PhEmail - Automate Sending Phishing Emails

PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test. The main purpose of PhEmail is to send a bunch of phishing emails and prove who clicked on them without attempting to exploit the web browser or email client but collecting as much information as possible. PhEmail comes with an engine to garther email addresses through LinkedIN, useful during the information gathering phase. Also, this tool supports Gmail authentication which is a valid option in case the target domain has blacklisted the source email or IP address. Finally, this tool can be used to clone corporate login portals in order to steal login credentials.

Usage

PHishing EMAIL tool v0.13
Usage: phemail.py [-e <emails>] [-m <mail_server>] [-f <from_address>] [-r <replay_address>] [-s <subject>] [-b <body>]
          -e    emails: File containing list of emails (Default: emails.txt)
          -f    from_address: Source email address displayed in FROM field of the email (Default: Name Surname <name_surname@example.com>)
          -r    reply_address: Actual email address used to send the emails in case that people reply to the email (Default: Name Surname <name_surname@example.com>)
          -s    subject: Subject of the email (Default: Newsletter)
          -b    body: Body of the email (Default: body.txt)
          -p    pages: Specifies number of results pages searched (Default: 10 pages)
          -v    verbose: Verbose Mode (Default: false)
          -l    layout: Send email with no embedded pictures 
          -B    BeEF: Add the hook for BeEF
          -m    mail_server: SMTP mail server to connect to
          -g    Google: Use a google account username:password
          -t    Time delay: Add deleay between each email (Default: 3 sec)
          -R    Bunch of emails per time (Default: 10 emails)
          -L    webserverLog: Customise the name of the webserver log file (Default: Date time in format "%d_%m_%Y_%H_%M")
          -S    Search: query on Google
          -d    domain: of email addresses
          -n    number: of emails per connection (Default: 10 emails)
          -c    clone: Clone a web page
          -w    website: where the phishing email link points to
          -o    save output in a file
          -F    Format (Default: 0): 
                0- firstname surname
                1- firstname.surname@example.com
                2- firstnamesurname@example.com
                3- f.surname@example.com
                4- firstname.s@example.com
                5- surname.firstname@example.com
                6- s.firstname@example.com
                7- surname.f@example.com
                8- surnamefirstname@example.com
                9- firstname_surname@example.com 

Examples: phemail.py -e emails.txt -f "Name Surname <name_surname@example.com>" -r "Name Surname <name_surname@example.com>" -s "Subject" -b body.txt
          phemail.py -S example -d example.com -F 1 -p 12
          phemail.py -c https://example.com

Disclaimer

Usage of PhEmail for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.

Download PhEmail

Read More

WiFiPhisher - Fast automated phishing attacks against WiFi networks

Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.

Wifiphisher works on Kali Linux and is licensed under the MIT license.

From the victim's perspective, the attack makes use in three phases:

1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
3. Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials, for example one that asks WPA password confirmation due to a router firmware upgrade.

Usage

Short form	Long form	Explanation
-m	maximum	Choose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5
-n	noupdate	Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n
-t	timeinterval	Choose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001
-p	packets	Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2
-d	directedonly	Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs
-a	accesspoint	Enter the MAC address of a specific access point to target
-jI	jamminginterface	Choose the interface for jamming. By default script will find the most powerful interface and starts monitor mode on it.
-aI	apinterface	Choose the interface for the fake AP. By default script will find the second most powerful interface and starts monitor mode on it.

Screenshots

Targeting an access point

A successful attack

Fake router configuration page

Requirements

• Kali Linux.
• Two wireless network interfaces, one capable of injection.

Download WiFiPhisher

Read More

[EMS] E-mail Spoofer

E-mail Spoofer is a tool designed for penetration testers who need to send phishing e-mails.

It allows to send mails to a single recipient or a list, it supports plain text/html email formats, attachments, templates and more…

Features

• Support for Plain text and HTML
• E-mail Templates
• Spoofing Sender Address
• Support SMTP Authentication and SSL
• Single or Multiple Recipients
• HTML E-mail Preview

Download EMS

Read More

[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks

Ghost Phisher is an application of security which comes built-in with a fake DNS server , DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS, or requests of the phishing attacks.

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

• Ubuntu KDE/GNOME
• BackTrack Linux
• BackBox Linux 

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using "apt-get install program" or otherwise downloaded and installed manually

• Aircrack-NG
• Python-Scapy
• Python Qt4
• Python
• Subversion
• Xterm
• Metasploit Framework (Optional)

Features
Ghost Phisher currently supports the following features:

• HTTP Server
• Inbuilt RFC 1035 DNS Server
• Inbuilt RFC 2131 DHCP Server
• Webpage Hosting and Credential Logger (Phishing)
• Wifi Access point Emulator
• Session Hijacking (Passive and Ethernet Modes)
• ARP Cache Poisoning (MITM and DOS Attacks)
• Penetration using Metasploit Bindings
• Automatic credential logging using SQlite Database
• Update Support

Download Ghost Phisher v1.5

Read More