Zaqar v1.3 - Support this project on Github

Zaqar Icon

Zaqar: The Email Spoofer

Spoof all the emails!

In Mesopotamian mythology, Zaqar is the messenger of the god Sin. He relays these messages to mortals through his power over their dreams and nightmares.

Zaqar is designed to aid penetration testers in creating spoofed emails to conduct social engineering attacks. This sleek, simple tool allows testers to send an email looking as if it came from any email address with options of using a rich text editor or raw text.

Pro Tip: You can send to multiple addresses at once if you seperate each address with a comma

Note: You still want to add at least one "to" address, as many anti-spam filters will discard messages with no "to" field in the header. It does not have to be a real address.

When crafting your email you have two options: you can either build it using the rich text editor (which will convert the message to HTML) or you can send the message as raw text. While rich text allows more flexibility in how a message can be presented, not all mail clients render HTML correctly or at all. You need to research your target in order to know if the rich text editor is appropriate--when in doubt, use the raw editor.

File Attachment

You have the option to send an attatchment with your email. Make sure that your webserver php.ini file allows for file uploads, and that the max upload size is set to at least the size of your attatchment. This may be the case by default, and an error will be presented if it does not work.

By checking this box you agree to the basic terms of usage for this application