Top 19 Phishing Open-Source Projects
The Rogue Access Point FrameworkProject mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10
You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.
Open-Source Phishing ToolkitProject mention: April Fools Jokes on school staff? | reddit.com/r/sysadmin | 2021-03-30
I will use https://getgophish.com/ though, if you guys think it is a good idea.
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
List of Awesome Red Teaming ResourcesProject mention: Red Team Equipment for Budget Proposal | reddit.com/r/cybersecurity | 2021-04-10
For software, pretty much everything you might need to start out is available as open source. Besides the actual testing stuff, don't forget to look at tools to facilitate collaboration + reporting (highly recommend looking at https://github.com/GhostManager/Ghostwriter). Also checkout: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
Modlishka. Reverse Proxy.Project mention: Bad guys got into a 365 account with MFA enabled. | reddit.com/r/sysadmin | 2021-04-27
The MFA implemented in Azure is not phishing-proof. This can be phished using a reverse proxy, and the push notification method is often becoming a bad habit for users to always approve ("this was from Microsoft, so it looked legit"). The only phishing proof method is using FIDO2 authenticators, but that is Passwordless, not MFA
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonationProject mention: How do I access the functions of this library directly without using the command line? (Python) | reddit.com/r/learnprogramming | 2021-03-05
I would love to use this library in my code and use it, then take the output and use it to make a graph. https://github.com/elceef/dnstwist
An automated phishing tool with 30+ templates.Project mention: zphisher/phishing | reddit.com/r/terrmuxx | 2021-05-11
Phishing Campaign Toolkit
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Advanced Phishing tool for Linux & TermuxProject mention: Does anybody know what he’s using to do this? Like the software or something | reddit.com/r/HowToHack | 2021-04-12
Looks like nexphisher.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.Project mention: certtools/intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol | reddit.com/r/bag_o_news | 2021-04-14
Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.Project mention: (flair uygunmu bilmiyorum)Android Phising | reddit.com/r/KGBTR | 2021-04-17
üşenenler için pkg install git git clone https://github.com/jaykali/maskphish git clone git://github.com/htr-tech/zphisher.git
The most complete Phishing Tool, with 32 templates +1 customizableProject mention: I cannot use blacke eye because it does not show the link | reddit.com/r/Kalilinux | 2021-04-05
It is an issue with Ngrok. You should try using Social-Phish instead https://github.com/xHak9x/SocialPhish It has another hosting option than Ngrok.
Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.Project mention: Source of Active Phishing Links and Malicious Attachments | reddit.com/r/blueteamsec | 2021-05-02
For some quick starting points, I‘d: - setup a MISP server and feast on the great free feeds from e.g. abuse.ch - Alienvault OTX (and how to pull into MISP: https://otx-misp.readthedocs.io/en/latest/) - https://github.com/mitchellkrogza/Phishing.Database - Malware samples: nice curated collection from Lenny Zeltser: https://zeltser.com/malware-sample-sources/ - focus on "theZoo" - https://bazaar.abuse.ch/browse/ - see the OSINT section: https://learnpracticeandshare.com/awesome-malware-analysis-massive-collection-of-resources/ - https://cofense.com/product-services/phishing-intelligence/ (90 day trial) - Reach out to Project Honeypot
A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.Project mention: Problem to add a token to MEW | reddit.com/r/MyEtherWallet | 2021-03-17
Here is my PR: https://github.com/MyEtherWallet/ethereum-lists/pull/1780
Let's track phishing kits to give to research community raw material to study !Project mention: marcoramilli/PhishingKitTracker - Let's track phishing kits to give to research community raw material to study ! | reddit.com/r/GithubSecurityTools | 2021-01-30
Fish is a phishing tool that inhabits a collection of webpages. It tries to replicate webpages as closely as possible for a hard to distinguish phishing page.Project mention: My first phishing GitHub repo and project!!! | reddit.com/r/hacking | 2021-03-14
My personalized Hosts file collection of various sources, cleaned and optimized specially for pDNSfProject mention: What lists would stop these? | reddit.com/r/pihole | 2021-02-19
Fireeeye.com not found, did you mean fireeye.com? That is found in these lists; https://raw.githubusercontent.com/eladkarako/hosts/master/build/hosts_adblock.txt https://raw.githubusercontent.com/mkb2091/blockconvert/master/output/adblock.txt https://raw.githubusercontent.com/arapurayil/ABL/master/lists/general/blocked_domains.txt https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Tracking https://raw.githubusercontent.com/frankblob/adb/master/erx0 https://raw.githubusercontent.com/mkb2091/blockconvert/master/output/hosts.txt https://https4all.org/hosts.txt https://raw.githubusercontent.com/frankblob/adb/master/erx.conf https://raw.githubusercontent.com/eladkarako/hosts/master/_raw__hosts.txt https://raw.githubusercontent.com/mkb2091/blockconvert/master/output/domains.txt https://hell.sh/hosts/null.txt https://raw.githubusercontent.com/tg12/pihole-phishtank-list/master/list/phish_domains.txt https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/Phishing-Angriffe https://netdex.co/hosts/d.txt http://phishing.mailscanner.info/phishing.bad.sites.conf https://github.com/j-moriarti/pDNSf-Hosts-collection/releases/download/v1.0.0/pDNSf-hosts-part0.txt https://gitlab.com/Natizyskunk/pi-hole-lists/raw/master/blocklists/personal_mega_blocklist/hosts.txt
Blacklists with data from OTX.ALIENVAULT.COM.Project mention: Lists for configuration | reddit.com/r/pihole | 2021-02-16
I wanted to add Malware and Indicator of Compromise sites to my gravity well. I started to build my own lists based off AlienVault Open Threat Exchange and than came across these beauties on Github courtesy of u/Esox-Lucius (took a stab at the same user existing on reddit and github) I did not throw all of the urls in because it ended up blocking a few too many but the lists are dynamic I'm very happy with the content of the lists: Esox-Lucius PiHoleblocklists from Alienvault OTX
Python script to perform phishing attacks through captive portalsProject mention: #EvilPortal: Script de Python para realizar ataques de phishing a través de portales cautivos | reddit.com/r/u_esgeeks | 2021-03-14
Bespoke Phishing Against vSphere & Slack (Attacking QUT Students - Class Activity)Project mention: Phishing Write-up. From start to finish. | reddit.com/r/phishing | 2020-12-21
What are some of the best open-source Phishing projects? This list will help you: