GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → FreeZeroDays → GoPhish-Templates

FreeZeroDays / GoPhish-Templates

Licence: other
GoPhish Templates that I have retired and/or templates I've recreated.

Programming Languages

HTML
75241 projects

Labels

phishingpenetration-testinggophishredteam

Projects that are alternatives of or similar to GoPhish-Templates

MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+3.95%)
Mutual labels:  phishing, redteam
Elliot
A pentesting tool inspired by mr robot and derived by zphisher
Stars: ✭ 23 (-69.74%)
Mutual labels:  phishing, penetration-testing
Dark-Phish
Dark-Phish is a complete phishing tool. For more about Dark-Phish tool please visit the website.
Stars: ✭ 57 (-25%)
Mutual labels:  phishing, penetration-testing
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (+118.42%)
Mutual labels:  penetration-testing, redteam
Deepsea
DeepSea Phishing Gear
Stars: ✭ 96 (+26.32%)
Mutual labels:  phishing, redteam
Remote Desktop Caching
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (+125%)
Mutual labels:  penetration-testing, redteam
goblin
一款适用于红蓝对抗中的仿真钓鱼系统
Stars: ✭ 844 (+1010.53%)
Mutual labels:  phishing, redteam
Nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+7719.74%)
Mutual labels:  penetration-testing, redteam
Gophish
Open-Source Phishing Toolkit
Stars: ✭ 6,435 (+8367.11%)
Mutual labels:  phishing, gophish
Phishing Frenzy
Ruby on Rails Phishing Framework
Stars: ✭ 643 (+746.05%)
Mutual labels:  phishing, penetration-testing
Thecollective
The Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (+11.84%)
Mutual labels:  penetration-testing, redteam
Tigershark
Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Stars: ✭ 212 (+178.95%)
Mutual labels:  phishing, penetration-testing
Red Team Curation List
A list to discover work of red team tooling and methodology for penetration testing and security assessment
Stars: ✭ 68 (-10.53%)
Mutual labels:  penetration-testing, redteam
Serpentine
C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Stars: ✭ 216 (+184.21%)
Mutual labels:  penetration-testing, redteam
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+790.79%)
Mutual labels:  penetration-testing, redteam
365-Stealer
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
Stars: ✭ 200 (+163.16%)
Mutual labels:  phishing, redteam
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+402.63%)
Mutual labels:  penetration-testing, redteam
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+43201.32%)
Mutual labels:  penetration-testing, redteam
Awesome Red Teaming
List of Awesome Red Teaming Resources
Stars: ✭ 4,223 (+5456.58%)
Mutual labels:  phishing, redteam
Dnsmorph
Domain name permutation engine written in Go
Stars: ✭ 148 (+94.74%)
Mutual labels:  phishing, penetration-testing
View All Similar Projects ➔

GoPhish Templates

This repository includes several GoPhish templates that I have utilized for various engagements and now retired.

When learning how to setup and use GoPhish I found that there was a lack of publicly available templates and landing pages. This repository is my attempt to give back to the InfoSec community by providing examples that I've used for generic phishing engagements.

Clicking = Fail & Other Thoughts

When launching a campaign with GoPhish my goal is to always try and obtain credentials from the user. While attacks can be executed from a user clicking a link (looking at you BeEF), 9/10 when I'm on a penetration test, credentials are what I am hoping for since dropping malware often isn't in scope. These campaigns are best paired with a good landing page or malicious download.

I highly recommend you tailor these pretexts and landing pages to your client. That means you should clone a login portal from their external environment or create a convincing template relative to ongoing events to be used throughout more sophisticated campaigns. Remember, we potentially only need to win once to go masterhacker mode.

However, I do want to state that users who click an email still provide me with some interesting information:

  1. The email address is valid.
  2. I know that the user has received the email and it has bypassed any protections in place.
  3. I know that the user is active and can be targeted in additional campaigns.

GoPhish

Gophish is a powerful, open-source phishing framework. GoPhish is avaialble for free.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].