Search the Community

Showing results for tags 'phishing'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 48 results

  1. About 365-Stealer is a tool written in Python3 which can be used in illicit consent grant attacks. When the victim grant his consent we get their Refresh Token which can be used to request multiple Tokens that can help us in accessing data like Mails, Notes, Files from OneDrive etc. Doing this manually will take a lot of time so this tool helps in automating the process. 365-Stealer comes with 2 interfaces: CLI - The CLI is purely written in python3. Web UI - The Web UI is written in PHP and it also leverages python3 for executing commands in background. Features Steals Refresh Token which can be used to grant new Access Tokens for at least 90 days. Can send mails with attachments from the victim user to another user. Creates Outlook Rules like forwarding any mail that the victim receives. Upload any file in victims OneDrive. Steal's files from OneDrive, OneNote and dump all the Mails including the attachments. 365-Stealer Management portal allows us to manage all the data of the victims. Can backdoor .docx file located in OneDrive by injecting macros and replace the file extension with .doc. All the data like Refresh Token, Mails, Files, Attachments, list of all the users in the victim's tenant and our Configuration are stored in database. Delay the request by specifying time in seconds while stealing the data Tool also helps in hosting the dummy application for performing illicit consent grant attack by using --run-app in the terminal or by using 365-Stealer Management. By using --no-stealing flag 365-Stealer will only steal token's that can be leverage to steal data. We can also request New Access Tokens for all the user’s or for specific user. We can easily get a new access token using --refresh-token, --client-id, --client-secret flag. Configuration can be done from 365-Stealer CLI or Management portal. The 365-Stealer CLI gives an option to use it in our own way and set up our own Phishing pages. Allow us to steal particular data eg, OneDrive, Outlook etc. by passing a --custom-steal flag. All the stolen data are saved in database.db file which we can share with our team to leverage the existing data, tokens etc. We can search emails with specific keyword, subject, user's email address or by filtering the emails containing attachments from the 365-Stealer Management portal. We can dump the user info from the target tenant and export the same to CSV. [hide][Hidden Content]]
  2. Features Latest and updated login pages. Mask URL support Beginners friendly Docker support (checkout docker-legacy branch) Multiple tunneling options Localhost Ngrok (With or without hotspot) [hide][Hidden Content]]
  3. Features Design Like Instagram Can Show User Profile Photo Can Show Who Typed Username But dont Password Can Show When They Are Logined Can Show Username and Password [hide][Hidden Content]]
  4. Phishing Tool for Facebook, Instagram, Google, Microsoft, Netflix, PayPal, Steam, Twitter, PlayStation, GitHub, Twitch, Pinterest, Snapchat, Linkedin, Ebay, Dropbox, Protonmail, Spotify, Reddit, Adobe, DeviantArt, Badoo, Origin, CryptoCoin, Yahoo, Wordpress, Yandex, StachoverFlow & VK. This is a modified version of ShellFish, ShellPhish & Zphisher. ShellPhish v2.5-MOD Phishing Tool for Facebook, Instagram, Google, Microsoft, Netflix, PayPal, Steam, Twitter, PlayStation, GitHub, Twitch, Pinterest, Snapchat, Linkedin, Ebay, Dropbox, Protonmail, Spotify, Reddit, Adobe, DeviantArt, Badoo, Origin, CryptoCoin, Yahoo, Wordpress, Yandex, StachoverFlow & VK. This is a modified version of ShellFish, ShellPhish & Zphisher. ChangeLog: Updated to v2.5: Added 2020 New Login/Phishing Page. Added Traditional Login Page. Added Advanced Voting Poll Login Page. Added Fake Security Login Page. Added Facebook Messenger Login Page. Improvements in ShellPhish Logo. Added New Sites. Added 4 Port Forwarding Options. Mod Features: Colourized Text Animations In-built Setup for Termux More extra features More improvements Bugs cleared Fixed URL not showing [hide][Hidden Content]]
  5. This program is only for educational purposes it's a Proof Of Concept. Description gremeydescription A lite, fast and anonymous tool for phishing and spamming. Send mass spam emails and creates custom links for the phishing pages. Works with NGROK and TOR network. Features phishing pages, mass spam, database storage for credentials. [hide][Hidden Content]]
  6. Difficulty: Beginners Format: Video MP4 [Full HD 1920x1080p] Download Size: 73 MB Duration: 13:05 Language: Hindi – Urdu Operating System Used: Kali Linux About The Course : Over Wan Facebook Record Hacking utilizing phishing page Free Download. In this video instructional exercise: I am telling you the best way to make the phishing page of any site in Kali Linux? Step by step instructions to utilize phishing page over wan for record hacking any social locales like Facebook, Twitter, and so on. Very simple strides in Hindi without utilizing a computerized content or instruments. 1. Phishing Social engineering techniques. 2. Creating a phishing web page of any website. 3. Account hacking using phishing. 4. How to be safe from a phishing attack. Note: This video is training purposes as it were. We don't advance, empower, support or energize any criminal behavior or hacking. We can't be considered answerable for any abuse of the given data. Phishing assaults: Watch out for these indications that you've been sent to a fake site: The quantity of phishing assaults keeps on rising and digital lawbreakers are utilizing some exceptionally basic strategies to guarantee that their malignant messages sidestep security insurances and stunt unfortunate casualties into downloading malware, giving over their login certifications and that's only the tip of the iceberg. Specialists at cybersecurity organization IronScales analyzed more than 25,000 malignant messages that had skirted inbox security over a multi-month time frame and found that instead of utilizing propelled systems, a considerable lot of the assaults were just diverting clients to counterfeit sites. Frequently, these destinations act like enormous brand organizations like Microsoft, PayPal, banks, and retailers, and urge clients to enter individual qualifications. In Ife client gives this data, it falls under the control of the digital crooks who can utilize it in any capacity they wish, either for submitting extortion and robbery themselves or selling the accreditations on to others on underground gatherings. SEE: 10 hints for new cybersecurity masters (free PDF) Be that as it may, assessment of the phishing sites found that there are normally some indication that the page is a phony – in any event when the destinations were intended to seem as though duplicates of the organization they're mirroring. In practically 50% of cases, pictures on the site were obscured and out of center – a sign that the pictures have been screen-snatched or generally duplicated from the genuine article and set on a phony. In a fourth of cases, the picture had been resized and seemed extended or lengthened. In both of these cases, it's generally a sign that something isn't right. In the meantime in around 15% of cases, fake locales are planned so that they appear to be unique to the genuine form; by and large, these phony points of arrival make themselves look like having had an update. In around one out of ten cases, the phishing page looks practically authentic, however, assailants have picked obsolete symbolism or informing on their phony site. This can occur if an organization has changed its logo or marking and the assailants haven't focused on the sites they're attempting to mirror. In 5% of cases, the phishing site will look and sound a ton like the organization the aggressors are attempting to mirror, however, shows an extraordinary desire to move quickly for the guest, be it a danger of something has turned out badly, or revealing to them they have to enter their subtleties promptly to get to their record. Scientists state that by and large, people groups miss these hints and succumb to phishing sites because of purposeful visual impairment: when they don't see a sudden change, in any event, when it's covered up on display. Be that as it may, if clients put shortly inspecting conceivably suspicious messages and sites, away from the messages or the website page being bogus can rapidly rise. SEE: This new Android malware comes camouflaged as a talk application Also, if clients truly think they have to enter their certifications, it's prescribed that they go legitimately to the site that the email professes to connection to, to stay away from the probability of clicking a vindictive think and giving their subtleties to assailants. Also, if this occurs in the professional workplace, the best activity is to make your data security group mindful of anything suspicious or surprising. [hide][Hidden Content]]
  7. The most complete phishing tool Features : [+] 54 fake screen options! [+] Latest Login Pages ! [+] Mask URL Added ! [+] Easy for Beginners ! [hide][Hidden Content]]
  8. SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercises and would be reminded to take prior permission from the targeted organization to avoid legal implications. Main Features Web tracker code generation – track your website visits and form submissions independently Create and schedule Phishing mail campaigns Combine your phishing site with an email campaign for centrally tracking An independent “Simple Tracker” module for quick tracking an email or web page visit Advance report generation – generate reports based on the tracking data you needed Custom tracker images and dynamic QR codes in messages Track phishing message replies Changelog v1.2.1 Features & Enhancements: Some performance improvements Bug fixes: Fixed page response delay caused by mail-reply check on the dashboard pages Fixed issue with session expiration [hide][Hidden Content]]
  9. Ultimate Instagram Phishing!! Disclaimer: This is ONLY for educational purposes. [hide][Hidden Content]]
  10. HTML & CSS Instagram phishing page which send you victim's credentials through your Discord webhook [hide][Hidden Content]]
  11. SniperPhish SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercises and would be reminded to take prior permission from the targeted organization to avoid legal implications. Main Features Web tracker code generation – track your website visits and form submissions independently Create and schedule Phishing mail campaigns Combine your phishing site with an email campaign for centrally tracking An independent “Simple Tracker” module for quick tracking an email or web page visit Advance report generation – generate reports based on the tracking data you needed Custom tracker images and dynamic QR codes in messages Track phishing message replies Changelog v1.2 Features & Enhancements: Added feature of auto-renaming attachments on-the-fly – #5 Modified daily limit of capturing IP based info (county, ISP etc.) to nearly unlimited Avoided the requirement for security-sensitive PHP executable function Improved installation error handling Improved SniperPhish session handling Minor optimizations in the SniperPhish process handling Minor optimizations in the Web-tracker generator Some code improvements Bug fixes: Fixed issue preventing file upload in SniperHost module Fixed issue adding 0Byte attachments [hide][Hidden Content]]
  12. SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercises and would be reminded to take prior permission from the targeted organization to avoid legal implications. Main Features Web tracker code generation – track your website visits and form submissions independently Create and schedule Phishing mail campaigns Combine your phishing site with an email campaign for centrally tracking An independent “Simple Tracker” module for quick tracking an email or web page visit Advance report generation – generate reports based on the tracking data you needed Custom tracker images and dynamic QR codes in messages Track phishing message replies [hide][Hidden Content]]
  13. [hide][Hidden Content]]
  14. [hide][Hidden Content]]
  15. Android Phishing Application. Term of Use: - This Project is for Educational purposes only. - The Developer of this application is not responsible of any bad usage. [hide][Hidden Content]]
  16. SniperPhish SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercises and would be reminded to take prior permission from the targeted organization to avoid legal implications. Main Features Web tracker code generation – track your website visits and form submissions independently Create and schedule Phishing mail campaigns Combine your phishing site with an email campaign for centrally tracking An independent “Simple Tracker” module for quick tracking an email or web page visit Advance report generation – generate reports based on the tracking data you needed Custom tracker images and dynamic QR codes in messages Track phishing message replies [hide][Hidden Content]]
  17. itsMe

    Tilapia - Phishing tool

    Tilapia - Phishing tool with 26 available platforms and custom sub [hide][Hidden Content]]
  18. The tool is under development. What this tool will explore upon a successful build: Reverse Proxying Sites. Bypassing many limitations during 2FA phishing Capturing POST and JSON request on the fly Forcing Elements in Requests Javascript Injection Cookies Capturing even those from javascript YAML Configuration files. Idea borrowed from evilginx2 Allowing Proxies to be used for each individual upcoming connection Direct DOM element values capturing before form submission or any other event 2FA Bypassed Auto-Cert generation. [hide][Hidden Content]]
  19. Give a Mask to Phishing URL like a PRO MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com). [hide][Hidden Content]]
  20. Light weight phishing framework with 18+ pages. LitePhish provides lite weight phishing pages with clean and minimal interface. It is modified and lite version of grayfish. What's new? Removed: Base64 encoded image, Embeded html in php. Reason : High filesize and low performance Removed: Admin Panel,MetaTags editor, extra things Reason : Unneccessary Re-coded: Webpages were recoded. Reason : To acheive fast loadup and low filesize Added: Sample.html. Reason : To show mechanism of LitePhish, Helpfull in contribution Added: Clicking on textarea will automatically copy URL. Reason : for ease Added: Redirection url as parameter to phishing page. Reason : for ease Added: Clean and colorfull panel. Reason : for good feelings Features Almost, all Templates are under 20KBs that helps in loading webpages fast. Images are encoded in base64 to avoid external + internal linking. Codes are highly compressed. Extra codes have been removed. Login form can't be bypass until all inputs have been filled by a victim. Link with custom preview(image + title + description) when shared on any website. Admin login panel has been created for absolute dummies. Available sites Dropbox Facebook_desktop_homepage Facebook_desktop_static Facebook_mobile + 2FA Facebook_mobile_fake_security Github Garena Free Fire Instagram Linkedin Microsoft Netflix Protonmail Sample (meant for developers) Snapchat Tumblr Messenger Twitter_desktop Wordpress Yahoo [hide][Hidden Content]]
  21. Requirements: Ngrok PHP [hide][Hidden Content]]
  22. ABOUT TOOL : mrphish is a bash based script which is officially made for phish*ng social media accounts with portforwarding and otp bypassing cntrole. This tool works on both rooted Android device and Non-rooted Android device. AVAILABLE ON : Termux TESTED ON : Termux REQUIREMENTS : internet php storage 400 MB ngrok Token FEATURES : [+] Instagram Login Page ! [+] Updated maintainence ! [+] 1 Port Forwarding Option ! [+] Easy for Beginners ! [hide][Hidden Content]]
  23. itsMe

    Advance Phishing Tool 2.1

    TECHNIQUE When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. Advance Phishing Tool 2.1 Bug Fixes Change Designed 01 Error Solved Advance Phishing Method Add Real Domain Phishing Link [hide][Hidden Content]]
  24. evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of the nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. The present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use. Changelog v2.4 Feature: Create and set up pre-phish HTML templates for your campaigns. Create your HTML file and place {lure_url_html} or {lure_url_js} in code to manage redirection to the phishing page with any form of user interaction. Command: lures edit <id> template <template> Feature: Create customized hostnames for every phishing lure. Command: lures edit <id> hostname <hostname>. Feature: Support for routing connection via SOCKS5 and HTTP(S) proxies. Command: proxy. Feature: IP blacklist with automated IP address blacklisting and blocking on all or unauthorized requests. Command: blacklist Feature: Custom parameters can now be embedded encrypted in the phishing url. Command: lures get-url <id> param1=value1 param2="value2 with spaces". Feature: Requests to phishing urls can now be rejected if User-Agent of the visitor doesn’t match the whitelist regular expression filter for given lure. Command: lures edit <id> ua_filter <regexp> List of custom parameters can now be imported directly from file (text, csv, json). Command: lures get-url <id> import <params_file>. Generated phishing urls can now be exported to file (text, csv, json). Command: lures get-url <id> import <params_file> export <export_file> <text|csv|json>. Fixed: Requesting LetsEncrypt certificates multiple times without restarting. Subsequent requests would result in “No embedded JWK in JWS header” error. Removed setting custom parameters in lures options. Parameters will now only be sent encoded with the phishing url. Added with_params option to sub_filter allowing to enable the sub_filter only when specific parameter was set with the phishing url. Made command help screen easier to read. Improved autofill for lures edit commands and switched positions of <id> and the variable name. Increased the duration of whitelisting authorized connections for whole IP address from 15 seconds to 10 minutes. [hide][Hidden Content]]
  25. Advanced Phishing Tool For Instagram, With Custom Templates Built According To Your Needs. Author:[Whit3H4tJr] Features: Port Forwarding with Ngrok Live Attack IP Grabber Location Capture [hide][Hidden Content]]