hadojae / data Goto Github PK
View Code? Open in Web Editor NEWCredential Phish Analysis and Automation
License: GNU General Public License v3.0
Credential Phish Analysis and Automation
License: GNU General Public License v3.0
empty form action shouldn't always be skipped
<form id="credentials" method="post" action="">
<div id="cred_userid_container" class="login_textfield textfield">
<span class="input_field textfield">
<label for="cred_userid_inputtext" class="no_display" aria-hidden="true">User account</label>
<div class="input_border">
If visiting a suspected phishing page and it turns out to be an opendir, try to navigate through the opendir
Seems like this may not get reset properly, also there are some other popups i need to account for and deal with:
--
[+] Popup alert observed: http://aboutthegirl.co.uk is requesting your username and password. The site says: “Secure directory”
[-] This looks like it might be a tech support scam user/password popup, leaving it alone.
[+] Screencapped http://bigstore-sale.com/alert/error.html as 20170523-072514-virustotal-bigstore-sale.com.png
--
[+] Popup alert observed: A script on this page may be busy, or it may have stopped responding. You can stop the script now, open the script in the debugger, or let the script continue.
Script: chrome://browser/content/tabbrowser.xml:761
[+] Popup Alert observed, bypassing...
--
[+] Popup alert observed: http://bunt.truncomp.com is requesting your username and password. WARNING: Your password will not be sent to the website you are currently visiting!
Need to make modifications to the processing of the obfuscation_multimail function
-l (logs)
-p (pcaps)
-s (screencaps)
Add option to cycle through proxies in both bullyblinder and bucklegripper.
Alternatively, explore if there is a way to utilize some vpn services (PIA) without lots of networking changes.
No plan to add a tor option, as I don't believe that's what tor should be used for. If someone wants to wrap in tor, that would be easy enough to wrap in the command line anyways.
Could be interesting to seed actual accounts into bullyblinder for monitoring / tracking purposes
It could be interesting to be able to specify a percentage of real to fake information
It could be useful to read in a csv of u/p to allow for multiple real accounts to be utilized.
It would be useful to log which sites each u/p combo has been submitted to
eg.
python bullyblinder.py -i eth0 --user [email protected] --password mycorppass --ratio 30 --uplog submitted_sites.log -r phish_sites.txt
Traceback (most recent call last):
File "bullyblinder.py", line 1224, in
response = br.submit()
File "/usr/local/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 683, in submit
return self.open(self.click(*args, **kwds))
File "/usr/local/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 674, in click
return self._add_referer_header(request)
File "/usr/local/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 206, in _add_referer_header
scheme = request.get_type()
File "/usr/local/lib/python2.7/dist-packages/mechanize/_urllib2_fork.py", line 187, in get_type
raise ValueError("unknown url type: %s" % self.__original)
ValueError: unknown url type: ../loginsetup.php
or snort i guess. :)
eg.
python bullyblinder.py -i eth0 -u http://phish.com/phish.htm --suri
Add support for
If our first url doesnt give us a form, go up one dir or try folder default and try again
eg.
First
http://www.blah.com/bdfh/dfh/index3.htm
No form, try folder default
Second
http://www.blah.com/bdfh/dfh/index3.htm
If given path is a folder, go up a dir
First
http://www.blah.com/bdfh/dfh/
Second
http://www.blah.com/bdfh/
kinda old, just need to test
Currently commented out, reimplement, needs logging first
Line 18, in the "sudo pip" command, there is a typo; the last package to be installed via pip is listed as lmxl, but should be "lxml".
Capturing on 'eth0'
Traceback (most recent call last):
File "/home/$user/bullyblinder.py", line 1110, in
if br.geturl().startswith("http"):
File "build/bdist.linux-x86_64/egg/mechanize/_mechanize.py", line 334, in geturl
mechanize._mechanize.BrowserStateError: not viewing any document
Capturing on 'eth0'
Traceback (most recent call last):
File "/home/$user/bullyblinder.py", line 1136, in
response = redirs_and_obfuscations(page, current_url)
File "/home/$user/bullyblinder.py", line 429, in redirs_and_obfuscations
elif br.title() and 'ameli.fr' in br.title():
File "/usr/local/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 459, in title
raise BrowserStateError("not viewing HTML")
mechanize._mechanize.BrowserStateError: not viewing HTML
Hi,
OS: Ubuntu
So when i try and use bucklegripper on a URL (URL is in links.txt) i get this error message in response:
sudo python bucklegripper.py -r links.txt
[sudo] password for user:
.: BUCKLEGRIPPER v0.1 https://github.com/hadojae/DATA :.
[+] Beginning processing of links.txt
[+] Processing http://gateway-taxid-38573.gucaoa.com/returnGB77GS183R
Traceback (most recent call last):
File "bucklegripper.py", line 320, in
main()
File "bucklegripper.py", line 315, in main
mainloop(full, headers, user_agent, source)
File "bucklegripper.py", line 228, in mainloop
selenium_result = do_selenium(full, user_agent, domain, source)
File "bucklegripper.py", line 65, in do_selenium
browser.set_page_load_timeout(15)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 818, in set_page_load_timeout
'type': 'page load'})
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 308, in execute
self.error_handler.check_response(response)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/errorhandler.py", line 194, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.WebDriverException: Message: timeouts
I have used bucklegripper several times in the past to scan other URLs but this one always pops up with this error.
Anyone know of a fix?
Edit: DONT visit the webpage that I have tried scanning. This is a known phishing site.
Explore the usefulness of Implementing additional types of hashing first that would precede the need to hash via screencap unless a match is not found. This would be for the purpose of attempting to identify known phish templates
When running slickshoes.sh, the script fails to create (and thus clean up) pdf_links.tmp
This can be fixed by adding the following code to line 16 of slickshoes.sh: touch pdf_links.tmp
Add a processing flag to accept a static file from disk as the input for the form filling for the purposes of dealing with email attachments. This should also utilize rewritten python logic for slickshoes.
This processing method should also support an optional password flag.
Initial commit should have support for PDF, HTML, and Email - (eml/msg)
Commonly see many unescapes in a single page, need to be able to account for decoding more than one
Traceback (most recent call last):
File "/home/$USER/bullyblinder.py", line 1107, in
page = response.read()
File "/usr/local/lib/python2.7/dist-packages/mechanize/_response.py", line 190, in read
self.__cache.write(self.wrapped.read())
File "/usr/lib/python2.7/socket.py", line 355, in read
data = self._sock.recv(rbufsize)
File "/usr/lib/python2.7/httplib.py", line 588, in read
return self._read_chunked(amt)
File "/usr/lib/python2.7/httplib.py", line 648, in _read_chunked
value.append(self._safe_read(amt))
File "/usr/lib/python2.7/httplib.py", line 703, in _safe_read
chunk = self.fp.read(min(amt, MAXAMOUNT))
File "/usr/lib/python2.7/socket.py", line 384, in read
data = self._sock.recv(left)
socket.timeout: timed out
same functionality as in bucklegripper -r
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.