Phishing Frenzy is an awesome tool to use during Social Engineering/Spear Phishing exercises.
One of the tasks that I spent a lot of time on when using Phishing Frenzy is the ‘cloning of a website’ to be used for phishing passwords.
Phishing Frenzy does have a ‘Website Cloner’ but its pretty basic and some work needs to be done on the generated HTML file before it can be used as a template. (e.g. modify the input name of the username and password fields, changing the form action URL, create the template.yml and attachments.yml and zip up the files).
I wrote a simple script to take the URL of the website you want to clone (along with other information like Phishing Frenzy server URL and the ‘fake domain name/public IP address of the server hosting the cloned website’) and generates a working template zip that you can import directly into Phishing Frenzy under Templates > Restore menu.
Hope this can be of help to anyone of you in future social engineering engagements.
Below is a screenshot of the script in action.
When a user visits and keys in the credentials into the cloned website, the credentials will be recorded into the creds.log file and also sent to your phishing frenzy server .
You can find the python scripts at https://github.com/milo2012/phishing-frenzy-template-cloner
Thank you for reading.
- BeEF Project
- Captcha Cracking
- Client Side Attacks
- Featured Publications
- Intelligence Gathering
- iPhone Apps
- iPhone Espionage
- Location Tracking
- Misc Security
- Password Cracking
- Penetration Testing
- Pentest Scripts
- Post Exploitation
- Reversing Firmwares
- Social Engineering
- SQL Injection
- Web Application Testing
- RT @patrickwardle: PoC for macOS 10.12.4 kernel memory leak (0day): pastebin.com/87fHLMQq 🙈😈 ...previously blogged about it here: https:/… 1 hour ago
- RT @ifsecure: WinAFL 1.08 can collect coverage only from a thread that hits the fuzzed function using -thread_coverage flag, https://t.co/a… 19 hours ago
- RT @xxByte: bad character finder for exploit development - github.com/mgeeky/expdevB… https://t.co/XmZRwnsGyG 19 hours ago
- RT @HackwithGithub: gitrob #Reconnaissance tool for #GitHub organizations Author: @michenriksen #OSINT #recon github.com/michenriksen/g… 1 day ago
- RT @Dinosn: Setting up a 3G network using osmo-iuh and a femto/small cell (osmocon17) cdn.media.ccc.de/events/osmocon… 1 day ago
- RT @mwrlabs: Abusing native Microsoft Office functionality to gain persistence labs.mwrinfosecurity.com/blog/add-in-op… 1 day ago