gophish - Open-Source Phishing Toolkit

  •        67

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

https://getgophish.com
https://github.com/gophish/gophish

Tags
Implementation
License
Platform

   




Related Projects

FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements

  •    PHP

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options. This project is my own and is not a representation of my employer's views. It is my own side project and released by me alone.

king-phisher - Phishing Campaign Toolkit

  •    Python

For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol

  •    Python

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.

dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

  •    Python

See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is quite straightforward: dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered. Additionally it can test if the mail server from MX record can be used to intercept misdirected corporate e-mails and it can generate fuzzy hashes of the web pages to see if they are live phishing sites.

phishing-frenzy - Ruby on Rails Phishing Framework

  •    PHP

Ruby on Rails Phishing Framework


phishing_catcher - Phishing catcher using Certstream

  •    Python

Catching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.

Modlishka - Modlishka. Reverse Proxy. Phishing NG.

  •    Go

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. Note: google.com was chosen here just as a POC.

ThreatExchange - Share threat information with vetted partners

  •    Python

ThreatExchange is a set of RESTful APIs on the Facebook Platform for querying, publishing, and sharing security threat information. It's a light-weight way for exchanging details on malware, phishing pages, and other threats with either specific members of the community or the ThreatExchange community at large.This repository contains example code for using the API.

social_mapper - A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

  •    Python

Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review. Social Mapper has a variety of uses in the security industry, for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results, so that reviewing this data is quicker for a human operator.

ethereum-lists - A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth

  •    Javascript

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists. Navigate to the file you would like to make the adjustment to by clicking it's name.

fluxion - Fluxion is a remake of linset by vk496 with less bugs and enhanced functionality.

  •    HTML

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues. If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord.

Brave - Next generation Brave browser for macOS, Windows, Linux, and eventually Android

  •    C++

Brave is on a mission to fix the web by giving users a safer, faster and better browsing experience – while growing support for content creators through a new attention-based ecosystem of rewards. It loads pages 2x faster on desktop and up to 8x faster on mobile.

weeman - :tropical_fish: HTTP Server for phishing in Python

  •    Python

HTTP server for phishing in python. (and framework) Usually you will want to run Weeman with DNS spoof attack. (see dsniff, ettercap).

Camino

  •    C++

Camino is an open source web browser developed with a focus on providing the best possible experience for Mac OS X users. With features like annoyance blocking, tab overview, and phishing and malware detection, Camino keeps you browsing safer and faster on the Web.

SocialFish - Ultimate phishing tool. Socialize with the credentials.

  •    HTML

ONLY DOWNLOAD IT HERE, DO NOT TRUST IN OTHER PLACES. This is the official and only repository of the SocialFish project.

evilginx - PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2

  •    Python

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server. I am aware that Evilginx can be used for very nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration, when setting up defenses, and find ways to protect against this phishing method. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

  •    Go

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens

  •    HTML

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token. All modules can be loaded by passing the --module <name> command to CredSniper. These are loaded from a directory inside /modules. CredSniper is built using Python Flask and all the module HTML templates are rendered using Jinja2.

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  •    Ruby

This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.