Ares

Phishing toolkit for red teams and pentesters. Ares allows security testers to create a landing page easily, embedded within the original site. Ares acts as a proxy between the phished and original site, and allows (real-time) modifications and injects. All references to the original site are being rewritten to the new site. Users will use the site like they’ll normally do, but every step will be recorded of influence. Ares will work perfectly with dns poisoning as well.

Features

• realtime 1 to 1 of the original site
• modify specific paths to return static (rendered as Go template) files
• create redirects (short urls)
• inject scripts into the target site
• support ssl (using let’s encrypt)
• multiple targets / hosts
• enhanced filtering on the path, method, ip addresses, and user-agent
• all requests and responses are being logged into Elasticsearch
• all data is being stored for caching / retrieval

Getting started

Docker

Make sure the config toml is at the right location and valid.

docker run -d -p 8080:8080 –name ares -v $(pwd)/config.toml:/etc/ares.toml dutchcoders/ares

Now you can navigate to http://wikipedia.lvh.me:8080/. If you want all results to be written to Elasticsearch, don’t forget to setup the Elasticsearch cluster.

Installation from Source

$ git clone https://github.com/dutchcoders/ares.git
$ go run main.go -c config.toml

Copyright 2017 Remco Verhoef

Source: https://github.com/dutchcoders/