We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
Modlishka - Modlishka. Reverse Proxy. Phishing NG.
Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. Note: google.com was chosen here just as a POC.
phishinggophish - Open-Source Phishing Toolkit
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.
gophish phishing securityDr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
hacking-tool windows-hacking backdoor execution-policy-bypass hacking pentest uac-bypass kill-antivirus kali-linux powershell phishing social-engineering scam avs runas anti-forensics persistence spoofing malware dr0p1tking-phisher - Phishing Campaign Toolkit
For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
king-phisher phishing securitydnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is quite straightforward: dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered. Additionally it can test if the mail server from MX record can be used to intercept misdirected corporate e-mails and it can generate fuzzy hashes of the web pages to see if they are live phishing sites.
phishing typosquatting domains analytics threatintel dns punycode osintking-phisher - Phishing Campaign Toolkit
For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki. King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
security king-phisher phishingFiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements
FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options. This project is my own and is not a representation of my employer's views. It is my own side project and released by me alone.
phishing security netsec hacking emailSocialFish - Ultimate phishing tool. Socialize with the credentials.
ONLY DOWNLOAD IT HERE, DO NOT TRUST IN OTHER PLACES. This is the official and only repository of the SocialFish project.
phishing pentesting undead educational pentestphishing_catcher - Phishing catcher using Certstream
Catching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.
phishing threat-intelligence certificate-transparency osint threatintelintelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.
cybersecurity threat ioc malware phishing cert csirt intelligence incident-response alerts feeds incident handling automation ihapethereum-lists - A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth
A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists. Navigate to the file you would like to make the adjustment to by clicking it's name.
myetherwallet ethereum chain ethereum-lists security-tools phishingEvilURL - Generate unicode evil domains for IDN Homograph Attack and detect them.
Generate unicode evil domains for IDN Homograph Attack and detect them.
idn attack pentest phishing idn-homograph-attackdnstwister - Domain name permutation as a service
A Heroku-hosted version of the very excellent dnstwist. This project, dnstwister, gives you access to the power of dnstwist via a convenient web interface and offers email alerts, Atom feeds, csv/json reports and a fully featured RESTful API.
phishing dns domain-namePhishingPost - PHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter
PHP Script intdended to be used during Phishing campaigns as a credentials collector linked to backdoored HTML <form> action parameter. Originally this script had been developed in the following gist. Then, this script shall be named as post.php to get it working.
penetration testing phishing hacking pentest harvesterVisualBasicObfuscator - Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments
Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments. To be used mainly to avoid AV and mail filters detections as well as Blue Teams inspection tasks. There is still a huge area of improvement in testing which obfuscation techniques trigger what patterns, and work towards reducing such detection rate.
phishing penetration testing hacking macro visual obfuscationnode-safe-browse - A Node
The SafeBrowsing Lookup API v3 allows applications to check malicious URLs against Google's constantly updated list of malware and phishing websites/pages. In order to use the module you need to sign up for an API_KEY at the Google Developers Console.
safe-browse browse-safe safe phishing malwaremacphish - Office for Mac Macro Payload Generator
For the 'creds' method, macphish can generate the Applescript script directly, in case you need to run it from a shell. By default, it uses curl but other utilities (wget, nslookup) can be used by modifying the command template.
macros osx office phishinggitem - A Github organization reconnaissance tool.
Gitem is a tool for performing Github organizational reconnaissance. Gitem can be used to collect information at various levels of granularity from Github.
github git reconnaissance osint phishing recruitmentPhishruffus - Intelligent threat hunter and phishing servers
Phishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing.
phishing phishing-servers threat-intelligence threat-analysisisthislegit - Dashboard to collect, analyze, and respond to reported phishing emails.
IsThisLegit is a dashboard and Chrome extension that makes it easy to receive, analyze, and respond to phishing reports. Current Status 07/26/2017 - This is the initial release of IsThisLegit. While we think it's awesome, we recommend treating it like an alpha release. So please take it for a spin, but know that there are almost certainly bugs to be found/fixed.
phishing-reports phishing infosec security security-tools security-automation
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
