🔴
Phishing

[Work in progress]
Full blog post: https://wh1tedrvg0n.com/how-to-create-a-good-phishing/​
Basic Concepts
SPF: helps prevent spoofing by verifying the sender’s IP address
DKIM: shows that the email belongs to a specific organization
DMARC: aligns SPF and DKIM mechanisms
Domain
DNSMORPH: https://github.com/netevert/dnsmorph​
DnsTwist: https://github.com/elceef/dnstwist​
UrlCrazy: https://morningstarsecurity.com/research/urlcrazy​
Doppelgänger: https://github.com/vpav/doppelganger​
Gotator: https://github.com/Josue87/gotator​
PhishEye (web): https://research.domaintools.com/phisheye/​
Homoglyphs Generator (web): https://www.dcode.fr/homoglyphs-homographs-generator​
SMTP Server
Mailcow: https://github.com/mailcow/mailcow-dockerized​
Postfix + Dovecot + Thunderbird: https://elpuig.xeill.net/Members/vcarceler/articulos/correo-electronico-con-postfix-dovecot-y-thunderbird-en-ubuntu-20.04​
MailHog: https://github.com/mailhog/MailHog​
iRedMail: https://www.iredmail.org/download.html​
Monitoring
Gophish: https://getgophish.com/​
Mercure: https://github.com/atexio/mercure​
King Phisher: https://github.com/rsmusllp/king-phisher​
Phishing Frenzy: https://github.com/pentestgeek/phishing-frenzy​
SocialPhish: https://github.com/UndeadSec/SocialFish​
FiercePhish: https://github.com/Raikia/FiercePhish​
Landing Page
Evilginx2: https://github.com/kgretzky/evilginx2​
Modlishka: https://github.com/drk1wi/Modlishka​
CredSniper: https://github.com/ustayready/CredSniper​
Muraena with NecroBrowser: https://github.com/muraenateam/muraena + https://github.com/muraenateam/necrobrowser​
HTTrack (website copier): https://www.httrack.com/​
Server Tunnels
Ngrok: https://ngrok.com/​
CloudFlared: https://github.com/cloudflare/cloudflared​
LocalXpose: https://localxpose.io/​
LocalTunnel: https://theboroer.github.io/localtunnel-www/​
OpenPort: https://openport.io/​
PageKite: https://pagekite.net/​
Localhost.run: https://localhost.run/​
Portmap.io: https://portmap.io/​
Webhookrelay: https://webhookrelay.com/​
Burrow: https://burrow.io/​
Vercel: https://vercel.com/​
Email
Stripo Email: https://stripo.email/​
Example subjects: https://blog.knowbe4.com/topic/top-clicked-phishing-email-subjects​
Email examples: https://hooksecurity.co/phishing-email-examples​
Bypass
Obfuscate part of the source code in which the C&C is located to evade automated sandboxes and automated analysis
Use trusted domains from Google, AWS, Microsoft, etc, to deliver the landing page as they are considered benign sources
Using business email compromised (BEC)
SiteCloak obfuscation: https://www.avanan.com/blog/sitecloak-page-obfuscation​
AES 256 with JavaScript in the browser
Base64 refresh
Flipped Base64 JavaScript encoding
Combination Encoding
Custom Encoding
Xor Encoding in JavaScript
Multibyte XOR Phishing Landing Obfuscation
Embedded Base64 images
Brand impersonation with procedurally-generated graphics: https://www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/​
Text padding with invisible characters: https://www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/​
Zero-point font obfuscation: https://www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/​
Victim-specific URI: https://www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/​
etc
Automation
Terraform on AWS: https://dazzyddos.github.io/posts/Automating-Phishing-Infrastructure-with-terraform-on-AWS/​
Ansible on AWS: https://rastamouse.me/infrastructure-as-code-terraform-ansible/​
Terraform on Digital Ocean: https://github.com/boh/terraform-phishing​
Ansible on Digital Ocean/Azure: https://github.com/ralphte/build_a_phish​
​
RESOURCES (in progress) - Previous
Next - RESOURCES (in progress)
Hardware Hacking
Last modified 9mo ago