A modular, open-source email spoofing simulation toolkit for authorized penetration testing and red team operations. Test your organization's defenses with realistic phishing scenarios.
A complete toolkit covering the full email security assessment lifecycle.
Craft and send spoofed emails with full MIME control. Interactive CLI wizard for sender identity, subject, and body configuration.
45+ pre-configured phishing scenarios across corporate, financial, social media, collaboration, cloud, and consumer service attack vectors.
Local SMTP relay with MX resolution, TLS support, and authentication. Run on any port for controlled testing.
Automatic JSON logging and structured assessment reports with success rates, risk scores, and remediation guidance.
Build your own phishing scenarios interactively. Save and reuse custom bodies, subjects, and sender profiles.
Preview any template before sending and filter the template list by keyword or tag. Remove or edit templates directly from the CLI.
Save named SMTP relay configurations (host, port, credentials, TLS) and reuse them across campaigns with a single --profile flag.
Use --verbose to trace every SMTP stage: connection, STARTTLS, authentication, and sending. Diagnose delivery failures with detailed error explanations.
Remove every trace with a single command. Cleans wrappers, project files, venvs, and configuration automatically.
MailSpoof is free, open-source, and built for security professionals. Install in seconds and start assessing your email infrastructure.