Python黑客的开源网络“钓鱼”工具,愿者上钩!

除此之外,PhEmail还支持Gmail身份验证,这一功能在目标站点屏蔽了邮件源或IP地址的情况下会非常有用。值得一提的是,该工具还可以克隆目标组织或企业的门户网站登录界面,测试人员可以用这些伪造的页面来窃取目标用户的登录凭证。

使用样例

一般来说,第一步是收集目标企业的邮箱地址。PhEmail的搜索引擎在收集到了企业邮箱地址之后,会将它们保存在一个文件中,演示代码如下:

PHishing EMAIL tool v0.13 Usage: phemail.py [-e ] [-m] [-f ] [-r ] [-s] [-b ] -e emails: File containing list of emails(Default: emails.txt) -f from_address: Source emailaddress displayed in FROM field of the email (Default: Name Surname) -r reply_address: Actual emailaddress used to send the emails in case that people reply to the email(Default: Name Surname ) -s subject: Subject of theemail (Default: Newsletter) -b body: Body of the email(Default: body.txt) -p pages: Specifies number ofresults pages searched (Default: 10 pages) -v verbose: Verbose Mode(Default: false) -l layout: Send email with noembedded pictures -B BeEF: Add the hook for BeEF -m mail_server: SMTP mailserver to connect to -g Google: Use a google accountusername:password -t Time delay: Add deleaybetween each email (Default: 3 sec) -R Bunch of emails per time(Default: 10 emails) -L webserverLog: Customise thename of the webserver log file (Default: Date time in format"%d_%m_%Y_%H_%M") -S Search: query on Google -d domain: of email addresses -n number: of emails perconnection (Default: 10 emails) -c clone: Clone a web page -w website: where the phishingemail link points to -o save output in a file -F Format (Default: 0): 0- firstname surname 1- firstname.surname@example.com 2- firstnamesurname@example.com 3- f.surname@example.com 4- firstname.s@example.com 5-surname.firstname@example.com 6- s.firstname@example.com 7- surname.f@example.com 8- surnamefirstname@example.com 9- firstname_

  • 发表于:
  • 原文链接http://kuaibao.qq.com/s/20180322A10PB000?refer=cp_1026
  • 腾讯「云+社区」是腾讯内容开放平台帐号(企鹅号)传播渠道之一,根据《腾讯内容开放平台服务协议》转载发布内容。

扫码关注云+社区

领取腾讯云代金券