Cartero – Social Engineering Framework
Cartero A robust Phishing Framework with a full-featured CLI interface. The project was born out of necessity through of years of engagements with tools that just didn’t do the job. Even though there are...
Cartero A robust Phishing Framework with a full-featured CLI interface. The project was born out of necessity through of years of engagements with tools that just didn’t do the job. Even though there are...
Gophish Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is...
Exploitation / Social Engineering
by do son · Published August 25, 2018 · Last modified October 10, 2021
Invoke-NoShell Invoke-NoShell outputs a Mircosoft Office Word .doc file with an embedded macro. It allows the automation of multiple similar versions of files, allowing to test how slight differences will affect it. Currently, only...
CatMyPhish Search for a categorized domain that can be used during the red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. It relies on expireddomains.net to obtain a list...
PwnAuth A web application framework for launching and managing OAuth abuse campaigns. Image: FireEye Minimum requirements An Internet-accessible server (tested running Ubuntu 16.04) Nginx Docker (apt install docker.io) Docker-Compose (newest version from docker website) A...
SocialFish v2.0 Ultimate phishing tool with Ngrok integrated. PREREQUISITES Python 2.7 Wget from Python PHP sudo TESTED ON Kali Linux – Rolling Edition Linux Mint – 18.3 Sylvia Ubuntu – 16.04.3 LTS MacOS High...
Mercure Mercure is a tool for security managers who want to teach their colleagues about phishing. What Mercure can do: Create email templates Create target lists Create landing pages Handle attachments Let you keep...
Domain Hunter Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be...
SocialFish v2.0 NOW MORE ATTACKS ARE AVAILABLE. In Ultimate phishing tool with Ngrok integrated NOW YOU WILL GET LIVE INFORMATION ABOUT YOUR VICTIM’S IP, GEOLOCATION, COUNTRY, ISP, CITY, ATTACKED DATE & TIME, AND MANY...
Network PenTest / Sniffing & Spoofing / Social Engineering
by do son · Published May 25, 2018 · Last modified October 10, 2021
SimpleEmailSpoofer A few Python programs designed to help penetration testers with email spoofing. Email Spoofing 101 Basic Principles Email spoofing has been an issue since the earliest days of the SMTP protocol. The root...
Ares Phishing toolkit for red teams and pentesters. Ares allows security testers to create a landing page easily, embedded within the original site. Ares acts as a proxy between the phished and original site,...
CredSniper Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed...
EvilURL A Unicode domain phishing generator for IDN Homograph Attack. Changelog v3.0 Improved permutations Full script updated to CLI Check domains from lists Check available domains Check domains connection Logging Download git clone https://github.com/UndeadSec/EvilURL.git...
Exploitation / Social Engineering
by do son · Published April 10, 2017 · Last modified October 10, 2021
How could we decipher SET using programming homework service? The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch...