Kali Linux Tutorials

The Android Application Developer Guide: Converting an iOS App to Android

While an extensive variety of organizations may choose to send their mobile application only on the iOS platform first, many will do the change to Android on the off chance that they haven’t as of now and all things considered. Holding more than 75 percent of the world’s mobile OS piece of the overall industry, Android offers a huge gathering of people for application designers to take advantage of Android Application Developer.

Along these lines, it’s basically vital that developers know how to make an Android application from one that as of now exists on iOS. Tragically, there’s no surefire mechanized process that can deal with this transformation for you, and with every stage being endlessly extraordinary, there are numerous variables to consider while changing over an iOS application into an Android application.

Suppose your iOS application has just been released onto the Apple App Store, why update it for Android? All things considered, in the event that you don’t change over your application, you’d be seriously restricting your market achieve, chance to include new highlights, and at last decreasing your general ROI.

Obviously, changing over an iOS application to Android is a crucial advance toward amplifying the achievement of the venture. This is what you have to know keeping in mind the end goal to convey your mobile application to a more extensive market.

Also Read Fluxion – Remake Of Linset By VK496 With Less Bugs & Enhanced Functionality

Differences Between Programming Languages

In spite of the fact that there’s no robotized device to deal with the mobile application change process for you, there are some approaches to make the procedure less demanding. Most iOS designers utilize Swift and Objective-C for a programming dialect, while most Android application engineers use Java and Kotlin.

Be that as it may, since both Swift and Kotlin are moderately new to the programming field, they share a considerable measure of likenesses. Along these lines, on the off chance that you build up an iOS application in Swift and change over it utilizing Kotlin, you will have the capacity to exchange over code without having to widely transform it.

Keeping Design Discrepancies in Mind

Maybe the most central perspectives to remember while changing over an iOS application to Android are the plan fluctuations between the two platform. Android works in material outline while iOS utilizes level plan, and this effects the manner in which you can actualize different outline components. Here are the absolute most imperative contrasts:

Buttons – Android applications actualize coasting activity buttons, while buttons on iOS are level with shadows. So as to get included on the Google Play application store, one of the necessities is that buttons have cut, adjusted corners.
Object placement – The plan that Android utilizes prompts a various leveled course of action of items. Then again, Apple underpins an all the more flush and moderate look.
Lists – The look, behavior, and animations of records are immeasurably unique amongst iOS and Android.
Tabs – Since Android clients have tabs at the base of the screen and Apple places tabs at the best, you should be aware of not incorporating in-application tabs in the wrong place.
Typography – While Android applications only utilize Roboto text style, iOS applications can be in either San Francisco or Helvetica Neue.
Navigation – There are likewise dissimilarities in the manner in which route components are realized. On iOS, the route bar has a lower tallness and a focused title, Android’s route bar has a more noteworthy stature and the title is adjusted beginning from the left.

Notwithstanding these outline components, an Android application developer will likewise need to observe contrasts in screen determination and format, and additionally the working framework that their application will be upgraded for.

Final Test Android Application

Once you’ve finished changing over an iOS application to Android, there’s as yet one more significant advance before intersection the end goal. Keeping in mind the end goal to guarantee quality affirmation, you’ll need to attempt UX testing, source application business rationale investigation, and in addition exact coding and testing.

The ideal method to test on Android is by utilizing genuine gadgets or utilizing emulation devices, for example, Robotium or Appium. You can likewise apply approval testing, client beta testing, approval and different instruments to work out any crimps your changed over application may have.

To condense, in the event that you represent the programming language, contrasts in plan and format, discontinuity, and quality affirmation testing, you can effectively total the transformation procedure from iOS to Android, keeping your application fit as a fiddle on the two platforms.

Win-PortFwd : Powershell Script To Setup Windows Port Forwarding Using Native Netsh Client

Win-PortFwd is a powershell script to setup windows port forwarding using native netsh client.

Installation

git clone https://github.com/deepzec/Win-PortFwd.git

Win-PortFwd Usage

.\win-portfwd.ps1

powershell.exe -noprofile -executionpolicy bypass -file .\win-portfwd.ps1

Also Read MacSubstrate – Tool For Interprocess Code Injection On macOS

Example :

Note: This script require admin privileges to run, this script will automatically try to elevate the privileges if you are running this script under normal user privileges.

MacSubstrate – Tool For Interprocess Code Injection On macOS

MacSubstrate is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, you can inject your plugins (.bundle or .framework) into a mac app (including sandboxed apps) to tweak it in the runtime.

All you need is to get or create plugins for your target app.
No trouble with modification and codesign for the original target app.
No more work after the target app is updated.
Super easy to install or uninstall a plugin.
Loading plugins automatically whenever the target app is relaunched.
Providing a GUI app to make injection much easier.

Also Read IDB – Tool To Simplify Some Common Tasks For iOS Pentesting & Research

MacSubstrate Usage

Download macSubstrate.app, put into /Applications and launch it.
Grant authorization if needed.
Install a plugin by importing or dragging into macSubstrate.
Launch the target app.

step 3 and step 4 can be switched

Once a plugin is installed by macSubstrate, it will take effect immediately. But if you want it to work whenever the target app is relaunched or macOS is restarted, you need to keep it running and allow it to automatically launch at login.

Uninstall a plugin when you do not need it anymore.

Plugin

It supports plugins of .bundle or .framework, so you just need to create a valid .bundle or .framework file. The most important thing is to add a key macSubstratePlugin into the info.plist, with the dictionary value:

Key	Value
`TargetAppBundleID`	the target app’s `CFBundleIdentifier`, this tells it which app to inject.
`Description`	brief description of the plugin
`AuthorName`	author name of the plugin
`AuthorEmail`	author email of the plugin

Please check the demo plugins demo.bundle and demo.framework for details.

Xcode Templates

macSubstrate also provides Xcode Templates to help you create plugins conveniently:

ln -fhs ./macSubstratePluginTemplate ~/Library/Developer/Xcode/Templates/macSubstrate\ Plugin
Launch Xcode, and there will be 2 new plugin templates for you.

My Plugins

Send you a notification when you receive a HongBao message.
Send you a notification when you receive a message containing customized keywords.
Anti-recall message and send you a notification.

Welcome pull requests of your own plugins to Plugins.

Security

SIP is a new security policy on macOS, which will help to keep you away from potential security risk. Disable it means you will lose the protection from SIP.
If you install a plugin from a developer, you should be responsible for the security of the plugin. If you do not trust it, please do not install it. macSubstrate will help to verify the code signature of a plugin, and I suggest you to scan it using VirusTotal. Anyway, macSubstrate is just a tool, and it is your choice to decide what plugin to install.

Fluxion – Remake Of Linset By VK496 With Less Bugs & Enhanced Functionality

Fluxion is the future of MITM WPA attacks. Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters. Read the FAQ before requesting issues.

Also Read WindowsSpyBlocker – Block Spying & Tracking On Windows

Fluxion Installation

Download the latest revision

git clone --recursive git@github.com:FluxionNetwork/fluxion.git

Switch to tool’s directory

cd fluxion

Run fluxion (missing dependencies will be auto-installed)

./fluxion.sh

Fluxion is also available in arch

cd bin/arch
makepkg

or using the blackarch repo

pacman -S fluxion

How it works

Scan for a target wireless network.
Launch the Handshake Snooper attack.
Capture a handshake (necessary for password verification).
Launch Captive Portal attack.
Spawns a rogue (fake) AP, imitating the original access point.
Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.
Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP.
All authentication attempts at the captive portal are checked against the handshake file captured earlier.
The attack will automatically terminate once a correct key has been submitted.
The key will be logged and clients will be allowed to reconnect to the target access point.

Disclaimer

Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, and research.
The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

Note : Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn’t allow access to network interfaces. Any Issue regarding the same would be Closed Immediately

RidRelay – Easy Way To Get Domain Usernames While On An Internal Network

Quick and easy way to get domain usernames while on an internal network. RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It takes these steps:

Spins up an SMB server and waits for an incoming SMB connection
The incoming credentials are relayed to a specified target, creating a connection with the context of the relayed user
Queries are made down the SMB connection to the lsarpc pipe to get the list of domain usernames. This is done by cycling up to 50000 RIDs.

Also Read Mercure – Tool For Security Managers Who Want To Train Their Colleague To Phishing

RidRelay Dependencies

Python 2.7 (sorry but impacket doesn’t play nice with 3 🙁 )
Impacket v0.9.17 or above

Installation

pipenv install --two
pipenv shell

# Optional: Run if installing impacket
git submodule update --init --recursive
cd submodules/impacket
python setup.py install
cd ../..

Usage

First, find a target host to relay to. The target must be a member of the domain and MUST have SMB Signin off. CrackMapExec can get this info for you very quick!

Start RidRelay pointing to the target:

python ridrelay.py -t 10.0.0.50

Also output usernames to file

python ridrelay.py -t 10.0.0.50 -o path_to_output.txt

WindowsSpyBlocker – Block Spying & Tracking On Windows

WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems. The initial approach of this application is to capture and analyze network traffic based on a set of tools.

Configuration file app.conf is generated at first launch :

Also Read Shodanwave – Tool For Exploring & Obtaining Information From Cameras

WindowsSpyBlocker Telemetry & Data collection

To capture and analyze network traffic for the telemetry option, QEMU virtual machines are used on the server virtualization management platform Proxmox VE based on :

Windows 10 Pro 64bits with automatic updates enabled.
Windows 8.1 Pro 64bits with automatic updates enabled.
Windows 7 SP1 Pro 64bits with automatic updates enabled.

Traffic dumps are clean every day and compared with the current rules to add / remove some hosts or firewall rules.

Tools used to capture traffic :

qemu -net dump : capture
Wireshark : capture + logs
Sysmon : capture + logs
Proxifier : logs

The data folder contains the blocking rules based on domains or IPs detected during the capture process :

data/<type>/extra.txt : Block third party applications
data/<type>/spy.txt : Block Windows Spy / Telemetry
data/<type>/update.txt : Block Windows Update

Firewall and Hosts data are the main types. The others are generated from these as :

DNSCrypt : a protocol for securing communications between a client and a DNS resolver.
OpenWrt : an open source project used on embedded devices to route network traffic.
P2P : a plaintext IP data format from PeerGuardian.
Proxifier : an advanced proxy client on Windows with a flexible rule system.
Simplewall : a simple tool to configure Windows Filtering Platform (WFP).

IDB – Tool To Simplify Some Common Tasks For iOS Pentesting & Research

IDB is a tool to simplify some common tasks for iOS pentesting and research. Originally there was a command line version of the tool, but it is no longer under development so you should get the GUI version.

It has some prerequisites. As it turns out, things like ruby and Qt are difficult to bundle into a stand-alone installer. While it itself can easily be installed via Ruby Gems, you need to have some additional software first.

Also Read PCILeech – Direct Memory Access (DMA) Attack Software

Prerequisites

Ruby Environment

It requires a valid ruby 2.1+ installation and it is recommended to install the used ruby using RVM. Ruby 2.0 does not work properly due to issues with qtbindings.

Important Note: Shared library support is required! This is the default for many system rubies, but if you install a ruby via rvm or similar, you need to do one of the following:

Under rvm use rvm install 2.4.1 --enable-shared when installing ruby.
Under ruby-install/chruby use-- --enable-shared when installing ruby.
Under ruby-build/rbenv with ruby-build use CONFIGURE_OPTS=--enable-shared [command] when installing Ruby.

Install Other Prerequisites

For OS X:

Homebrew removed Qt4 from the main repositories and only provides Qt5 libraries. Unfortunately, there are no Qt5 bindings for ruby available as of yet. The following will add a repository containing Qt4 libraries. Thanks to moloch- for posting the instructions on Github.

brew tap cartr/qt4
brew tap-pin cartr/qt4
brew install cartr/qt4/qt@4

Install the remaining dependencies

brew install cmake usbmuxd libimobiledevice

Building nokogiri will likely require a working XCode installation:

xcode-select --install

If you run into problems compiling nokogiri upon installation of idb.

For Ubuntu:

apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd libxml2-dev libsqlite3-dev -y

Installing IDB

Production Use

Install idb: gem install idb
Run idb: idb
Hooray!

Development

Clone the repository: git clone https://github.com/dmayer/idb
cd idb
bundle install (using the right ruby version)
As for every ruby gem, the application code lives in the lib folder
Run idb by calling bundle exec idb
- Note: Running bin/idb directly won’t work since it will not find the idb gem (or use the installed gem and not the checked out source code). Instead, the bundle exec command runs in the current bundler environment where bundler supplies the gem from source.

Shodanwave – Tool For Exploring & Obtaining Information From Cameras

Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online.

What does the tool to? Look, a list!

Search
Brute force
SSID and WPAPSK Password Disclosure
E-mail, FTP, DNS, MSN Password Disclosure
Exploit

This is an example of shodan wave running, the password was not found through raw force so the tool tries to leak the camera’s memory. If the tool finds the password it does not try to leak the memory.

Also Read OWTF – Offensive Web Testing Framework Great Tools & Make Pen Testing More Efficient

How to use Shodanwave ?

To use shodanwave you need an api key which you can get for free at https://www.shodan.io/, then you need to follow the next steps.

Installation

$ cd /opt/
$ git clone https://github.com/fbctf/shodanwave.git
$ cd shodanwave
$ pip install -r requirements.txt

Usage

Usage: python shodanwave.py -u usernames.txt -w passwords.txt  -k Shodan API key --t OUTPUT
       python shodanwave.py --help 
         __              __                                   
   _____/ /_  ____  ____/ /___ _____ _      ______ __   _____ 
  / ___/ __ \/ __ \/ __  / __ `/ __ \ | /| / / __ `/ | / / _ \
 (__  ) / / / /_/ / /_/ / /_/ / / / / |/ |/ / /_/ /| |/ /  __/
/____/_/ /_/\____/\__,_/\__,_/_/ /_/|__/|__/\__,_/ |___/\___/ 
                                                              

This tool is successfully connected to shodan service
Information the use of this tool is illegal, not bad.

usage: shodanwave.py [-h] [-s SEARCH] [-u USERNAME] [-w PASSWORD] [-k ADDRESS]

optional arguments:
  -h, --help            show this help message and exit
  -s SEARCH, --search SEARCH
                        Default Netwave IP Camera
  -u USERNAME, --username USERNAME
                        Select your usernames wordlist
  -w PASSWORD, --wordlist PASSWORD
                        Select your passwords wordlist
  -k ADDRESS, --shodan ADDRESS
                        Shodan API key
  -l LIMIT, --limit LIMIT
                        Limit the number of registers responsed by Shodan
  -o OFFSET, --offset OFFSET
                        Shodan skips this number of registers from response
  -t OUTPUT, --output OUTPUT
                        Save the results

Attention

Use this tool wisely and not for evil. To get the best performance of this tool you need to pay for shodan to get full API access Options –limit and –offset may need a paying API key and consume query credits from your Shodan account.

PCILeech – Direct Memory Access (DMA) Attack Software

PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system.

PCILeech supports multiple memory acquisition devices. Primarily hardware based, but also dump files and software based techniques based on select security issues are supported. USB3380 based hardware is only able to read 4GB of memory natively, but is able to read all memory if a kernel module (KMD) is first inserted into the target system kernel. FPGA based hardware is able to read all memory.

PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”. It is also possible to remove the logon password requirement, loading unsigned drivers, executing code and spawn system shells. PCIleech runs on Windows/Linux/Android. Supported target systems are currently the x64 versions of: UEFI, Linux, FreeBSD, macOS and Windows.

PCILeech also supports the Memory Process File System – which can be used with PCILeech FPGA hardware devices in read-write mode or with memory dump files in read-only mode.

To get going clone the repository and find the required binaries, modules and configuration files in the pcileech_files folder.

PCILeech Capabilities

Retrieve memory from the target system at >150MB/s.
Write data to the target system memory.
4GB memory can be accessed in native DMA mode (USB3380 hardware).
ALL memory can be accessed in native DMA mode (FPGA hardware).
ALL memory can be accessed if kernel module (KMD) is loaded.
Raw PCIe TLP access (FPGA hardware).
Mount live RAM as file [Linux, Windows, macOS*].
Mount file system as drive [Linux, Windows, macOS*].
Mount memory process file system as driver [Windows].
Execute kernel code on the target system.
Spawn system shell [Windows].
Spawn any executable [Windows].
Pull files [Linux, FreeBSD, Windows, macOS*].
Push files [Linux, Windows, macOS*].
Patch / Unlock (remove password requirement) [Windows, macOS*].
Easy to create own kernel shellcode and/or custom signatures.
Even more features not listed here …

Note : MacOS High Sierra is not supported.

Hardware

PCILeech supports multiple hardware devices. Please check out the PCILeech FPGA project for information about supported FPGA based hardware. Please check out PCILeech USB3380 for information about USB3380 based hardware. PCILeech also support memory dump files for limited functionality.

Please find a device comparison table below.

Device	Type	Interface	Speed	64-bit memory access	PCIe TLP access
AC701/FT601	FPGA	USB3	150MB/s	Yes	Yes
PCIeScreamer	FPGA	USB3	100MB/s	Yes	Yes
SP605/FT601	FPGA	USB3	75MB/s	Yes	Yes
SP605/TCP	FPGA	TCP/IP	100kB/s	Yes	Yes
USB3380-EVB	USB3380	USB3	150MB/s	No (via KMD only)	No
PP3380	USB3380	USB3	150MB/s	No (via KMD only)	No

Recommended adapters

PE3B – ExpressCard to mini-PCIe.
PE3A – ExpressCard to PCIe.
ADP – PCIe to mini-PCIe.
P15S-P15F – M.2 Key A+E to mini-PCIe.
Sonnet Echo ExpressCard Pro – Thunderbolt to ExpressCard.
Apple Thunderbolt3 (USB-C) – Thunderbolt2 dongle.

Please note that other adapters may also work.

Also Read GoldenEye – GoldenEye Layer 7 DoS Test Tool

Installing PCILeech

Please ensure you do have the most recent version of PCILeech by visiting the PCILeech github repository.

Clone the PCILeech Github repository. The binaries are found in pcileech_files and should work on 64-bit Windows and Linux. Please copy all files from pcileech_files since some files contains additional modules and signatures.

Windows

Please see the PCILeech-on-Windows guide for information about running PCILeech on Windows.

The Google Android USB driver have to be installed if USB3380 hardware is used. Download the Google Android USB driver from here Unzip the driver.
FTDI drivers have to be installed if FPGA is used with FT601 USB3 addon card. Download the 64-bit FTD3XX.dll from FTDI and place it alongside pcileech.exe.
To mount live ram and target file system as drive in Windows the Dokany file system library must be installed. Please download and install the latest version of Dokany.

Linux and Android

Please see the PCILeech-on-Linux guide for information about running PCILeech on Linux or PCILeech-on-Android for Android information.

Examples:

Please see the project wiki pages for more examples. The wiki is in a buildup phase and information may still be missing.

Mount target system live RAM and file system, requires that a KMD is loaded. In this example 0x11abc000 is used.

pcileech.exe mount -kmd 0x11abc000

Show help for a specific kernel implant, in this case lx64_filepull kernel implant.

pcileech.exe lx64_filepull -help

Show help for the dump command.

pcileech.exe dump -help

Dump all memory from the target system given that a kernel module is loaded at address: 0x7fffe000.

pcileech.exe dump -kmd 0x7fffe000

Force dump memory below 4GB including accessible memory mapped devices using more stable USB2 approach.

pcileech.exe dump -force -usb2

Receive PCIe TLPs (Transaction Layer Packets) and print them on screen (correctly configured FPGA dev board required).

pcileech.exe tlp -vv -wait 1000

Probe/Enumerate the memory of the target system for readable memory pages and maximum memory. (FPGA hardware only).

pcileech.exe probe

Dump all memory between addresses min and max, don’t stop on failed pages. Native access to 64-bit memory is only supported on FPGA hardware.

pcileech.exe dump -min 0x0 -max 0x21e5fffff -force

Force the usage of a specific device (instead of default auto detecting it). The sp605_tcp device is not auto detected.

pcileech.exe pagedisplay -min 0x1000 -device sp605_tcp -device-addr 192.168.1.2

Mount the PCILeech Memory Process File System from a Windows 10 64-bit memory image.

pcileech.exe mount -device c:\temp\memdump_win10.raw

Dump memory using the the reported “TotalMeltdown” Windows 7/2008R2 x64 PML4 page table permission vulnerability.

pcileech.exe dump -out memdump_win7.raw -device totalmeltdown -v -force

Generating Signatures

PCILeech comes with built in signatures for Windows, Linux, FreeBSD and macOS. For Windows 10 it is also possible to use the pcileech_gensig.exe program to generate alternative signatures.

Limitations/Known Issues

Read and write errors on some hardware with the USB3380. Try pcileech.exe testmemreadwrite -min 0x1000 to test memory reads and writes against the physical address 0x1000 (or any other address) in order to confirm. If issues exists downgrading to USB2 may help.
The PCIeScreamer device may currently experience instability depending on target configuration and any adapters used.
Does not work if the OS uses the IOMMU/VT-d. This is the default on macOS (unless disabled in recovery mode). Windows 10 with Virtualization based security features enabled does not work fully – this is however not the default setting in Windows 10 or Linux.
Some Linux kernels does not work. Sometimes a required symbol is not exported in the kernel and PCILeech fails.
Linux based on the 4.8 kernel and later might not work with the USB3380 hardware. As an alternative, if target root access exists, compile and insert .ko (pcileech_kmd/linux). If the system is EFI booted an alternative signature exists.
Windows 7: signatures are not published.
File system mount, including the Memory Process File System, support only exists for Windows.

Mercure – Tool For Security Managers Who Want To Train Their Colleague To Phishing

Mercure is a tool for security managers who want to train their colleague to phishing.

What Mercure can do:

Create email templates
Create target lists
Create landing pages
Handle attachments
Let you keep track in the Campaign dashboard
Track email reads, landing page visits, and attachment execution.
Harvest credentials
Schedule campaigns
Minimize link in email templates

What Mercure will do:

Display more graphs (we like graphs!)
Provide a REST API
Allow for multi-message campaigns (aka scenarios)
Check browser plugins
User training

Also Read OWTF – Offensive Web Testing Framework Great Tools & Make Pen Testing More Efficient

Sample deployment

Edit docker compose configuration (docker-compose.yml)

version: '2'

services:
  front:
    image: atexio/mercure
    restart: always
    ports:
      - 8000:8000
    environment:
      SECRET_KEY: '<random value>'
      URL: 'https://preprod.mercure.io'
      EMAIL_HOST:  'mail.example.com'
      EMAIL_HOST_USER: 'phishing@example.com'
      EMAIL_HOST_PASSWORD: 'P@SSWORD'
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/database:/code/database
      - ./data/media:/code/media
      - ./data/migrations/phishing:/code/phishing/migrations

To generate the SECRET_KEY variable, you can use this command:

# generate random SECRET_KEY
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 200 | head -n 1

The SECRET_KEY is used as a salt for Django password hashing, don’t change it after using it with Mercure. After changing the secret key, you can run the container with this command:

docker-compose up -d

Next, you can create a superuser to log into the web interface:

# create super user
docker-compose exec front python manage.py createsuperuser

How to use Mercure

We can consider Mercure is divided into 5 steps :

Targets
Email Templates
Campaigns
Attachments
Landing page

Targets, Email Templates, and Campaign are the minimum required to run a basic phishing campaign.

First, add your targets

You need to fill Mercure name, the target email. Target first and the last name is optional but can be useful to the landing page

Then, fill in the email template.

You need to fill the Mercure name, the subject, the send and the email content. To improve the email quality, you have to fill the email content HTML and the text content. To get information about opened email, check “Add open email tracker” You can be helped with “Variables” category.

Attachments and landing page are optional, we will see it after.

Finally, launch the campaign

You need to fill the mercure name, select the email template and the target group. You can select the SMTP credentials, SSL using or URL minimizing

Optional, add a landing page

You need to fill the mercure name, the domain to use You can use “Import from URL” to copy an existing website.

You have to fill the page content with text and HTML content by clicking to “Source”

Optional, add Attachment

You need to fill the mercure name, the file name which appears in the email and the file You also have to check if the file is buildable or not if you need to compute a file for example.

To execute the build, you need to create a zip archive which contains a build script (named ‘generator.sh’ and a buildable file