F**k The Phishers - PhishFaker 2.0 release
#1
PhishFaker 2.0
PhishFaker 2 has been released. This is the first version that's actually reasonably usable. Phishfaker is a python tool that sends fake logins to a phishing website very rapidly. It has been updated and has an actual user interface now. Go check it out: https://github.com/ghostwalkr/PhishFaker...hishfaker2. If you want to contribute to this tool just send those pull requests. If you can think of any improvements or new features, then that would also be greatly appreciated. Here's a little look at what the tool can do.
 
[align=left]
Code:
$ python3 phishfake2.0.py -t 4 -u callID -p PsID --verbose -t 3 https://bankofamerica.certgator.net/login/inc/drdon1.php[/align]
[18:4:49] Sending caitlin_3751@aol.com:bethany to target
[18:4:49] Sending francesca-8057@aol.com:sponge to target
[18:4:49] Sending annemarijke_7635@outlook.com:cannabis to target
[18:5:0] Target responded with 200
[18:5:0] Sent 1 logins
[18:5:0] Sending annabella-9818@yahoo.com:roscoe to target
[18:5:0] Target responded with 200
[18:5:0] Sent 2 logins
[18:5:0] Sending jett.3276@gmail.com:jade to target
[18:5:0] Target responded with 200
[18:5:0] Sent 3 logins
[18:5:0] Sending do-3470@gmail.com:reality to target
[18:5:5] Target responded with 200
[18:5:5] Sent 4 logins
[18:5:5] Sending aurora-867@gmail.com:melina to target
[18:5:5] Target responded with 200
[18:5:5] Target responded with 200
[18:5:5] Sent 5 logins
[18:5:5] Sent 6 logins
[18:5:5] Sending maddy.4474@outlook.com:abstr to target
[18:5:5] Sending garan-4497@yahoo.com:albany to target
[18:5:11] Target responded with 200
[18:5:11] Sent 7 logins
[18:5:11] Sending denver-5994@outlook.com:1114 to target
[18:5:11] Target responded with 200
[18:5:11] Sent 8 logins
[18:5:11] Sending gunars-3971@outlook.com:sexy69 to target
[18:5:11] Target responded with 200
[18:5:11] Sent 9 logins
[18:5:11] Sending parnell.4042@gmail.com:pumper to target
[18:5:22] Target responded with 200
[18:5:22] Sent 10 logins
[18:5:22] Sending jeannie.2216@gmail.com:tammy to target
[18:5:22] Target responded with 200
[18:5:22] Target responded with 200
[18:5:22] Sent 11 logins
[18:5:22] Sent 12 logins
[18:5:22] Sending esteban-1258@aol.com:portal to target
[18:5:22] Sending cynthie-5430@outlook.com:working to target
[18:5:23] Target responded with 200
[18:5:23] Sent 13 logins
[18:5:23] Sending emmy-4824@outlook.com:1z2x3c to target
[18:5:23] Target responded with 200
[18:5:23] Sent 14 logins
[18:5:23] Sending woody.288@yahoo.com:777999 to target
[18:5:23] Target responded with 200
[18:5:23] Sent 15 logins
[18:5:23] Sending nando_3210@yahoo.com:virginie to target
[18:5:23] Target responded with 200
[18:5:23] Sent 16 logins
[18:5:23] Sending leshia-3115@aol.com:dddddddd to target
[18:5:23] Target responded with 200
[18:5:23] Sent 17 logins
[18:5:23] Sending shaylyn-6452@aol.com:capecod to target
[18:5:23] Target responded with 200
[18:5:23] Sent 18 logins
[18:5:23] Sending sir.2887@outlook.com:incubus to target
[18:5:24] Target responded with 200
[18:5:24] Sent 19 logins
[18:5:24] Sending ozlem.7890@yahoo.com:01021988 to target
[18:5:24] Target responded with 200
[18:5:24] Sent 20 logins
[18:5:24] Sending dorothy-4958@aol.com:seng to target
[18:5:24] Target responded with 200
[18:5:24] Sent 21 logins
[18:5:24] Sending teymour_5192@yahoo.com:perfect1 to target
[18:5:25] Target responded with 200
[18:5:25] Sent 22 logins
[18:5:25] Sending maryann-9073@gmail.com:17071986 to target
[18:5:25] Target responded with 200
[18:5:25] Sent 23 logins
[18:5:25] Sending nikky-186@yahoo.com:mersedes to target
[18:5:25] Target responded with 200
[18:5:25] Sent 24 logins
[18:5:25] Sending harry-5194@gmail.com:celtics to target
[18:5:26] Target responded with 200
[18:5:26] Sent 25 logins
[18:5:26] Sending delany-2617@gmail.com:qqq111 to target
[18:5:26] Target responded with 200
[18:5:26] Sent 26 logins
[18:5:26] Sending shahrokh-8417@outlook.com:ohyeah to target
[18:5:26] Target responded with 200
[18:5:26] Sent 27 logins
[18:5:26] Sending agnese_9607@aol.com:vegas to target
Reply
#2
Cool project Big Grin So this is related to your previous phising thread? Sending junk-data to phising pages?
You made this yourself? Nice work!
Reply
#3
(06-11-2020, 11:07 PM)Insider Wrote: Cool project Big Grin So this is related to your previous phising thread? Sending junk-data to phising pages?
You made this yourself? Nice work!
 
Thanks and yes it is related. It's recoded from scratch though so that it can actually be used without having to manually edit the code to reconfigure it lol. It's pretty satisfying to watch the logins get up in the thousands and sometimes the websites start spazzing out.
Reply
#4
You have to love trolling these idiots. I have an idea for you.. ever heard of certificate transparency logs? You can find a lot of phishing with that. x0rz made a script that does this by string matching against hostnames from that feed to determine if they are potentially evil or not from known phishing domain patterns.

https://github.com/x0rz/phishing_catcher

It would be great to automate sending the fake data with your tool to phishing kits you find from that feed. The backend feed supplying x0rzs tool with data is certstream. they have a really easy to use module if you want to make your own.

https://github.com/CaliDog/certstream-python
Reply
#5
(06-12-2020, 12:28 AM)Abracadabra Wrote: You have to love trolling these idiots. I have an idea for you.. ever heard of certificate transparency logs? You can find a lot of phishing with that. x0rz made a script that does this by string matching against hostnames from that feed to determine if they are potentially evil or not from known phishing domain patterns.

https://github.com/x0rz/phishing_catcher

It would be great to automate sending the fake data with your tool to phishing kits you find from that feed. The backend feed supplying x0rzs tool with data is certstream. they have a really easy to use module if you want to make your own.

https://github.com/CaliDog/certstream-python
 
I actually hadn't ever heard of that before. Interesting idea. You said in your intro thread you program in python? You can send a PR (or not) if you want or I'd be willing to help out with it.
Reply