tatanus / spf Goto Github PK
View Code? Open in Web Editor NEWSpeedPhishing Framework
License: Other
SpeedPhishing Framework
License: Other
Cannot load or open the website. Presumably there is something in plain sight that i am missing. Have tried both spf.py --test -d example.com and ./webpy default.cfg
Generating SSL CERT
/bin/bash: certonly: command not found
Traceback (most recent call last):
File "./web.py", line 323, in
PhishingWebServer(Utils.load_config(sys.argv[1])).start()
File "./web.py", line 281, in start
cert_path = m.group(1)
AttributeError: 'NoneType' object has no attribute 'group'
./spf.py
*** print_tb:
File "./spf.py", line 13, in
framework.run(sys.argv[1:])
*** print_exception:
Traceback (most recent call last):
File "./spf.py", line 13, in
framework.run(sys.argv[1:])
File "/root/SPF/spf/core/framework.py", line 994, in run
self.parse_parameters(argv)
gaierror: [Errno -2] Name or service not known
*** print_exc:
Traceback (most recent call last):
File "./spf.py", line 13, in
framework.run(sys.argv[1:])
File "/root/SPF/spf/core/framework.py", line 994, in run
self.parse_parameters(argv)
File "/root/SPF/spf/core/framework.py", line 242, in parse_parameters
help="IP of webserver defaults to [%s]" % (Utils.getIP()))
File "/root/SPF/spf/core/utils.py", line 125, in getIP
ip = socket.gethostbyname(socket.gethostname())
gaierror: [Errno -2] Name or service not known
Possible to get a little more explanation on the usage of these arguments:
-d domain name to phish
-c <company's name> name of company to phish
--ip IP of webserver defaults to [192.168.1.124]
-v, --verbosity increase output verbosity?
Thanks
/would love to see (in the logs) which engine provided the email address.
an error that theHarvester_path not pointing to a valid file.
Ok this is a big one but I think it would be really cool in the long run. However do to the amount of changes, if it doesn't happen I completely understand. Since we have an option to read in an email file can we use that file to set other parameters/options? For example if I have a CSV file that looks like this: email,template#,pillageY/N I could have a lot more flexibility when sending emails. I could set who gets which template and whether or not they get pillaged by user rather than "all or nothing". Note I could accomplish this functionality through multiple runs but that negates the SPEED part :)
how we/you can add Instagram Template ?
Have this issue while executing SPF in kali 2020.2
[] Starting phishing webserver
Traceback (most recent call last):
File "/usr/lib/python3.8/sre_parse.py", line 1039, in parse_template
[] [VERBOSE] FIXED = [templates/web/juniper_vpn]
this = chr(ESCAPES[this][1])
KeyError: '\d'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/SPF/spf/core/../web.py", line 394, in
[] [VERBOSE] FIXED = [templates/web/citrix2]
PhishingWebServer(Utils.decompressDict(sys.argv[1])).start()
File "/root/SPF/spf/core/../web.py", line 300, in start
[] [VERBOSE] FIXED = [templates/web/domino]
[] [VERBOSE] FIXED = [templates/web/office365]
self.phishingsites[key] = PhishingSite(self.config, key, self.websites[key]['path'], self.logpath, "logs/" + self.websites[key]['logfile'], self.db, self.websites[key]['redirecturl']).getResource()
File "/root/SPF/spf/core/../web.py", line 162, in init
[] [VERBOSE] FIXED = [templates/web/owa]
self.resource.putChild(b"index", phishingForm(self.config, self.vhost, self.path, self.logpath, self.logfile, self.db, redirect))
File "/root/SPF/spf/core/../web.py", line 68, in init
[] [VERBOSE] FIXED = [templates/web/cisco]
self.loadIndex()
File "/root/SPF/spf/core/../web.py", line 99, in loadIndex
[] [VERBOSE] FIXED = [templates/web/citrix]
html = re.sub("", "<script>(function(a,b){if(/(android|bb\d+|meego).+mobile|avantgo|bada/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)/|plucker|pocket|psp|series(4|6)0|symbian|treo|up.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a)||/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw-(n|u)|c55/|capi|ccwa|cdm-|cell|chtm|cldc|cmd-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc-s|devi|dica|dmob|do(c|p)o|ds(12|-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(-|)|g1 u|g560|gene|gf-5|g-mo|go(.w|od)|gr(ad|un)|haie|hcit|hd-(m|p|t)|hei-|hi(pt|ta)|hp( i|ip)|hs-c|ht(c(-| ||a|g|p|s|t)|tp)|hu(aw|tc)|i-(20|go|ma)|i230|iac( |-|/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |/)|klon|kpt |kwc-|kyo(c|k)|le(no|xi)|lg( g|/(k|l|u)|50|54|-[a-w])|libw|lynx|m1-w|m3ga|m50/|ma(te|ui|xo)|mc(01|21|ca)|m-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|-([1-8]|c))|phil|pire|pl(ay|uc)|pn-2|po(ck|rt|se)|prox|psio|pt-g|qa-a|qc(07|12|21|32|60|-[2-7]|i-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55/|sa(ge|ma|mm|ms|ny|va)|sc(01|h-|oo|p-)|sdk/|se(c(-|0|1)|47|mc|nd|ri)|sgh-|shar|sie(-|m)|sk-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h-|v-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl-|tdg-|tel(i|m)|tim-|t-mo|to(pl|sh)|ts(70|m-|m3|m5)|tx-9|up(.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas-|your|zeto|zte-/i.test(a.substr(0,4)))window.location=b})(navigator.userAgent||navigator.vendor||window.opera,<site_url>/mobile.html');</script>", html, flags=re.I)
[] [VERBOSE] Found the following web sites: [templates/web/juniper_vpn/CONFIG]
File "/usr/lib/python3.8/re.py", line 210, in sub
[] [VERBOSE] Found the following web sites: [templates/web/citrix2/CONFIG]
[] [VERBOSE] Found the following web sites: [templates/web/domino/CONFIG]
[] [VERBOSE] Found the following web sites: [templates/web/office365/CONFIG]
return _compile(pattern, flags).sub(repl, string, count)
File "/usr/lib/python3.8/re.py", line 327, in _subx
[] [VERBOSE] Found the following web sites: [templates/web/owa/CONFIG]
[] [VERBOSE] Found the following web sites: [templates/web/cisco/CONFIG]
[*] [VERBOSE] Found the following web sites: [templates/web/citrix/CONFIG]
template = _compile_repl(template, pattern)
File "/usr/lib/python3.8/re.py", line 318, in _compile_repl
return sre_parse.parse_template(repl, pattern)
File "/usr/lib/python3.8/sre_parse.py", line 1042, in parse_template
raise s.error('bad escape %s' % this, len(this))
re.error: bad escape \d at position 38
Hey @tatanus great project you have here!
What do you think about per email template attachments instead of globally setting via the config? From my own experiences with phishing the attachment is typically dependant on the context of the email.
Thoughts?
Bugs/Issues
Enhancement
Ok this is a big one but I think it would be really cool in the long run. However do to the amount of changes, if it doesn't happen I completely understand. Since we have an option to read in an email file can we use that file to set other parameters/options? For example if I have a CSV file that looks like this: email,template#,pillageY/N I could have a lot more flexibility when sending emails. I could set who gets which template and whether or not they get pillaged by user rather than "all or nothing". Note I could accomplish this functionality through multiple runs but that negates the SPEED part :)
Vhosts activate fine, but aren't accessible externally...
what do i change? hosts?
Got this errors.
Also attaching a screenshot.
########
File "/root/SPF/spf/core/../web.py", line 281, in start
cert_path = m.group(1)
AttributeError: 'NoneType' object has no attribute 'group'
########
########
[VERBOSE] /bin/bash: certonly: command not found
########
// Operating system used to compile and run SPF.
Kali Linux 2017
Ubuntu 16.04.3 LTS
// Shell command trying to run
./spf.py -d example.com -g -v -v -f targets.txt --simulate -w
Great tool, I'm loving the flexibility and how easy it is to use. One enhancement would be to output all the click and captured info to a single csv file vs the html attempt. Thanks for making great things.
fix with ngrok pls and let it redirect to the original page when submitted/login
Hello Friends,
I am new in cybersecurity, I am using
I was using SPF, and followed all the instruction given below:
apt-get update
apt-get upgrade -y
apt-get install git build-essential python-dev python-pip phantomjs -y
apt install python3-twisted
apt install python3-dnspython
git clone --recursive https://github.com/tatanus/SPF.git
and receiving this error.
Hi,
I'm trying to use your script to send the web phishes pages by emails and I'm trying with some my email.... So, I create a txt file and call it email.txt that contains emails for three different lines, in the Spf directory...
When I try to launch the attack I type:
./spf.py -d example.com --ip my_public_address -f email.txt -C default.cfg
When the attack start appears me emails that are included in file: "email.txt"..
Then for the question : "obtaining list of email address" I answer "Y", the program write the emails included in the file and it automatically exit and don't laugh the attack...
Why ?? there is an error or am I that do something wrong?
Thanks!
Sorry for starting new thread but this is an issue with the newest code base - more specifically the template choice. Here is the "issue":
Is it possible to get the error message to be read in from the config file? I do not like modifying the code every time I change the message (always afraid I am going to fat finger something). I often use a different one depending on the audience. One of my current favorites is (trying to proactively prevent them from calling anyone):
We're currently experiencing technical difficulties. IT is working closely with our external partners to make sure these issues get resolved as quickly as possible.
We'll update you when we've got more info to share.
I am having an issue sending the emails. I am using the default.cfg. Should I change some of the default values for the SMTP server?
So hello again!
Still continue to have some errors in usage of my external ip!
So i tried like this i put templates to localhost/var/www/html folders to run them on localhost and my external ip!
i changed default.cnf so it points out WEB_TEMPLATE_PATH: /var/www/html/templates/
When i run spf i use --ip command all seems fine: VERBOSE] Found the following web sites: [templates/web/citrix2/CONFIG]
[] [VERBOSE] Found the following web sites: [/var/www/html/templates/web/office365/CONFIG]
[] [VERBOSE] Found the following web sites: [[/var/www/html/templates/web/cisco/CONFIG]
[] [VERBOSE] Found the following web sites: [[/var/www/html/templates/web/juniper_vpn/CONFIG]
[] [VERBOSE] Found the following web sites: [[/var/www/html/templates/web/owa/CONFIG]
[] [VERBOSE] Found the following web sites: [/var/www/html/templates/web/citrix/CONFIG]
[] [VERBOSE] Started website [cisco_vpn ] on [http://9x.156.0.0.0:8000]
[] [VERBOSE] Started website [citrix2 ] on [http://9x.156.0.0.0:8001]
[] [VERBOSE] Started website [junipervpn] on [http://9x.156.0.0:8002]
[] [VERBOSE] Started website [owa ] on [http://9x.1560.0.0.04:8003]
[] [VERBOSE] Started website [office365 ] on [http://9x.156.0.0.0:8004]
[] [VERBOSE] Started website [citrix ] on [http://9x.1560.0.0:8005]
[] [VERBOSE] Started WebServer with pid = [5867]
pages are even opening on my external ip, but keylogger is disabled, i cannot see in terminal any changes, and passwords are not captured! when i switch ip to my internal ip: 192.16X.X.XX1
pages are visible and working like should! Limitations is only local and spf idea is changed!
could you please paste me some example of your test config files so i can look up what i,m doing wrong or where is cause!
Also problem with beef module! When i enable it in conf file get some ip error!
I,m running beef on my external ip and dynamic dns client and all works fine!
Hello wanted to ask do you have any tips to change from internal ip to external! I mean pages use external ip or noip client! I tried it to configure, everything passes nicely, but pages refuse to open in browser!
Thanks!
First things first great tool and a lot of potential. But in playing around with over the last few days I encountered some issues:
keep up the good work
Hello,
On my trials, SimlyEmail gave me a lot more results than theHarvester. You might want to give it a look.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.