Goblin for Phishing Exercise Tools Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy, it is possible to obtain information about a user without affecting the user’s operation perceptibly...
EvilURL A Unicode domain phishing generator for IDN Homograph Attack. Changelog v3.0 Improved permutations Full script updated to CLI Check domains from lists Check available domains Check domains connection Logging Download git clone https://github.com/UndeadSec/EvilURL.git...
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used...
REBEL-FRAMEWORK Advanced and easy to use penetration testing framework Module├ ├ net/iface ➤ Interface info. ├ net/map ➤ Hosts live Scan in LAN. ├ net/scan ➤ Scan [Ports, OS, Etc] IP. ├ net/vuln ➤...
SimpleEmailSpoofer A few Python programs designed to help penetration testers with email spoofing. Email Spoofing 101 Basic Principles Email spoofing has been an issue since the earliest days of the SMTP protocol. The root...
Invoke-NoShell Invoke-NoShell outputs a Mircosoft Office Word .doc file with an embedded macro. It allows the automation of multiple similar versions of files, allowing to test how slight differences will affect it. Currently, only...
CredSniper Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed...
How could we decipher SET using programming homework service? The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch...
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities. The tool re-implements the 15-years old idea of using a custom reverse proxy to dynamically interact with the origin to be targeted,...
Miteru Miteru is an experimental phishing kit detection tool. How it works It collects phishing suspicious URLs from the following feeds: urlscan.io certstream-suspicious feed OpenPhish feed via urlscan.io PhishTank feed via urlscan.io It checks...
Suggested Reading