PhishingKitTracker – Let’s Track Phishing Kits To Give To Research Community Raw Material To Stud

An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats DisclaimerThis repository holds a collection of Phishing Kits used by criminals to steal user information. Almost every file into the raw folder is malicious so I strongly recommend you to neither open these files, nor misuse the codeRead More

Formphish – Auto Phishing Form-Based Websites

Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page.Features: Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Formphish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws.Read More

URLCrazy – Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage

URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL hijacking, phishing, and corporate espionage.Homepage: https://www.morningstarsecurity.com/research/urlcrazyUse Cases Detect typo squatters profiting from typos on your domain name Protect your brand by registering popular typos Identify typo domain names that will receive traffic intended for anotherRead More

EvilApp – Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)

Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions.Legal disclaimer:Usage of EvilApp for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibilityRead More

Lockphish – A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Lockphish for attacking targets without prior mutualRead More

Jeopardize – A Low(Zero) Cost Threat Intelligence & Response Tool Against Phishing Domains

Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, homograph etc.), analyzes them and assigns a risk score to them. After then, it sends valid-looking credentials to the login forms on those phishing sites.Why? Imagine this scenario: AttackerRead More

Pickl3 – Windows Active User Credential Phishing Tool

Pickl3 is Windows active user credential phishing tool. You can execute the Pickl3 and phish the target user credential.Operational Usage – 1Nowadays, since the operating system of many end users is Windows 10, we cannot easily steal account information with Mimikatz-like projects like the old days. Using Pickl3, you can try to steal the accountRead More

X