Cartero – Social Engineering Framework
Cartero A robust Phishing Framework with a full-featured CLI interface. The project was born out of necessity through of years of engagements with tools that just didn’t do the job. Even though there are...
Category: Social Engineering
evilginx2 v2.1 releases: MITM attack framework that allow to bypass 2-factor authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used...
dnsmorph: domain name permutation engine
DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options...
Invoke-NoShell: All the Power with no Shell
Invoke-NoShell Invoke-NoShell outputs a Mircosoft Office Word .doc file with an embedded macro. It allows the automation of multiple similar versions of files, allowing to test how slight differences will affect it. Currently, only...
CatMyPhish: Search for categorized domain
CatMyPhish Search for a categorized domain that can be used during the red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. It relies on expireddomains.net to obtain a list...
Social-Engineer Toolkit (SET) v7.7.9 released
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET has quickly become a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K)...
PwnAuth: web application framework for launching and managing OAuth abuse campaigns
PwnAuth A web application framework for launching and managing OAuth abuse campaigns. Image: FireEye Minimum requirements An Internet-accessible server (tested running Ubuntu 16.04) Nginx Docker (apt install docker.io) Docker-Compose (newest version from docker website) A...
rebel-framework: Advanced and easy to use penetration testing framework
REBEL-FRAMEWORK Advanced and easy to use penetration testing framework Module├ ├ net/iface ➤ Interface info. ├ net/map ➤ Hosts live Scan in LAN. ├ net/scan ➤ Scan [Ports, OS, Etc] IP. ├ net/vuln ➤...
dnstwist: Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
dnstwits See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate...
SocialFish v2.0 releases: Ultimate phishing tool with Ngrok integrated
SocialFish v2.0 Ultimate phishing tool with Ngrok integrated. PREREQUISITES Python 2.7 Wget from Python PHP sudo TESTED ON Kali Linux – Rolling Edition Linux Mint – 18.3 Sylvia Ubuntu – 16.04.3 LTS MacOS High...
mercure: tool for security managers
Mercure Mercure is a tool for security managers who want to teach their colleagues about phishing. What Mercure can do: Create email templates Create target lists Create landing pages Handle attachments Let you keep...
domainhunter: Checks expired domains, bluecoat categorization, and Archive.org history
Domain Hunter Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be...
SocialFish v2.0: Ultimate phishing tool
SocialFish v2.0 NOW MORE ATTACKS ARE AVAILABLE. In Ultimate phishing tool with Ngrok integrated NOW YOU WILL GET LIVE INFORMATION ABOUT YOUR VICTIM’S IP, GEOLOCATION, COUNTRY, ISP, CITY, ATTACKED DATE & TIME, AND MANY...
SimpleEmailSpoofer: A simple Python CLI to spoof emails
SimpleEmailSpoofer A few Python programs designed to help penetration testers with email spoofing. Email Spoofing 101 Basic Principles Email spoofing has been an issue since the earliest days of the SMTP protocol. The root...
