Squarephish – An advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes

SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. _____ _____ _ _ _ / ____| | __ | | (_) | | | (___ __ _ _ _ __Read More

EvilnoVNC – Ready To Go Phishing Platform

EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim’s actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords,Read More

XLL_Phishing – XLL Phishing Tradecraft

With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers have began aggressively exploring other options to achieve user driven access (UDA). There are several considerations to be weighed and balanced when looking for a viable phishing for access method: Complexity – The more stepsRead More

openSquat – Detection Of Phishing Domains And Domain Squatting. Supports Permutations Such As Homograph Attack, Typosquatting And Bitsquatting

What is openSquat openSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaigns Domain squatting Typo squatting Bitsquatting IDN homograph attacks Doppenganger domains Other brand/domain related scams It does support some key features such as: Automatic newly registered domain updating (once a day)Read More

goCabrito – Super Organized And Flexible Script For Sending Phishing Campaigns

Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails (text) Sends to lists emails with first, last name (csv) Supports attachments Splits emails in groups Delays sending emails between each group Support Tags to be placed and replaced in the message’s body Add {{name}}Read More

Spamscanner – Spam Scanner Is The Best Anti-Spam, Email Filtering, And Phishing Prevention Service

Spam Scanner is the best anti-spam, email filtering, and phishing prevention service. Spam Scanner is a drop-in replacement and the best alternative to SpamAssassin, rspamd, SpamTitan, and more. Foreword Spam Scanner is a tool and service built by @niftylettuce after hitting countless roadblocks with existing spam-detection solutions. In other words, it’s our current plan forRead More

Kit_Hunter – A Basic Phishing Kit Scanner For Dedicated And Semi-Dedicated Hosting

Kit Hunter: A basic phishing kit detection tool Version 2.6.0 28 September 2021 Testing and development took place on Python 3.7.3 (Linux) What is Kit Hunter? Kit Hunter is a personal project to learn Python, and a basic scanning tool that will search directories and locate phishing kits based on established markers. As detection happens,Read More

SniperPhish – The Web-Email Spear Phishing Toolkit

SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercise and would be reminded to take priorRead More

MaskPhish – Give A Mask To Phishing URL

MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com). Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuseRead More