SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercise and would be reminded to take prior permission from the targeted organization to avoid legal implications.
Installation
Default login – Username: admin
Password: sniperphish
Main Features
Screenshots
Creating Web-Email Campaign – Quick Guide
In short, we create web tracker -> Add the web tracker to the phishing website -> create mail campaign with a link pointing to the phishing website -> start mail campaign.
Creating a web tracker:
Web Tracker -> New Tracker
for your phishing site. The “Web Pages” tab lists the pages you want to track.Creating an Email campaign:
Email Campaign ->
User Group
and add target usersEmail Campaign -> Sender List
and configure Mail server detailsEmail Campaign -> Email Template
and create mail template. Here, you can to link your phishing website based on the web tracker you created. For that, click on Insert
menu from email template editor and chose Link to Web Tracker
. Select your web tracker from the pop-up window and insert it.Email Campaign -> Campaign List -> New Mail Campaign
and select/fill the fields to create the campaign.Note: SniperPhish tracks your phishing website only if the page is called by appending cid
parameter (ie. ?cid={{CID}}
) at the end. For example opening http://yourphishingsite.com/login?cid=abcd
will be tracked, but not http://yourphishingsite.com/login
. Above 3rd step does this by default.
Viewing combined Web-Email Result
Go to Web-MailCamp Dashboard -> Select Campaign
. Then selct the web tracker and email campaign you created.
Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…
Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…
The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…
Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…
Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…
PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…