Modlishka is a flexible and powerful reverse proxy, that will take your ethical phishing campaigns to the next level. It was realeased with an aim to:
Also Read : Dfirtrack : The Incident Response Tracking Application
Features
Some of the most important ‘Modlishka’ features :
Installation
Latest source code version can be fetched from here (zip) or here (tar).
Fetch the code with ‘go get’ :
$ go get -u github.com/drk1wi/Modlishka
Compile the binary and you are ready to go:
$ cd $GOPATH/src/github.com/drk1wi/Modlishka/
$ make
./dist/proxy -h
Usage of ./dist/proxy:
-cert string base64 encoded TLS certificate
-certKey string base64 encoded TLS certificate key
-certPool string base64 encoded Certification Authority certificate
-config string JSON configuration file. Convenient instead of using command line switches.
-credParams string Credential regexp collector with matching groups. Example: base64(username_regex),base64(password_regex)
-debug Print debug information
-disableSecurity Disable security features like anti-SSRF. Disable at your own risk.
-jsRules string Comma separated list of URL patterns and JS base64 encoded payloads that will be injected.
-listeningAddress string Listening address (default “127.0.0.1”)
-listeningPort string Listening port (default “443”)
-log string Local file to which fetched requests will be written (appended)
-phishing string
Phishing domain to create – Ex.: target.co
-plugins string Comma seperated list of enabled plugin names (default “all”)
-postOnly Log only HTTP POST requests
-target string Main target to proxy – Ex.: https://target.com
-targetRules string Comma separated list of ‘string’ patterns and their replacements.
-targetRes string Comma separated list of target subdomains that need to pass through the proxy
-terminateTriggers string Comma separated list of URLs from target’s origin which will trigger session termination
-terminateUrl string URL to redirect the client after session termination triggers
-tls
Enable TLS (default false)
-trackingCookie string
Name of the HTTP cookie used to track the victim (default “id”)
-trackingParam string
Name of the HTTP parameter used to track the victim (default “id”)
Credit : Giuseppe Trotta
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…