SniperPhish SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally...
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities. The tool re-implements the 15-years old idea of using a custom reverse proxy to dynamically interact with the origin to be targeted,...
SquarePhish SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. Attack...
PwnAuth A web application framework for launching and managing OAuth abuse campaigns. Image: FireEye Minimum requirements An Internet-accessible server (tested running Ubuntu 16.04) Nginx Docker (apt install docker.io) Docker-Compose (newest version from docker website) A...
EvilnoVNC EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in...
Gophish Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is...
Miteru Miteru is an experimental phishing kit detection tool. How it works It collects phishing suspicious URLs from the following feeds: urlscan.io certstream-suspicious feed OpenPhish feed via urlscan.io PhishTank feed via urlscan.io It checks...
ForceAdmin ForceAdmin is a c# payload builder, creating infinite UAC pop-ups until the user allows the program to be run. The inputted commands are run via powershell calling cmd.exe and should be using the...
XLL_Phishing Introduction With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers have begun aggressively exploring other options to achieve user-driven access (UDA). There are...
Storm-Breaker Social engineering tool [Access Webcam & Microphone & Location Finder] With Python Features: Get Device Information Without Any Permissions Access Location [SMARTPHONES] Access Webcam Access Microphone Update Log: Second(latest) Update in May 18,...
