Mercure is a tool for security managers who want to teach their colleagues about phishing.
What Mercure can do:
What Mercure will do:
Docker Quickstart
Requirements
Available configuration
Environment variable name | Status | Description | Value example |
---|---|---|---|
SECRET_KEY | Required | Django secret key | Random string |
URL | Required | Mercure URL | https://mercure.example.com |
EMAIL_HOST | Required | SMTP server | mail.example.com |
EMAIL_PORT | Optional | SMTP port | 587 |
EMAIL_HOST_USER | Optional | SMTP user | [email protected] |
EMAIL_HOST_PASSWORD | Optional | SMTP password | P@SSWORD |
DEBUG | Optional | Run on debug mode | True |
SENTRY_DSN | Optional | Send debug info to sentry.io | https://23xxx:[email protected]/1234 |
AXES_LOCK_OUT_AT_FAILURE | Optional | Ban on forcebrute login | True |
AXES_COOLOFF_TIME | Optional | Ban duration on forcebrute login (in hours) | 0.8333 |
DONT_SERVES_STATIC_FILE | Optional | Don’t serve static files with django | True |
Sample deployment
# create container
docker run \
-d \
--name=mercure \
-e SECRET_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 200 | head -n 1) \
-e URL=https://mercure.example.com \
-e EMAIL_HOST=mail.example.com \
-e EMAIL_PORT=587 \
-e [email protected] \
-e EMAIL_HOST_PASSWORD=P@SSWORD \
synhackfr/mercure
# create super user
docker exec -it mercure python manage.py createsuperuser
Git Quickstart
Requirements
Deployment
git clone [email protected]:synhack/mercure.git && cd mercure
pip install -r requirements.txt
./manage.py makemigrations
./manage.py migrate
./manage.py collectstatic
./manage.py createsuperuser
./manage.py runserver
How to use mercure
We can consider mercure is divide between 4 categories :
You need to fill mercure name, the target email.Target first and last name are optional, but can be usefull to the landing page
You need to fill the mercure name, the subject, the send and the email content. To improve the email quality, you have to fill the email content HTML and the text content. To get information about opened email, check “Add open email tracker” You can be helped with “Variables” category.
Attachments and landing page are optionnal, we will see it after.
You need to fill the mercure name, select the email template and the target group. You can select the SMTP credentials, SSL using or URL minimazing
You need to fill the mercure name, the domain to use You can use “Import from URL” to copy an existing website.
You have to fill the page content with text and HTML content by clicking to “Source”
You need to fill the mercure name, the file name which appears in the email and the file You also have to check if the the file is buildable or not, if you need to compute a file for example.
To execute the build , you need to create a zip archive which contain a build script (named ‘generator.sh’ and a buildable file