Security News > 2021 > April > SniperPhish: An all-in-one open-source phishing toolkit

SniperPhish: An all-in-one open-source phishing toolkit
2021-04-26 05:00

SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns.

"The idea to develop SniperPhish came to me in a period during which the company I previously worked with did many social engineering assessments. Most of the assessment included phishing campaigns, which means creating and hosting phishing websites and crafting email campaigns. The available tools had certain limitations and were not very effective at simultaneously tracking data from the phishing emails and websites," security consultant Gem George, the tool's creator, told Help Net Security.

The client didn't want us to capture the users' passwords that were submitted to the phishing website. For each project, we were required to code for tracking data from phishing websites. Additionally, the data captured from this website needed to be mapped to the mail campaign, which was a time-consuming and often resulted in errors."

SniperPhish can create and schedule phishing email campaigns, create web and email tracker code, create custom tracker images, combine phishing sites with email campaigns for central tracking, track replies to phishing message, generate reports, and more.

"The main advantage of SniperPhish is that a person can use this single toolkit to perform web and email phishing assessments," Gem explained.

"Data can be centrally tracked from the results of phishing emails and websites. The tool reduces manual effort and avoids the necessity of coding language for capturing data from phishing websites. It also provides a variety of customization options for sending emails, which can be chosen as needed to bypass the targeted organization's security controls. Reports can also be customized. Finally, SniperPhish provides multiple options for crafting modern spear phishing campaigns, such as QR codes and bar codes."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Kqgn-HC_AvY/