● LIVE · v1.0.0 · Debian / Kali · x86-64
Email Pentest
Sidekick
// EPS
The most complete email security assessment framework in existence. DMARC-pass attack automation, dark web credential hunting, SPF chain analysis, SMTP spray and forensic header analysis — one static binary, zero dependencies.
Screenshots
See It In Action
Capabilities
What EPS Does
DMARC-Pass Spoofing
Automates DMARC-pass phishing via stolen M365 and Gmail credentials — email arrives from a legitimate, passing domain with no SPF/DKIM failures. No open relays needed.
Dark Web Credential Hunt
Tor-routed search across dark web sources and HIBP for credential dumps tied to the target domain. Surfaces live, usable credentials before you touch a single packet.
SMTP AUTH Spray
High-speed SMTP authentication spray using Ignis 1M wordlists, with built-in throttling and jitter to avoid account lockout policies. Auto-validates hits.
SPF Chain Analysis
Full recursive SPF record walk — finds misconfigurations, overly permissive includes, and domains that allow third-party relays on behalf of the target.
Domain Permutations
Generates and tests typosquatting, homoglyph, and subdomain permutations for lookalike domain availability and existing infrastructure.
Open Relay Hunter
Scans MX records and related infrastructure for open or misconfigured SMTP relays that can be used to send mail as the target domain.
Forensic Header Analysis
Paste raw email headers and get a full trace — hop-by-hop relay chain, timestamp deltas, authentication results and anomaly flags.
Professional Report
One click generates a client-ready HTML and PDF pentest report — findings, evidence screenshots, risk ratings and remediation recommendations.
Comparison
EPS vs. The Field
| Feature | EPS | Gophish | SET | King Phisher | Manual approach |
|---|---|---|---|---|---|
| DMARC-pass spoofing automation | ✓ Full | ✗ | ✗ | ✗ | Manual setup |
| M365 / Gmail credential abuse | ✓ Automated | ✗ | ✗ | ✗ | Scripted |
| Dark web credential search | ✓ Tor-routed | ✗ | ✗ | ✗ | ✗ |
| HIBP integration | ✓ | ✗ | ✗ | ✗ | Manual API |
| SMTP AUTH spray + wordlists | ✓ Ignis 1M | ✗ | ✓ Basic | ✗ | Hydra / manual |
| SPF chain recursive analysis | ✓ Full walk | ✗ | ✗ | ✗ | dig + manual |
| Domain permutation generation | ✓ | ✗ | ✗ | ✗ | dnstwist |
| Open relay detection | ✓ | ✗ | ✓ Limited | ✗ | telnet / manual |
| Forensic header analysis | ✓ | ✗ | ✗ | ✗ | Online tools |
| Professional HTML/PDF report | ✓ One click | ✓ Basic CSV | ✗ | ✓ Basic | Hours of work |
| GUI interface | ✓ | ✓ | ✗ | ✓ | — |
| CLI interface | ✓ | ✗ | ✓ | ✗ | — |
| 3FA auth + session TTL | ✓ | Basic | ✗ | Basic | — |
| Single binary, zero deps | ✓ | ✓ Go binary | ✗ Python env | ✗ Python env | — |
| Active development | ✓ | Slow | Slow | Unmaintained | — |
| Price | From €22/mo | Free | Free | Free | High (time cost) |
Gophish / SET / King Phisher data based on public documentation as of 2026. ✓ = supported · ✗ = not supported · partial = requires external tools or manual steps.
Ready to run it?
Licence issued instantly after payment. Binary available from the customer portal.