Displaying 1 to 20 from 29 results

Modlishka - Modlishka. Reverse Proxy. Phishing NG.

  •    Go

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. Note: google.com was chosen here just as a POC.

gophish - Open-Source Phishing Toolkit

  •    Go

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

king-phisher - Phishing Campaign Toolkit

  •    Python

For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.




dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

  •    Python

See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is quite straightforward: dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered. Additionally it can test if the mail server from MX record can be used to intercept misdirected corporate e-mails and it can generate fuzzy hashes of the web pages to see if they are live phishing sites.

FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements

  •    PHP

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options. This project is my own and is not a representation of my employer's views. It is my own side project and released by me alone.

SocialFish - Ultimate phishing tool. Socialize with the credentials.

  •    HTML

ONLY DOWNLOAD IT HERE, DO NOT TRUST IN OTHER PLACES. This is the official and only repository of the SocialFish project.

phishing_catcher - Phishing catcher using Certstream

  •    Python

Catching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.


intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol

  •    Python

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.

ethereum-lists - A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth

  •    Javascript

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists. Navigate to the file you would like to make the adjustment to by clicking it's name.

dnstwister - Domain name permutation as a service

  •    Python

A Heroku-hosted version of the very excellent dnstwist. This project, dnstwister, gives you access to the power of dnstwist via a convenient web interface and offers email alerts, Atom feeds, csv/json reports and a fully featured RESTful API.

PhishingPost - PHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter

  •    PHP

PHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter. Originally this script had been developed in the following gist. Then, this script shall be named as post.php to get it working.

VisualBasicObfuscator - Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments

  •    Python

Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments. To be used mainly to avoid AV and mail filters detections as well as Blue Teams inspection tasks. There is still a huge area of improvement in testing which obfuscation techniques trigger what patterns, and work towards reducing such detection rate.

node-safe-browse - A Node

  •    Javascript

The SafeBrowsing Lookup API v3 allows applications to check malicious URLs against Google's constantly updated list of malware and phishing websites/pages. In order to use the module you need to sign up for an API_KEY at the Google Developers Console.

macphish - Office for Mac Macro Payload Generator

  •    Python

For the 'creds' method, macphish can generate the Applescript script directly, in case you need to run it from a shell. By default, it uses curl but other utilities (wget, nslookup) can be used by modifying the command template.

gitem - A Github organization reconnaissance tool.

  •    Python

Gitem is a tool for performing Github organizational reconnaissance. Gitem can be used to collect information at various levels of granularity from Github.

Phishruffus - Intelligent threat hunter and phishing servers

  •    Python

Phishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing.

isthislegit - Dashboard to collect, analyze, and respond to reported phishing emails.

  •    Python

IsThisLegit is a dashboard and Chrome extension that makes it easy to receive, analyze, and respond to phishing reports. Current Status 07/26/2017 - This is the initial release of IsThisLegit. While we think it's awesome, we recommend treating it like an alpha release. So please take it for a spin, but know that there are almost certainly bugs to be found/fixed.

phish-collect - Python script to hunt phishing kits

  •    Python

This is the code used in our experiment to collect phishing kits at scale. This requires integrations with phishing feed providers, which may need API keys or other credentials. We ran our experiment using an Amazon EC2 instance. This are the basic commands to get up and running.