Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token.
usage: credsniper.py [-h] –module MODULE [–twofactor] [–port PORT] [–ssl] [–verbose] –final FINAL –hostname HOSTNAME
optional arguments:
-h, --help show this help message and exit
--module MODULE phishing module name - for example, "gmail"
--twofactor enable two-factor phishing
--port PORT listening port (default: 80/443)
--ssl use SSL via Let's Encrypt
--verbose enable verbose output
--final FINAL final url the user is redirected to after phishing is done
--hostname HOSTNAME hostname for SSL
.cache : Temporarily store username/password when phishing 2FA
.sniped : Flat-file storage for captured credentials and other information
https://<phish site>/creds/view?api_token=<api token>
https://<phish site>/creds/seen/<cred_id>?api_token=<api token>
https://<phish site>/config
{
'enable_2fa': true,
'module': 'gmail',
'api_token': 'some-random-string'
}
All modules can be loaded by passing the --module <name>
command to CredSniper. These are loaded from a directory inside /modules
. CredSniper is built using Python Flask and all the module HTML templates are rendered using Jinja2.
GMAIL UPDATE: Google requires a backup form of 2FA when using U2F. Bypassing U2F is possible by forcing one of the fall-back options instead of prompting the user to use their U2F device. CredSniper attempts to force SMS if it’s available otherwise it forces TOTP. For security savvy victims, they may be weary if they are prompted for the SMS or TOTP token instead of their U2F device.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…