Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token.
Benefits
Basic Usage
usage: credsniper.py [-h] --module MODULE [–twofactor] [–port PORT] [–ssl] [–verbose] --final FINAL --hostname HOSTNAME
optional arguments:
-h, --help show this help message and exit
--module MODULE [phishing](<https://www.kitploit.com/search/label/Phishing>) module name - for example, "gmail"
--twofactor enable two-factor phishing
--port PORT listening port (default: 80/443)
--ssl use SSL via Let's Encrypt
--verbose enable verbose output
--final FINAL final url the user is redirected to after [phishing](<https://www.kitploit.com/search/label/Phishing>) is done
--hostname HOSTNAME hostname for SSL
Credentials .cache: Temporarily store username/password when phishing 2FA .sniped : Flat-file storage for captured credentials and other information
API End-point
View Credentials (GET) https://<phish site>/creds/view?api_token=<api token>
Mark Credential as Seen (GET) https://<phish site>/creds/seen/<cred_id>?api_token=<api token>
Update Configuration (POST) https://<phish site>/config
{
‘enable_2fa’: true,
‘module’: ‘gmail’,
‘api_token’: ‘some-random-string’
}
Modules
All modules can be loaded by passing the --module <name>
command to CredSniper. These are loaded from a directory inside /modules
. CredSniper is built using Python Flask and all the module HTML templates are rendered using Jinja2.
Installation
Ubuntu 16.04
You can install and run automatically with the following command:
$ git clone https://github.com/ustayready/CredSniper
$ cd CredSniper
~/CredSniper$ ./install.sh
Then, to run manually use the following commands:
~/$ cd CredSniper
~/CredSniper$ source bin/activate
(CredSniper) ~/CredSniper$ python credsniper.py --help
Note that Python 3 is required.
Screenshots
Gmail Module