A Go implementation designed to resolve a domain's SPF (Sender Policy Framework) records into a list of IP addresses and CIDR blocks. This project is a remake of and inspired by the original Python-based SPF2IP by Nathan Dines.
This tool recursively processes SPF records, handling include and redirect mechanisms, and extracts all authorized IP networks.
- Resolves SPF records for a given domain.
- Supports both IPv4 and IPv6 resolution (
ip4,ip6,a,mxmechanisms). - Handles
includeandredirectmechanisms recursively. - Implements strict redirect logic (a
redirectoverrides preceding mechanisms in the same record). - Detects and prevents resolution loops and excessive lookups (via include depth limit).
- Outputs all IPs and networks in canonical CIDR notation (e.g.,
1.2.3.4/32,10.0.0.0/24), sorted and unique.
This project is a Go remake of the original SPF2IP (Python) by Nathan Dines. Full credit and thanks to Nathan Dines for the original concept and implementation.
To build the spf2ip-go executable from source, follow these steps:
-
Clone the repository:
git clone https://github.com/HENNGE/spf2ip-go.git cd spf2ip-go -
Build the executable:
go build github.com/HENNGE/spf2ip-go/cmd/spf2ip-go
This will create an executable named
spf2ip-goin the current directory.
If you prefer to use Go modules, you can run the following command to install the package:
go install github.com/HENNGE/spf2ip-go/cmd/spf2ip-go@latestspf2ip-go --domain <domain_name> [--ip-version <4|6>] [--debug]--domain <string>: (Required) The domain for which the SPF records should be resolved.--ip-version <int>: (Optional) The IP version to extract. Accepts4for IPv4 or6for IPv6. Defaults to4.--debug: (Optional) Enable debug logging output to stderr. Defaults tofalse.
-
Get IPv4 addresses for
example.com:spf2ip-go --domain example.com
-
Get IPv6 addresses for
example.com:spf2ip-go --domain example.com --ip-version 6
-
Get IPv4 addresses for
example.comwith debug output:spf2ip-go --domain example.com --debug