Windows Domain Credentials Phishing Tool

While performing a Pen test for a client i needed to catch a domain user name and password, there are several ways to gain users passwords and it really depends on a lot of factors on how to get it in my case i didn’t had time to wait for the user to enter his credentials and get it using a key logger so i created a fake windows domain login window to tried to force and trick the user to enter his password.

There are several tools and techniques such as “Mimikatz” but they require you to have administrative/system privileges, you don’t need special privileges to execute “Windows Domain Credentials Phishing Tool”.

* Please note, this tool require .NET framework on target system.

* This tool should not be used to perform illegal activities.

Download Windows Domain Credentials Phishing Tool

URLCrazy - Test domain typos and variations to detect typo squatting, URL hijacking, phishing, and corporate espionage

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Usage

* Detect typo squatters profiting from typos on your domain name
* Protect your brand by registering popular typos
* Identify typo domain names that will receive traffic intended for another domain
* Conduct phishing attacks during a penetration test

Features

* Generates 15 types of domain variants
* Knows over 8000 common misspellings
* Supports cosmic ray induced bit flipping
* Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
* Checks if a domain variant is valid
* Test if domain variants are in use
* Estimate popularity of a domain variant
URLCrazy requires Linux and the Ruby interpreter.

Download URLCrazy

[EMS] E-mail Spoofer

E-mail Spoofer is a tool designed for penetration testers who need to send phishing e-mails.

It allows to send mails to a single recipient or a list, it supports plain text/html email formats, attachments, templates and more…

Features

• Support for Plain text and HTML
• E-mail Templates
• Spoofing Sender Address
• Support SMTP Authentication and SSL
• Single or Multiple Recipients
• HTML E-mail Preview

Download EMS

[FBHT v2.0] Facebook Hacking Tool

FBHT (Facebook Hacking Tool) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform

The tool provides:

• Tests account handling (Create, Delete, Friend, Accept)
• Youtube videos phishing
• Facebook links preview modification
• Friends list privacy bypass
• Graph support
• Facebook links preview modification
• More...

Download FBHT v2.0

[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks

Ghost Phisher is an application of security which comes built-in with a fake DNS server , DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS, or requests of the phishing attacks.

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

• Ubuntu KDE/GNOME
• BackTrack Linux
• BackBox Linux 

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using "apt-get install program" or otherwise downloaded and installed manually

• Aircrack-NG
• Python-Scapy
• Python Qt4
• Python
• Subversion
• Xterm
• Metasploit Framework (Optional)

Features
Ghost Phisher currently supports the following features:

• HTTP Server
• Inbuilt RFC 1035 DNS Server
• Inbuilt RFC 2131 DHCP Server
• Webpage Hosting and Credential Logger (Phishing)
• Wifi Access point Emulator
• Session Hijacking (Passive and Ethernet Modes)
• ARP Cache Poisoning (MITM and DOS Attacks)
• Penetration using Metasploit Bindings
• Automatic credential logging using SQlite Database
• Update Support

Download Ghost Phisher v1.5