Social Engineering
is defined as the process of inducing people into giving away access or
confidential information. From a security consultant point of view this
topic is not new and there are many tools which can be used against the
target.
phemail.py - Phishing
EMAIL. The main purpose of this tool is to prove who clicked on the
phishing email without attempting to exploit the web browser but
collecting as much information as possible. For this reason it will be
100% undetectable by any antivirus and it will obtain sufficient data to
have an initial proof of concept for the client.
Steps to use Phemail.py:
- Find corporate email addresses: Phemail has an option for harvesting corporate email addresses and save them to a file. Phemail.py leverages Google to search for LinkedIn specific corporate e-mail targets.
- Create a phishing email template: You get to create your own custom phishing templates. Do not forget to add the string “{0}” in each URL as the script will replace this string with the correct URL automatically.
- Host/upload a single PHP file: This file contains JavaScript code which attempts to collect web browser information and save it in a log file in /tmp directory.
- Run the php file as shown in the following example: # phemail.py -e test-emails.txt -f "Tax report " -r "Tax Report " -s "Important information about your tax" -b body.txt -w http://YOUR-WEBSITE.com
0 nhận xét:
Đăng nhận xét