How To Use Mailsploit v1.1 For Penetration Testing

Hi everybody, I’m going to talk about how to setup and use mailsploit v1.1, this python script is developed by me and if there are any bugs or problems please feel free to comment down the bottom.

How Does It Work?

Well, this is a python script, and you all know what they say about python, you can do almost anything.

how it works is, it is able to send someone a malicious link to an email account or facebook messenger, once they open up the link they will be owned!. the malicious link can be created a variety of different ways, he is a list of some of the ways you can create your malicious link.

  1. You can use the social engineering toolkit that comes with Kali.
  2. You can create a phishing site such as the credential harvester which is a part of the social engineering toolkit
  3. You can create a malicious file using MSFVenom
  4. You can create a malicious file using TheFatRat which will be able to bypass antivirus solutions.

it is really up to your creative skills, you have to be smart and plan the attack very well.

Once you have created your payload you need to upload it to a free file hosting service and copy the link.

Heres one:

How To Use It?

Okay, this is a very good question because it can be confusing at first but it’s actually not!!.

There are some things you need to have to be able to move on.

here is a list.

  1. Fake email account, you can create one with Gmail just put in fake information.
  2. Fake Facebook account if you want to use the FB Messenger function.
  3. And some skills with Linux.

You now need to download the software by issuing this command in you’re terminal.

git clone

Now we need to install all the required dependencies, so type in this.


Okay, we have successfully downloaded and installed mailsploit,

Now we need to setup the config file.


Define Your Credentials

Now looking at the config file under where it says “Define your SMTP credentials”  it’s asking you to replace None, with your Gmail credentials, or any other SMTP service.

alternatively where it says “Define your Facebook Credentials” you need to replace None with the required information.

Facebook Feature

I’m going to assume you know what I mean about replace None with the required information.

Okay so with the fbuser you need to type in the victim’s Name on Facebook.

fbuserID this will be the user’s Facebook ID this can be found by looking at the URL, it contains either numbers or a name.

fbmessage is very important this will be the message you are going to send, the message needs to be convincing so the victim will download the malicious link.

Now run,

And follow the prompts and paste the link.

Mail Feature

This one is another form of attack which is part of mailsploit, to use it, you need to type in your spoofName this will be the fake name that gets displayed in the email.

targeEmail is the email account of the victim.

subject is the email subject.

message is pretty simple, it’s the message you’re going to send, now remember this needs to be very convincing.

Now type,

And follow the prompts and paste the link.

Please comment if you’re having any problems I will be happy enough to help.

This cannot be used for illegal activities, I’m not to blame if you get into trouble.

Leave a Reply