Termux ID: Phishing

Catching malicious phishing domain names using certstream SSL certificates live stream.
This is just a working PoC, feel free to contribute and tweak the code to fit your needs.

Installation
The script should work fine using Python2 or Python3.
You will need the following python packages installed: certstream, tqdm, entropy, termcolor, tld, python_Levenshtein

pip install -r requirements.txt

Usage

$ ./catch_phishing.py

Example phishing caught

Download Phishing Catcher

Phishing Catcher - Catching malicious phishing domain names using Certstream SSL certificates live stream

Admin Saturday, November 18, 2017

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token.

Benefits

Fully supported SSL via Let's Encrypt
Exact login form clones for realistic phishing
Any number of intermediate pages
- (i.e. Gmail login, password and two-factor pages then a redirect)
Supports phishing 2FA tokens
API for integrating credentials into other applications
Easy to personalize using a templating framework

Basic Usage
usage: credsniper.py [-h] --module MODULE [--twofactor] [--port PORT] [--ssl] [--verbose] --final FINAL --hostname HOSTNAME

optional arguments:
  -h, --help           show this help message and exit
  --module MODULE      phishing module name - for example, "gmail"
  --twofactor          enable two-factor phishing
  --port PORT          listening port (default: 80/443)
  --ssl                use SSL via Let's Encrypt
  --verbose            enable verbose output
  --final FINAL        final url the user is redirected to after phishing is done
  --hostname HOSTNAME  hostname for SSL

Credentials
.cache : Temporarily store username/password when phishing 2FA
.sniped : Flat-file storage for captured credentials and other information

API End-point

View Credentials (GET) https://<phish site>/creds/view?api_token=<api token>
Mark Credential as Seen (GET) https://<phish site>/creds/seen/<cred_id>?api_token=<api token>
Update Configuration (POST) https://<phish site>/config

 {
    'enable_2fa': true,
    'module': 'gmail',
    'api_token': 'some-random-string'
 }

Modules
All modules can be loaded by passing the --module <name> command to CredSniper. These are loaded from a directory inside /modules. CredSniper is built using Python Flask and all the module HTML templates are rendered using Jinja2.

Gmail: The latest Gmail login cloned and customized to trigger/phish all forms of 2FA
- modules/gmail/gmail.py: Main module loaded w/ --module gmail
- modules/gmail/templates/error.html: Error page for 404's
- modules/gmail/templates/login.html: Gmail Login Page
- modules/gmail/templates/password.html: Gmail Password Page
- modules/gmail/templates/authenticator.html: Google Authenticator 2FA page
- modules/gmail/templates/sms.html: SMS 2FA page
- modules/gmail/templates/touchscreen.html: Phone Prompt 2FA page

Installation

Ubuntu 16.04
You can install and run automatically with the following command:

$ git clone https://github.com/ustayready/CredSniper
$ cd CredSniper
~/CredSniper$ ./install.sh

Then, to run manually use the following commands:

~/$ cd CredSniper
~/CredSniper$ source bin/activate
(CredSniper) ~/CredSniper$ python credsniper.py --help

Note that Python 3 is required.

Screenshots

Gmail Module

Download CredSniper

Capture CredSniper Framework Phishing Phone Python Secure

CredSniper - Phishing Framework which supports SSL and capture credentials with 2FA tokens

Admin Sunday, November 12, 2017

An unicode domain phishing generator for IDN Homograph Attack.

VIDEO DEMO

CLONE

git clone https://github.com/UndeadSec/EvilURL.git

RUNNING

cd EvilURL
python evilurl.py

PREREQUISITES

python 2.7

TESTED ON
Kali Linux - ROLLING EDITION

Download EvilURL

Domain Phishing EvilURL IDN Homograph Attack Kali Kali Linux Linux Phishing

EvilURL - An Unicode Domain Phishing Generator for IDN Homograph Attack

Admin Thursday, November 9, 2017

Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

Some benefits

One of its most enticing functions is the remote recognition of sessions. You can know where a person has logged in, remotely. This occurs through a Bypass made to the Same Origin Policy (SOP)
Currently you can try everything from a web interface. (The console, becomes a preview of the logs and actions)
Registration of victims, requests among other data are obtained in real time.
If you get more information from a person behind a computer, you can generate a more direct and sophisticated attack. Trape was used at some point to track down criminals and know their behavior.
You can do real time phishing attacks
Simple hooking attacks
Mapping
Important details of the objective
Capturing credentials
Open Source Intelligence (OSINT)

Recognizes the sessions of the following services

Facebook
Twitter
VK
Reddit
Gmail
tumblr
Instagram
Github
Bitbucket
Dropbox
Spotify
PayPal
Amazon

How to use it
First unload the tool.

git clone https://github.com/boxug/trape.git
cd trape
python trape.py -h

If it does not work, try to install all the libraries that are located in the file requirements.txt

pip install -r requirements.txt

Example of execution

Example: python trape.py --url http://example.com --port 8080

In the option --url you must put the lure, can be a news page, an article something that serves as a presentation page.
In the --port option you just put the port where you want it to run
Do you like to monitor your people? Everything is possible with Trape
Do you want to perform phishing attacks? Everything is possible with Trape
In the Files directory, located on the path: /static/files here you add the files with .exe extension or download files sent to the victim.

Here are some simple videos to use:
Spanish: https://www.youtube.com/watch?v=ptyuCQmMKiQ
English: https://www.youtube.com/watch?v=FdwyIZhUx3Y
At an international security event in Colombia, called DragonJAR Security Conference 2017, a demonstration was made before the launch. You can watch the video here: https://www.youtube.com/watch?v=vStSEsznxgE

Disclaimer
This tool has been published educational purposes in order to teach people how bad guys could track them or monitor them or obtain information from their credentials, we are not responsible for the use or the scope that may have the People through this project.
We are totally convinced that if we teach how vulnerable things are, we can make the Internet a safer place.

Developers or participants
The following people are part of the core of development and research in Boxug.
This development and others, the participants will be mentioned with name, Twitter and charge.

Jose Pino - @jofpin - (CEO at boxug)
Jhonathan Espinosa - @st4nn - (CTO at boxug)

Download trape

Extension Linux Mac People Tracker Phishing Python Trape Twitter Video Windows

Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT

Admin Friday, November 3, 2017

Protect your parents from phishing, HTTP proxy focused on block phishing URL's

Install

git clone https://github.com/mthbernardes/HouseProxy.git
cd HouseProxy/
pip install -r requeriments.txt

Config
Edit etc/HouseProxy.conf to change de default user and password Create a entry in your DNS to house.proxy

Usage

$ hug -f index.py
$ sudo echo "localhost  house.proxy" >> /etc/hosts

Set the house.proxy:3128 as your proxy Open the browser and access http://house.proxy:8000 Click in update blacklists It my take a while, the tool is downloading blacklists from phishitank and openphish. Done, now just try to access a malicious URL.

Usage recomendation
Install it on a raspberry pi, create a network, force all http traffics to pass through the pi on 3128 port (transparent proxy), and connect the clients to this network.

Video

Download HouseProxy

HouseProxy HTTP Proxy Linux Phishing

HouseProxy - HTTP proxy focused on block phishing URL's

Admin Thursday, November 2, 2017

Phishruffus is a tool designed to identify threats and malicious DNS servers on the Internet that are used for the illicit practice of bank phishing.

Usage:

$ pip install -r requirements.txt
$ ./phishruffus.py –listdns dns_servers.txt –timeout 5

Phishruffus - Intelligent Threat Hunter And Phishing Servers

Admin Wednesday, November 1, 2017

Script Phising Facebook Versi Hack Facebook Created M Daffa Najwan

Langsung aja download tanpa basa basi

Download :

ZippyShare : Download

script phising facebook
script phising facebook mobile
script phising facebook original
script phishing facebook auto like
script phising facebook pelangi
script phising facebook login
script phishing facebook tampilan auto like
script phising facebook terbaru 2017
script phishing facebook quiz
script phising facebook pulsa
script phising facebook 2017
cara membuat script phising facebook
cara buat script phising facebook
download script phising facebook
download script phising facebook 2015
download script phising facebook 2016
download script phising facebook 2014
download script phising facebook auto like
download script phising facebook send email
script phising facebook send email
script phising facebook ganti nama
script phising facebook pulsa gratis
kumpulan script phising facebook
script phising facebook auto like
script phising facebook true login
script phising m.facebook
script phising facebook send mail
script phising facebook pc
script phishing facebook pelangi
download script phising facebook pelangi
facebook phising php script
facebook phishing page script.zip
script phising facebook anti suspend
script phishing facebook true login
script phising facebook terbaru
script phising facebook terbaru 2015
script phising facebook terbaru 2016
script phishing facebook terbaru 2014
phising facebook script terbaru 2015
download script phising facebook terbaru
script phising untuk facebook
script phishing facebook wapka
script phising facebook web
facebook phishing script wapka
script phising facebook 2015
script phising facebook 2016
script phising facebook 2014
script phising auto like facebook 2015

Phishing

Script Phising Facebook Versi Hack Facebook Created M Daffa Najwan

Admin Tuesday, October 24, 2017

Script Phising Point Blank Treasure True Login

Yuk yukk ngecrottzzzzz , Point Blank Treasure True Login , script phising true login point blank 2017 , pb script phising 2017 , event point blank 2017 terbaru

Demo : http://pointblank-event.16mb.com/

Download : Tu5b0ld Here

Sumber ? : http://kinekaru-sec.blogspot.co.id/2017/04/script-phising-pb-private-terbaru-true.html

Phishing

Script Phising Point Blank Treasure True Login

Admin Monday, April 17, 2017

Halaman

Social Items

Termux ID

Phishing Catcher - Catching malicious phishing domain names using Certstream SSL certificates live stream

CredSniper - Phishing Framework which supports SSL and capture credentials with 2FA tokens

EvilURL - An Unicode Domain Phishing Generator for IDN Homograph Attack

Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT

HouseProxy - HTTP proxy focused on block phishing URL's

Phishruffus - Intelligent Threat Hunter And Phishing Servers

Script Phising Facebook Versi Hack Facebook Created M Daffa Najwan

Script Phising Facebook Versi Hack Facebook Created M Daffa Najwan

Script Phising Point Blank Treasure True Login

Script Phising Point Blank Treasure True Login