SniperPhish v2.0 beta releases: phishing toolkit for pentester or security professionals
SniperPhish
SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercises and would be reminded to take prior permission from the targeted organization to avoid legal implications.
Main Features
- Web tracker code generation – track your website visits and form submissions independently
- Create and schedule Phishing mail campaigns
- Combine your phishing site with an email campaign for centrally tracking
- An independent “Simple Tracker” module for quick tracking an email or web page visit
- Advance report generation – generate reports based on the tracking data you needed
- Custom tracker images and dynamic QR codes in messages
- Track phishing message replies
Creating Web-Email Campaign
We create web tracker -> Add the web tracker to the phishing website -> create mail campaign with a link pointing to the phishing website -> start mail campaign.
Creating a web tracker:
- Design your website in your favorite programming language. Make sure you provided unique “id” and “name” value for HTML fields such as text field, checkbox etc.
- Generate web-tracker code Web Tracker -> New Tracker. The “Web Pages” tab list the pages you want to track
- To track form submission data, provide the “id” or “name” values of HTML fields present in your phishing site form.
- Repeat above for each page in your phishing site.
- From the final output, copy the generated JavaScript link and add it under the section of each website page.
- Finally, save the tracker created. Now the tracker is activated and listening in the background. Opening your phishing site or data submission is tracked.
Creating an Email campaign:
- Go to Email Campaign -> User Group and add target users
- Go to Email Campaign -> Sender List and configure Mail server details
- Go to Email Campaign -> Email Template and create mail template. When you add your phishing website link, make sure to append ?cid={{CID}} at the end. This is to distinguish each users. For example, http://yourphishingsite.com/login?cid={{CID}}
- Now go to Email Campaign -> Campaign List -> New Mail Campaign and select/fill the fields to create campaign.
- Start Mail campaign
Viewing combined Web-Email Result
Open Web-MailCamp Dashboard -> Select Campaign and select Mail Campaign and Web Tracker you created.
Changelog v2.0 beta
This release has major changes to the database model and upgrades to the core functionalities of the toolkit. Hence no upgrade from the previous version is available. Please re-install this version as a fresh application.
Features & Enhancements:
- Replaced deprecated Swit Mailer with Symfony Mailer
- Added profile management and multi-admin user account support on SniperPhish
- Added option to set SniperPhish base URL (helps in SP migration)
- Added option to configure TLS Peer Verification (helpful when SMTP server uses a self-signed certificate)
- Added common mail sender templates – Gmail, Amazon SES, Mailchimp, Mailgun, Mailjet, SendGrid, Sendinblue etc.
- Added option to directly host landing pages
- Added webhook URL verify option in web-tracker
- Added last login tracking
- Added in-app log tracking functionality
- Date-time format is set fixed throughout the application and set customizable only for campaign results
- Added junk data deletion option
- Added quick insert option of landing page link in email template
- Renamed “{{CID}}” to “{{RID}}” to avoid confusion when the CID parameter is used in the mail body to identify attachments
- Minor optimizations in the mail reply tracking functionality
- Improved Email User Group functionality
- Improved application performance such as page load time
- Improved web-tracker by adding the choice of changing webhook URL (helpful in SP migration or in multiple SP environments)
- Removed the choice of SMTP encryption settings by changing it to auto-detect mode
Install
Copyright 2020 Gem George