├── .gitignore ├── client ├── a.html ├── a.png ├── cc.png ├── emails.txt ├── image.jpg ├── left.png ├── order_details.png ├── readme.txt ├── right.jpg └── spear.py └── server └── comingsoon.txt /.gitignore: -------------------------------------------------------------------------------- 1 | Rakefile 2 | -------------------------------------------------------------------------------- /client/a.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 | 5 | 6 | 224 | 225 | 226 |
7 | 8 | 9 | 10 | 11 | 12 | 13 | 31 | 32 | 33 | 44 | 45 | 46 | 49 | 50 | 51 | 63 | 64 | 65 | 76 | 77 | 78 | 79 | 80 | 81 | 89 | 90 | 91 | 113 | 114 | 115 | 162 | 163 | 164 | 172 | 173 | 174 | 182 | 183 | 184 | 209 | 210 | 211 | 221 | 222 | 223 |
14 | 15 | 16 | 17 | 18 | 19 | 24 | 25 | 26 | 27 | 28 | 29 | 30 |
SUCK.com 20 |
21 | Your Recommendations 22 |
23 |
 |  Your Account  |  SUCK.com

Order Confirmation

Order #142-3644477-72229022
34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 |

Thank you for shopping with us. We'll send a confirmation once your items have shipped. Your order details are indicated below. If you would like to view the status of your order or make any changes to it, please visit Your Orders on SUCK.com.

47 | 48 |
52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 |

Your estimated delivery date is:
Wednesday, December 3, 2014

Your shipping speed:
Two-Day Shipping

Your Orders

Your order will be sent to:
John Smith
3491 OCEAN CUT LN
VIRGINIA BEACH, VA 23451-4106
United States

66 |
67 |
68 | 69 | 70 | 71 | 72 | 73 | 74 |
Get a $10 gift card upon approval for the SUCK.com Store Card Get a $10 gift card upon approval for the SUCK.com Store Card
75 |

Order Details

82 | 83 | 84 | 85 | 86 | 87 | 88 |
Order #142-3644477-72229022
Placed on Thursday, November 13, 2014
92 | 93 | 94 | 95 | 96 | 109 | 110 | 111 | 112 |
2 x Some type of TV Stick
Electronics
Sold by SUCK Digital Services, Inc.
97 |
98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 |
108 |
$39.00
(or less)
Why?
116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 |
Item Subtotal: $78.00
Shipping & Handling: $0.00
Promotion Applied: -$40.00

Total Before Tax: $38.00
Estimated Tax: $3.04

Order Total: $41.04
165 | 166 | 167 | 168 | 169 | 170 | 171 |

To learn more about ordering, go to Help.

175 | 176 | 177 | 178 | 179 | 180 | 181 |

Thank you for shopping with us.
SUCK.com

185 | 186 | 187 | 188 | 197 | 206 | 207 | 208 |
189 |
190 | 191 | 192 | 193 | 194 | 195 | 196 |
Movies and TV Movies and TV
 198 |
199 | 200 | 201 | 202 | 203 | 204 | 205 |
Support your favorite charity with SUCK Smile Support your favorite charity with SUCK Smile
212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 |

Unless otherwise noted, items sold by SUCK.com LLC are subject to sales tax in select states in accordance with the applicable laws of that state. If your order contains one or more items from a seller other than SUCK.com LLC , it may be subject to state and local sales tax, depending upon the seller's business policies and the location of their operations. Learn more about tax and seller information.

Items in this order may be subject to California's Electronic Waste Recycling Act. If any items in this order are subject to that Act, the seller of that item has elected to pay any fees due on your behalf.

This email was sent from a notification-only address that cannot accept incoming email. Please do not reply to this message.

227 | 228 | -------------------------------------------------------------------------------- /client/a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/a.png -------------------------------------------------------------------------------- /client/cc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/cc.png -------------------------------------------------------------------------------- /client/emails.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/emails.txt -------------------------------------------------------------------------------- /client/image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/image.jpg -------------------------------------------------------------------------------- /client/left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/left.png -------------------------------------------------------------------------------- /client/order_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/order_details.png -------------------------------------------------------------------------------- /client/readme.txt: -------------------------------------------------------------------------------- 1 | This is an example spearphishing template for educational purposes. I take no responsibility in how you use this code. -------------------------------------------------------------------------------- /client/right.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cheetz/spearphishing/77b9fc50b2d40a1cf2969c4374d9a728bb411d75/client/right.jpg -------------------------------------------------------------------------------- /client/spear.py: -------------------------------------------------------------------------------- 1 | import smtplib 2 | import time 3 | from email.mime.multipart import MIMEMultipart 4 | from email.mime.text import MIMEText 5 | from email.mime.image import MIMEImage 6 | import hashlib 7 | import base64 8 | 9 | ############Edit Configuration################ 10 | email = open('emails.txt','r') 11 | domain = "suck.yourdomainthatyouown.com" #The Domain That You Own 12 | company_name = "SUCK" #The Company Name 13 | me = "auto-confirm@" + domain #Email return address 14 | host = 'smtpout.secureserver.net' #Godaddy SMTP server 15 | login = '' #Godaddy Login 16 | password = '' #Godaddy password 17 | 18 | ############Edit Configuration################ 19 | 20 | for email_add in email: 21 | file_html = open('a.html','r') 22 | receiver = email_add.strip() 23 | print receiver + ":" + hashlib.md5(receiver.strip()).hexdigest() 24 | hash_email = hashlib.md5(receiver).hexdigest() 25 | base_email = base64.b64encode(receiver) 26 | 27 | # Create message container - the correct MIME type is multipart/alternative. 28 | msg = MIMEMultipart('alternative') 29 | msg['Subject'] = 'Your Suck.com order of "2" x Fire TV Stick.' 30 | msg['From'] = me 31 | msg['To'] = receiver 32 | msg.preamble = 'This is a multi-part message in MIME format.' 33 | 34 | 35 | # Create the body of the message (a plain-text and an HTML version). 36 | html = file_html.read() 37 | html = html.replace("hash_string", hash_email) 38 | html = html.replace("base_string", base_email) 39 | html = html.replace("suck.example.com", domain) 40 | html = html.replace("SUCK", company_name) 41 | file_html.close() 42 | 43 | # Record the MIME types of both parts - text/plain and text/html. 44 | 45 | part1 = MIMEText(html, 'html') 46 | 47 | # Attach parts into message container. 48 | msg.attach(part1) 49 | fp = open('order_details.png', 'rb') 50 | img = MIMEImage(fp.read()) 51 | fp.close() 52 | img.add_header('Content-ID', '') 53 | msg.attach(img) 54 | 55 | fp = open('cc.png', 'rb') 56 | img = MIMEImage(fp.read()) 57 | fp.close() 58 | img.add_header('Content-ID', '') 59 | msg.attach(img) 60 | 61 | fp = open('image.jpg', 'rb') 62 | img = MIMEImage(fp.read()) 63 | fp.close() 64 | img.add_header('Content-ID', '') 65 | msg.attach(img) 66 | 67 | fp = open('left.png', 'rb') 68 | img = MIMEImage(fp.read()) 69 | fp.close() 70 | img.add_header('Content-ID', '') 71 | msg.attach(img) 72 | 73 | fp = open('right.jpg', 'rb') 74 | img = MIMEImage(fp.read()) 75 | fp.close() 76 | img.add_header('Content-ID', '') 77 | msg.attach(img) 78 | 79 | fp = open('a.png', 'rb') 80 | img = MIMEImage(fp.read()) 81 | fp.close() 82 | img.add_header('Content-ID', '') 83 | msg.attach(img) 84 | 85 | 86 | # Send the message via local SMTP server. 87 | s = smtplib.SMTP_SSL(host,465) 88 | s.ehlo() 89 | s.login(login,password) 90 | s.sendmail(me, receiver, msg.as_string()) 91 | s.quit() 92 | time.sleep(5) 93 | 94 | -------------------------------------------------------------------------------- /server/comingsoon.txt: -------------------------------------------------------------------------------- 1 | 2 | --------------------------------------------------------------------------------