PhEmail:基于Python的開源網絡釣魚攻擊工具
PhEmail簡介
PhEmail是一款采用Python編程語言開發的開源網絡釣魚郵件工具,它可以幫助研究人員在進行社會工程學測試的過程中自動化地給目標發送網絡釣魚郵件。PhEmail不僅可以同時向多個目標用戶發送釣魚郵件并識別出哪些用戶點擊了郵件,而且還可以在不利用任何瀏覽器漏洞或郵件客戶端漏洞的前提下盡可能多地收集信息。PhEmail自帶的引擎可以通過LinkedIN來收集電子郵箱地址,這些數據可以幫助測試人員完成信息采集階段的一部分工作。
除此之外,PhEmail還支持Gmail身份驗證,這一功能在目標站點屏蔽了郵件源或IP地址的情況下會非常有用。值得一提的是,該工具還可以克隆目標組織或企業的門戶網站登錄界面,測試人員可以用這些偽造的頁面來竊取目標用戶的登錄憑證。
使用樣例
一般來說,第一步是收集目標企業的郵箱地址。PhEmail的搜索引擎在收集到了企業郵箱地址之后,會將它們保存在一個文件中,演示代碼如下:
- # phemail.py -g1@example.com
- Gathering emails from domain: example.com100%
- Completed!
- test@example.com
- test2@example.com […] emails.txt updated
得到了企業郵箱地址之后,接下來就要創建釣魚郵件模板了。模板中的每一個URL必須要包含一個字符串”{0}”,因為腳本會自動將這個字符串替換成正確的URL地址。一次真實的測試場景截圖如下:
接下來,我們需要在Web服務器上安裝php環境并將php文件”index.php”復制到Web服務器的根目錄下。這個文件中包含的JavaScript代碼會收集瀏覽器信息并將其保存到/tmp目錄下的日志文件中。演示實例如下:
- # phemail.py -e test-emails.txt -f"Fast Holiday " -r "Fast Holiday " -s "Last MinuteHoliday" -b body.txt -w http://YOUR-WEBSITE.com
- SMTP server: mail.example.com
- Sent to test@example.com
- Error: sending tonotExist-email@example.com
- Phishing URLs point to http://YOUR-WEBSITE.com
- Phemail.py log file saved: phemail-log-12-07-2012_15-42.txt
接下來,你只需要等待目標用戶點擊釣魚郵件,然后你就能夠收集到目標用戶的某些瀏覽器信息了:
- Email: test@example.com
- Date: Thu 12/07/2012 11:00:13
- IP: 192.168.0.123
- User Agent: Mozilla/5.0 (Windows NT 6.1;WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 appCodeName: Mozilla appName:Netscape appVersion: 5.0 (Windows) appMinorVersion: undefined product: GeckocookieEnabled: true cpuClass: undefined onLine: true opsProfile: undefineduserProfile: undefined language: en-US platform: Win32 systemLanguage:undefined userLanguage: undefined flash: Enabled Plugins: Google UpdateShockwave Flash 11.3 r300 Google Talk Plugin Video Acceleratorversion:0.1.44.16 Version 3.1.4.8140 5.1.10411.0 Adobe PDF Plug-In For Firefoxand Netscape 10.1.3 NPRuntime Script Plug-in Library for Java™ Deploy VmwareRemote Console and Client Integration Plug-in BlackBerry WebSL Browser Plug-InBing Bar The plug-in allows you to open and edit files using Microsoft Officeapplications Office Authorization plug-in for NPAPI browsers
PhEmail項目主頁
工具下載
你可以直接通過克隆PhEmail的GitHub代碼庫來完成工具的下載:
- git clone https://github.com/Dionach/PhEmail
工具使用
- PHishing EMAIL tool v0.13
- Usage: phemail.py [-e <emails>] [-m<mail_server>] [-f <from_address>] [-r <replay_address>] [-s<subject>] [-b <body>]
- -e emails: File containing list of emails(Default: emails.txt)
- -f from_address: Source emailaddress displayed in FROM field of the email (Default: Name Surname<name_surname@example.com>)
- -r reply_address: Actual emailaddress used to send the emails in case that people reply to the email(Default: Name Surname <name_surname@example.com>)
- -s subject: Subject of theemail (Default: Newsletter)
- -b body: Body of the email(Default: body.txt)
- -p pages: Specifies number ofresults pages searched (Default: 10 pages)
- -v verbose: Verbose Mode(Default: false)
- -l layout: Send email with noembedded pictures
- -B BeEF: Add the hook for BeEF
- -m mail_server: SMTP mailserver to connect to
- -g Google: Use a google accountusername:password
- -t Time delay: Add deleaybetween each email (Default: 3 sec)
- -R Bunch of emails per time(Default: 10 emails)
- -L webserverLog: Customise thename of the webserver log file (Default: Date time in format"%d_%m_%Y_%H_%M")
- -S Search: query on Google
- -d domain: of email addresses
- -n number: of emails perconnection (Default: 10 emails)
- -c clone: Clone a web page
- -w website: where the phishingemail link points to
- -o save output in a file
- -F Format (Default: 0):
- 0- firstname surname
- 1- firstname.surname@example.com
- 2- firstnamesurname@example.com
- 3- f.surname@example.com
- 4- firstname.s@example.com
- 5-surname.firstname@example.com
- 6- s.firstname@example.com
- 7- surname.f@example.com
- 8- surnamefirstname@example.com
- 9- firstname_
免責聲明
請不要在沒有得到目標用戶事先同意的情況下實用PhEmail來進行測試,由使用者自身使用不當所帶來的問題開發人員不承擔任何責任,同時我們也對PhEmail所帶來的損失概不負責,請大家妥善使用。
