOF'
Dear Recipient,

This is a formatted email message
sent from the command line.

Best regards,
Security Team
EOF

# Send with file content
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "File-based Message" \
  -m "$(cat email_body.txt)"

Automated Report Sending

섹션 제목: “Automated Report Sending”
# Generate and send report daily
cat > send_daily_report.sh << 'EOF'
#!/bin/bash

# Generate report
REPORT_FILE="/tmp/daily_report_$(date +%Y%m%d).txt"
cat > "$REPORT_FILE" << 'REPORT'
DAILY SECURITY REPORT
=====================
Date: $(date)
Scan Results: [Data]
Alerts: [Data]
REPORT

# Send via email
sendEmail -f admin@company.com \
  -t security-team@company.com \
  -s smtp.company.com:587 \
  -xu admin@company.com \
  -xp "password" \
  -u "Daily Security Report" \
  -m "$(cat $REPORT_FILE)" \
  -a "$REPORT_FILE" \
  -o tls=yes
EOF

chmod +x send_daily_report.sh

# Schedule with cron
echo "0 9 * * * /path/to/send_daily_report.sh" | crontab -

Security Testing Scenarios

섹션 제목: “Security Testing Scenarios”

Phishing Simulation (Authorized)

섹션 제목: “Phishing Simulation (Authorized)”
# Create phishing simulation email (with authorization)
sendEmail -f it-security@company.com \
  -t employee@company.com \
  -s smtp.company.com:587 \
  -xu admin \
  -xp password \
  -u "Important Security Update Required" \
  -m '<html><body>
  <p>Click here to update your password:</p>
  <a href="http://internal-test.local/password-reset">Update Password</a>
  </body></html>' \
  -o message-content-type=html \
  -o tls=yes

Credential Stuffing Test (Lab Environment)

섹션 제목: “Credential Stuffing Test (Lab Environment)”
# Test multiple credentials against SMTP server
for cred in user1:pass1 user2:pass2 user3:pass3; do
  USERNAME=$(echo $cred | cut -d: -f1)
  PASSWORD=$(echo $cred | cut -d: -f2)
  
  sendEmail -f test@example.com \
    -t test@example.com \
    -s target-smtp.local:587 \
    -xu "$USERNAME" \
    -xp "$PASSWORD" \
    -u "Test" \
    -m "Testing credentials" \
    -o tls=yes 2>&1 | grep -i "success\|error"
done

Proof of Concept - Email Spoofing

섹션 제목: “Proof of Concept - Email Spoofing”
# Test email spoofing (open relay) - authorized lab only
sendEmail -f boss@company.com \
  -t attacker@attacker.com \
  -s open-relay-server:25 \
  -u "Spoofed Email Test" \
  -m "This email appears to come from the boss"

Email Template Examples

섹션 제목: “Email Template Examples”

Professional Report Format

섹션 제목: “Professional Report Format”
cat > report_email.txt << 'EOF'
SECURITY ASSESSMENT REPORT
==========================

Period: [Date Range]
Client: [Organization]
Assessment Type: [Type of Test]

EXECUTIVE SUMMARY
-----------------
[Summary of findings]

VULNERABILITIES IDENTIFIED
---------------------------
[Vulnerability details]

RECOMMENDATIONS
----------------
[Security improvements]

NEXT STEPS
----------
[Follow-up actions]
EOF

sendEmail -f assessor@company.com \
  -t client@example.com \
  -s smtp.gmail.com:587 \
  -xu assessor@gmail.com \
  -xp "password" \
  -u "Security Assessment Report - [Date]" \
  -m "$(cat report_email.txt)" \
  -a security_report.pdf \
  -o tls=yes

Incident Alert Format

섹션 제목: “Incident Alert Format”
cat > incident_alert.txt << 'EOF'
SECURITY INCIDENT ALERT
======================
Severity: [HIGH/MEDIUM/LOW]
Time Detected: [Timestamp]
Affected Systems: [List]
Description: [Details]

Action Required: [Instructions]
Contact: [Escalation contact]
EOF

sendEmail -f security-ops@company.com \
  -t incident-response@company.com \
  -cc ciso@company.com \
  -s smtp.company.com:587 \
  -xu security-ops \
  -xp password \
  -u "[ALERT] Incident Detected" \
  -m "$(cat incident_alert.txt)" \
  -o tls=yes

Integration with Other Tools

섹션 제목: “Integration with Other Tools”

Chain with System Commands

섹션 제목: “Chain with System Commands”
# Get system information and email
SYSTEM_INFO=$(uname -a)
DISK_USAGE=$(df -h)
MEMORY_INFO=$(free -h)

sendEmail -f admin@company.com \
  -t admin@company.com \
  -s localhost:25 \
  -u "System Report" \
  -m "System: $SYSTEM_INFO
Disk: $DISK_USAGE
Memory: $MEMORY_INFO"

Combine with Backup Status

섹션 제목: “Combine with Backup Status”
# Send backup status email
BACKUP_STATUS=$(rsync -av /data /backup 2>&1)

sendEmail -f backup@company.com \
  -t admin@company.com \
  -s smtp.company.com:587 \
  -xu backup \
  -xp password \
  -u "Backup Report - $(date +%Y-%m-%d)" \
  -m "$(echo "$BACKUP_STATUS" | tail -20)" \
  -o tls=yes

Email Penetration Test Results

섹션 제목: “Email Penetration Test Results”
# Email scan results
NMAP_RESULTS=$(nmap -sV target.local)

sendEmail -f pentester@company.com \
  -t client@example.com \
  -s smtp.company.com:587 \
  -u "Penetration Test Results" \
  -m "Scan results attached" \
  -a nmap_results.txt \
  -o tls=yes

Troubleshooting

섹션 제목: “Troubleshooting”

Authentication Failed

섹션 제목: “Authentication Failed”
# Verify credentials
sendEmail -f sender@gmail.com \
  -t recipient@example.com \
  -s smtp.gmail.com:587 \
  -xu sender@gmail.com \
  -xp "password" \
  -u "Test" \
  -m "Test" \
  -o tls=yes \
  -v

# Gmail requires app-specific password, not account password
# Generate app-specific password in Gmail settings

TLS Connection Errors

섹션 제목: “TLS Connection Errors”
# Test TLS connection
openssl s_client -connect smtp.gmail.com:587 -starttls smtp

# Disable certificate validation (not recommended)
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -xu username \
  -xp password \
  -u "Test" \
  -m "Test" \
  -o tls=yes \
  -o tls-certfile=/dev/null \
  -o tls-strict-certs=no

Port Connection Issues

섹션 제목: “Port Connection Issues”
# Test SMTP port connectivity
nc -zv smtp.gmail.com 587
telnet smtp.gmail.com 587

# Try alternate ports
sendEmail -s smtp.gmail.com:25
sendEmail -s smtp.gmail.com:465  # SSL
sendEmail -s smtp.gmail.com:587  # TLS

Encoding Issues

섹션 제목: “Encoding Issues”
# Handle non-ASCII characters
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Spécial Chäracters" \
  -m "Message with special chars: ñ, é, ü" \
  -o message-charset=UTF-8

Best Practices

섹션 제목: “Best Practices”

Secure Credential Handling

섹션 제목: “Secure Credential Handling”
# Use configuration file instead of command line
chmod 600 email.conf
# Protects password from being visible in process list

# Or use environment variables
export SEND_EMAIL_PASSWORD="password"
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -xu username \
  -xp "$SEND_EMAIL_PASSWORD" \
  -u "Subject" \
  -m "Body"

Logging and Auditing

섹션 제목: “Logging and Auditing”
# Log all email sends
sendEmail -f sender@example.com \
  -t recipient@example.com \
  -s smtp.example.com:587 \
  -u "Subject" \
  -m "Body" \
  -v >> email_log.txt 2>&1

# Review logs
tail -f email_log.txt

Rate Limiting

섹션 제목: “Rate Limiting”
# Avoid SMTP rate limits with delays
for email in $(cat recipients.txt); do
  sendEmail -f sender@example.com \
    -t "$email" \
    -s smtp.example.com:587 \
    -u "Subject" \
    -m "Body"
  
  # Wait between sends
  sleep 5
done
섹션 제목: “Security and Legal Considerations”

Authorized Testing Only

섹션 제목: “Authorized Testing Only”
  • Only send authorized emails during authorized assessments
  • Ensure written permission before conducting phishing simulations
  • Document all email sending activities
  • Follow organizational and legal guidelines

Email Spoofing Awareness

섹션 제목: “Email Spoofing Awareness”
  • Email spoofing is illegal when used maliciously
  • Only test in isolated lab environments or with written authorization
  • Understand implications of unauthenticated SMTP servers

Compliance Considerations

섹션 제목: “Compliance Considerations”
# Include proper disclaimers in security test emails
DISCLAIMER="
---
This email was sent as part of an authorized security assessment.
If you are not the intended recipient, please delete and report to IT.
---"

sendEmail -f assessor@company.com \
  -t employee@company.com \
  -s smtp.company.com:587 \
  -u "Security Awareness Test" \
  -m "Test content$DISCLAIMER" \
  -o tls=yes

Alternatives and Comparison

섹션 제목: “Alternatives and Comparison”
ToolPurposeDifferences
sendEmailSimple SMTP clientLightweight, Perl-based
mail/mailxSystem mail utilityLimited features
muttEmail clientFull client with interactivity
curlTransfer toolCan send via SMTP with —mail-from
ssmtpSMTP clientMinimal, for system notifications

Additional Resources

섹션 제목: “Additional Resources”
  • SMTP Protocol and Standards (RFC 5321)
  • TLS/SSL Encryption and Certificates
  • Email Header Format and Standards
  • Phishing Simulation Best Practices
  • Email Security and Authentication (SPF, DKIM, DMARC)