Fast Mail Bomber via Mailman
English | 简体中文
Fast Mail Bomber via Mailman (also FMB for short) is an email bombing/spamming tool written in php. FMB bombs the target's mailbox by sending bulk emails via mailman services hosted by different providers.
DISCLAIMER: THIS PROJECT IS FOR ACADEMIC PURPOSES ONLY. THE DEVELOPERS TAKE NO RESPONSIBILITY FOR ILLEGAL USAGE AND/OR POTENTIAL HARMS.
Requirements
- PHP >= 7.2
- cURL extension support
Features
- Automatically get mailman servers (providers) from Shodan or import from local files.
- Multithreading bombing process.
- 900+ built-in providers & 50,000+ built-in nodes list, providing efficiency.
- Reliable exception handling mechanism.
Installation
1. Clone this project
You can use git to clone this project or download .zip file from GitHub.
git clone https://github.com/juzeon/fast-mail-bomber.git
cd fast-mail-bomber/
2. Configure
Copy config.example.php
to config.php
and edit it according to the annotations in the file to suit your needs.
Usage
Concept explanations:
Provider: A mailman server, which usually contains a listinfo
page listing all subscription nodes. eg. http://lists.centos.org/mailman/listinfo
Node: A subscription node on a mailman server, which can be used to send subscription confirmation emails to a target. eg. http://lists.centos.org/mailman/subscribe/centos
1. (Optional) Updating Providers from Shodan & ZoomEye or a local file
# Updating providers from Shodan & ZoomEye. Set a Shodan and/or ZoomEye api key in config.php first.
php index.php update-providers
# Importing providers from a local file. There's no restriction on file format/pattern since FMB uses RegExp to match provider urls.
php index.php import-providers <filepath>
Duplicate providers will be automatically removed.
2. (Recommand) Updating Nodes from the existing provider list
# Optional. Due to various factors of different network environments, the built-in nodes may not work in your environment. So it's a good idea to delete these nodes (but not data/providers.json) and execute update-nodes on your own. Depending on the speed of your network and the size of our providers list, it may take 10~30 minutes.
rm -rf data/nodes.json data/dead_providers.json
# Getting all subscription nodes that can be used for bombing from providers.
php index.php update-nodes
# Optional. Refine only one node from each provider, which will be extracted into a different file.
php index.php refine-nodes
When getting nodes, unavailable providers previously added will be automatically added to a dead list and will not be used.
Duplicate nodes will be automatically removed.
You can also use built-in providers and nodes and skip this step.
3. Starting to bomb
php index.php start-bombing [refined] <email address>
# eg. Use all nodes to bomb an email:
php index.php start-bombing [email protected]
# eg. Use refined nodes to bomb an email:
php index.php start-bombing refined [email protected]
Successful and failed requests will be printed via console. Press CTRL+C to cease the process.
DISCLAIMER: THIS PROJECT IS FOR ACADEMIC PURPOSES ONLY. THE DEVELOPERS TAKE NO RESPONSIBILITY FOR ILLEGAL USAGE AND/OR POTENTIAL HARMS.
Testing results
I tested FMB's performance when bombing different mail providers once. Here's the results:
Proton Mail: 99.4% into Inbox, 0.6% into Spambox.
Gmail: 83.2% into Inbox, 16.8% into Spambox.
Outlook Mail: 77.1% into Inbox, 22.9% into Spambox.
163 Mail: 100% into Inbox, 0% into Spambox.
QQ Mail: 71% into Inbox, 29% into Spambox.
Zoho Mail: 0% into Inbox, 15.9% into Newsletter, 84.1% into Spambox.
Yandex Mail: 0% into Inbox, 100% into Spambox.
How to prevent being bombed
Because of the mail template used in mailman's default settings, simply add the following text as one of your mailbox's filter rule:
Mailing list subscription confirmation notice for mailing list
License
GPL v2.0