Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. Note: google.com was chosen here just as a POC.
phishingGophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.
gophish phishing securityA framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
hacking-tool windows-hacking backdoor execution-policy-bypass hacking pentest uac-bypass kill-antivirus kali-linux powershell phishing social-engineering scam avs runas anti-forensics persistence spoofing malware dr0p1tFor instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
king-phisher phishing securitySee what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is quite straightforward: dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered. Additionally it can test if the mail server from MX record can be used to intercept misdirected corporate e-mails and it can generate fuzzy hashes of the web pages to see if they are live phishing sites.
phishing typosquatting domains analytics threatintel dns punycode osintFor instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
security king-phisher phishingFiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options. This project is my own and is not a representation of my employer's views. It is my own side project and released by me alone.
phishing security netsec hacking emailONLY DOWNLOAD IT HERE, DO NOT TRUST IN OTHER PLACES. This is the official and only repository of the SocialFish project.
phishing pentesting undead educational pentestCatching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.
phishing threat-intelligence certificate-transparency osint threatintelIntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.
cybersecurity threat ioc malware phishing cert csirt intelligence incident-response alerts feeds incident handling automation ihapA repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists. Navigate to the file you would like to make the adjustment to by clicking it's name.
myetherwallet ethereum chain ethereum-lists security-tools phishingGenerate unicode evil domains for IDN Homograph Attack and detect them.
idn attack pentest phishing idn-homograph-attackA Heroku-hosted version of the very excellent dnstwist. This project, dnstwister, gives you access to the power of dnstwist via a convenient web interface and offers email alerts, Atom feeds, csv/json reports and a fully featured RESTful API.
phishing dns domain-namePHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter. Originally this script had been developed in the following gist. Then, this script shall be named as post.php to get it working.
penetration testing phishing hacking pentest harvesterVisual Basic Code universal Obfuscator intended to be used during penetration testing assignments. To be used mainly to avoid AV and mail filters detections as well as Blue Teams inspection tasks. There is still a huge area of improvement in testing which obfuscation techniques trigger what patterns, and work towards reducing such detection rate.
phishing penetration testing hacking macro visual obfuscationThe SafeBrowsing Lookup API v3 allows applications to check malicious URLs against Google's constantly updated list of malware and phishing websites/pages. In order to use the module you need to sign up for an API_KEY at the Google Developers Console.
safe-browse browse-safe safe phishing malwareFor the 'creds' method, macphish can generate the Applescript script directly, in case you need to run it from a shell. By default, it uses curl but other utilities (wget, nslookup) can be used by modifying the command template.
macros osx office phishingGitem is a tool for performing Github organizational reconnaissance. Gitem can be used to collect information at various levels of granularity from Github.
github git reconnaissance osint phishing recruitmentPhishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing.
phishing phishing-servers threat-intelligence threat-analysisIsThisLegit is a dashboard and Chrome extension that makes it easy to receive, analyze, and respond to phishing reports. Current Status 07/26/2017 - This is the initial release of IsThisLegit. While we think it's awesome, we recommend treating it like an alpha release. So please take it for a spin, but know that there are almost certainly bugs to be found/fixed.
phishing-reports phishing infosec security security-tools security-automation
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.