PhishLulz - Ruby toolset aimed at automating Phishing activities

PhishLulz is a Ruby toolset aimed at automating Phishing activities.
When you start a phishing campaign, a dedicated Amazon EC2 (Debian 7) instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are:

PhishLulz comes with its own self-signed CA: this is needed to generate self-signed certs for the PhishingFrenzy admin UI. You will also find a bunch of cool phishing templates (which are not in PF) that you can quickly re-use in your scenarios.
Automatic domain registration is still TODO, however you can play with the almost-working code for the NameCheap registrar.

PhishLulz AWS AMI

The public AMI id is: ami-141bb974 You want to clone that, add your SSH keys, and use your nre clone.
The following are default passwords for various services, change them.
  • MySQL root user: phishlulz_mysql
  • PhishingFrenzy admin user: phishlulz_frenzy
  • BeEF beef user: phishlulz_beef
To change the default admin user password/email for PhishingFrenzy use the Rails console: cd /var/www/phishing-frenzy && RAILS_ENV=production rails console admin = Admin.first admin.password = "newpasswd" admin.email = "newemail" admin.save! exit

PhishLulz Toolset
  • phish_lulz: main script to start/stop phishing instances
  • tools/find_resources: multi-threaded subdomain discovery and fingerprinting tool
  • tools/mailboxbug: multi-threaded webmail data extruder
  • tools/mail_parser: simple script to extract html/txt from an .eml email file
  • namecheap_wrapper: WIP for automated domain registration

PhishLulz material released at KiwiCon X

  • Amazon AWS account (see main config.yaml)
  • Non-Winzozz OS (path separators are hardcoded on purpose to don't make it compatible with Winzozz)
  • ssh, scp, openssl in PATH
  • Sane Ruby environment (RVM suggested). Install the required gems with: gem install sinatra thin watir-webdriver headless colorize datamapper dm-sqlite-adapter dm-timestamps dm-migrations fog nokogiri mail net-ssh --no-rdoc --no-ri
  • Gecko/Chrome drivers
To instrument Firefox you need to have the geckodriver binary in your PATH. Download it from https://github.com/mozilla/geckodriver/releases Same thing applies if you prefer instrumenting Chrome, you need the chromedriver.
Once you have the binary, make sure it's in the PATH: export PATH=$PATH:path_to_driver_dir

Finally, make sure the MailBoxBug data extrusion domain has a valid HTTPS certificate (Mixed content...)

PhishLulz - Ruby toolset aimed at automating Phishing activities PhishLulz - Ruby toolset aimed at automating Phishing activities Reviewed by Zion3R on 11:55 AM Rating: 5