What is Phishious? Phishious is an open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers and developed by the team at https://caniphish.com. Phishious provides the ability to see how various Secure...
goCabrito Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails (text) Sends to lists emails with first, last name...
ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex, and MISP. It is a web application written in Python 3 and based on Flask that automates the entire analysis process...
ntlm_theft A tool for generating multiple types of NTLMv2 hash theft files. ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can...
Goblin for Phishing Exercise Tools Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy, it is possible to obtain information about a user without affecting...
BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques; various obfuscation techniques; translation of...
365-Stealer 365-Stealer is a tool written in Python3 which can be used in illicit consent grant attacks. When the victim grants his consent we get their Refresh Token which can...
BadAssMacros Proof of Concept tool to generate malicious macros leveraging techniques like VBA Purging and Shellcode Obfuscation to evade AV engines. This tool takes in raw shellcode that can be...
Offensive VBA and XLS Entanglement This repo provides examples of how VBA can be used for offensive purposes beyond a simple dropper or shell injector. As we develop more use...
SniperPhish SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites...
Ditto Ditto is a small tool that accepts a domain name as input and generates all its variants for a homograph attack as output, checking which ones are available and which...
Social Engineering Using “Hidden” Macros In Excel You may ask why not simply use code that doesn’t actually touch the workbook and the main reason why is to avoid network...
DeepSea Phishing Gear DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on...
Sp00fer Sp00fer is a tool for mail server testing (e.g. for open mail relays etc.) and for spoofing checks on specified domains. Install Linux git clone https://github.com/qsecure-labs/Sp00fer.git chmod +x install.sh...
Phishing Simulation Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment (without any actual setup – no domain, no infrastructure, no actual email...
Support Securityonline.info site. Thanks!
