Categories: Kali Linux

SPF – SpeedPhish Framework For Phishing Exercises

SPF is nothing but a SpeedPhish Framework tool designed using a python to allow for quick recon and deployment of simple social engineering phishing exercises.

Requirements For SPF

  1. dnspython
  2. twisted
  3. PhantomJS

Also Read Ghost Phisher – Wireless & Ethernet Attack Software Application

How to install SPF ?

Run the below command to install the SPF tool;

pip install dnspython
pip install pycrypto

apt-get install python-twisted-web
apt-get install phantomjs

git clone --recursive https://github.com/tatanus/SPF.git

Running SPF 

usage: spf.py [-h] [-f <list.txt>] [-C <config.txt>] [--all] [--test] [-e]
              [-g] [-s] [--simulate] [-w] [-W] [-d <domain>]
              [-c <company's name>] [--ip <IP address>] [-v] [-y]

optional arguments:
  -h, --help           show this help message and exit
  -d <domain>          domain name to phish
  -c <company's name>  name of company to phish
  --ip <IP address>    IP of webserver defaults to [192.168.1.124]
  -v, --verbosity      increase output verbosity

input files:
  -f <list.txt>        file containing list of email addresses
  -C <config.txt>      config file

enable flags:
  --all                enable ALL flags... same as (-e -g -s -w)
  --test               enable all flags EXCEPT sending of emails... same as
                       (-e -g --simulate -w -y -v -v)
  -e                   enable external tool utilization
  -g                   enable automated gathering of email targets
  -s                   enable automated sending of phishing emails to targets
  --simulate           simulate the sending of phishing emails to targets
  -w                   enable generation of phishing web sites
  -W                   leave web server running after termination of spf.py

misc:
  -y                   automatically answer yes to all questions

Execution:

cd spf
python spf.py --test -d example.com

or to just test the websites:

cd spf
python web.py default.cfg

Sample Video

DerbyCon 2015 Video

BsidesLV 2015 Video

BsidesKnox 2015 Video

Video of sample usage

R K

Share
Published by
R K
Tags: FrameworkPhishingSpeedPhishSPF
7 years ago

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 day ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

2 days ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

2 days ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

2 days ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

2 days ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

2 days ago