Social Engineering
Basics
The Hacker's Playbook 3: Social Engineering - pg. 174
Social Engineering: The Science of Human Hacking - Christopher Hadnagy
Advanced Penetration Testing: Advanced Concepts in Social Engineering- pg. 194
Hacking: The next generation - Infiltrating the phishing underground: learning from online criminals, pg 177
Phishing
squarephish - SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.
PhishInSuits - OAuth Device Code Phishing with Verified Apps
Muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
NecroBrowser - Necrobrowser is a browser instrumentation microservice written in NodeJS: it uses the Puppeteer library to control instances of Chrome or Firefox in headless and GUI mode.
catphish - Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.
king-phisher - Advanced Phishing Campaign toolkit
evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
ReelPhish - FireEye phishing and 2fa bypass tool
FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
TigerShark - Bilingual PhishingKit. TigerShark integrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Zphisher - An automated phishing tool with 30+ templates.
SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
SocialFish - Educational Phishing Tool & Information Collector
shellphish - Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github
saycheese - Take webcam shots from target just sending a malicious link
Mal-docs
Advanced Penetration Testing: Learning how to use the VBA macro - pg. 5
Advanced Penetration Testing: VBA Redux, Alternative Command Line Attack Vectors- pg. 116
Advanced Penetration Testing: Deploying with HTA - pg. 138
Last updated