Ensure your email has been read
👁️ • 🎣 • 📬
Why?
- In phishing campaign (with the prior agreements of course!), to perform information gathering. (retrieve information about who read, with which browser, at what time etc..)
- Because many SMTP clients don't provide "acknowledgement of receipt" anymore
- For commercial mail, to see who has been attracted by your email, but it is definitely not cool!
Current state is a very naive implementation, maybe enhancements will be made especially for the phishing use case (deal with multiple targets, directly send the email providing a mail list, etc..)
1️ Launch smtrackerp
smtrackerp --url [YOUR_EXTERNAL_URL] -t [TARGET_MAIL]2️ Insert payload in your mail
smtrackerp will generate a html file containing an invisible image. Insert it in your mail.
Then send it!
3️ Wait..
I know, i know .. i'm using ngrok, for testing purpose only
You can use smtrackerp to directly send your mail and then waiting for the "proof of reading".
1️ Put the mail body in a file
You could use test/test.html if you want
2️ Load your SMTP credential
Via environment variable, the credentials are used to communicate with your SMTP server. I encourage you to save it in a file:
export SMPT_USERNAME=[YOUR_MAIL]
export SMPT_PASSWORD=[YOUR_PASSWORD]and source it
3️ Send and wait
smtrackerp send -u [YOUR_EXTERNAL_URL] -r [LIST_OF_RECIPIENTS] -s [MAIL_SUBJECT] -b [BODY_FILENAME] -a [SMP_HOST] -p [SMTP_PORT] --trackWhat the target sees:
What we see:
