EvilnoVNC EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in...
evilgophish Combination of evilginx2 and GoPhish. Why? As a penetration tester or red teamer, you may have heard of evilginx2 as a proxy man-in-the-middle framework capable of bypassing two-factor/multi-factor authentication. This is enticing to us, to say the...
Gophish Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is...
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities. The tool re-implements the 15-years old idea of using a custom reverse proxy to dynamically interact with the origin to be targeted,...
dnstwit See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and corporate...
Miteru Miteru is an experimental phishing kit detection tool. How it works It collects phishing suspicious URLs from the following feeds: urlscan.io certstream-suspicious feed OpenPhish feed via urlscan.io PhishTank feed via urlscan.io It checks...
ForceAdmin ForceAdmin is a c# payload builder, creating infinite UAC pop-ups until the user allows the program to be run. The inputted commands are run via powershell calling cmd.exe and should be using the...
XLL_Phishing Introduction With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers have begun aggressively exploring other options to achieve user-driven access (UDA). There are...
Goblin for Phishing Exercise Tools Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy, it is possible to obtain information about a user without affecting the user’s operation perceptibly...
SniperPhish SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally...
