README
¶
PhishPayback: Phishing Spammer
The idea is to combat phishing with spam, this is a hacking repo (needless to add that "hacking" IS "ethical" by its sole origin. Please stop confusing hacking with cracking, there's no need to add "ethical" after "hacking"!).
Inspired in
- GitHub - v3lip/PhishingSpammer
- YouTube - @ScammerPayback
Dear Cracker, a note for you if you dare to feel "affected" by this repo:: First of all: You're not a hacker, you're just a cracker. Be a real hacker: some companies offer bounties for finding bugs and other vulnerabilities in their systems. I trust you are able to apply to one of them, look: I'm just doing this for fun in my free time and I'm not even an expert in what you surely can do with your knowledge. Wether you get a bounty, or you find a job in which you feel comfortable, once you have free a little of your precious time, please come back here and give me a hand with this repo. I've learnt a lot by just developing this repo
Types
- Send random data to phishing backends
- TODO: Create DDOs attacks for frontends
- TODO: Create DDOs attacks for backends
Targets
For safety reasons, no URL will be in this readme, please check source code for details.
And also, for non-safety reasons, Why should I care about any exposed token in this repository? ¯\_(ツ)_/¯
Usage
Requirements:
- This repo cloned. All commands here assumes that you are within your cloned copy of this repo
- Golang installed (For now, perhaps in future i'd upload binaries...)
- (Optional for development) docker installed (To run a local mockserver)
Init/Install
go get
Build
go build
Run
./backphish
If no options (as above), will list the available phishing targets.
Available CLI options:
-l int
Log Level. Values: 0-Verbose/Debug 1-Normal 2-Quiet/Severe (default 1)
-m value
Use mock server in HTTP requests. Must be a valid URL or empty string "" to take default. ("http://localhost:1080")
-n string
Attack name
-p int
Simultaneous processes/threads (default 1)
-q int
Total quantity of attacks. Set 0 for unlimited (default 4)
Note: --help option returns the above list of options
(Miscellaneous)
Local mock server (for development only)
Runs a mock/dummy HTTP server in your local 1080 port - Based in mockserver. With docker:
docker run -it --rm -p 1080:1080 mockserver/mockserver
And then go to the dashboard
Refereces or related links
The following is a recopilation of technologies/providers used in this repo and/or by phishing pages
- VCC Generator - Generates cards for testing purposes
- Replit deployments
- devtools-detect - Trigger actions depending on detection of devtools/inspector usage
- Chrome DevTools - Network requests: Test your site by blocking network requests (To disable loading of utilities that mess with devtools/debugger)
- Reverse IP Lookup
- Engintron: Nginx on cPanel/WHM server
- cf-clearance (old?) - cf-clearance (active?) - "make a cloudflare v2 challenge pass successfully"
- HTTrack - website copier
- Webflow - Website builder
- clevertap(.min.js) - ???
- r/dataisbeautiful - Most common 4 digit PIN numbers
- DNS Propagation Checker
Abuse reporting
Documentation
¶
There is no documentation for this package.
Source Files
Directories