├── LICENSE ├── phish_spammer_v3.sh ├── README.md └── phish_hunter.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 ekomsSavior 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /phish_spammer_v3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # === PHISH SPAMMER V3 by ek0ms savi0r === 4 | 5 | if [ -z "$1" ]; then 6 | echo "Usage: $0 (e.g. https://phishingsite.com)" 7 | exit 1 8 | fi 9 | 10 | BASE_URL="$1" 11 | INTERVAL_MINUTES=3 # Rotate Tor circuit every X minutes 12 | LAST_ROTATE=$(date +%s) 13 | 14 | # User agents to rotate through 15 | USER_AGENTS=( 16 | "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" 17 | "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)" 18 | "Mozilla/5.0 (X11; Linux x86_64)" 19 | "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X)" 20 | "Mozilla/5.0 (iPad; CPU OS 15_2 like Mac OS X)" 21 | ) 22 | 23 | # Common phishing login paths 24 | TARGET_PATHS=("/verify" "/login.php" "/signin" "/login" "/auth") 25 | 26 | # Function to simulate fake logins 27 | send_fake_login() { 28 | local url="$1" 29 | local email="j$(openssl rand -hex 3)smith$(shuf -i 1975-2002 -n1)@gmail.com" 30 | local pass="pass$(openssl rand -hex 3)" 31 | local ua="${USER_AGENTS[$RANDOM % ${#USER_AGENTS[@]}]}" 32 | 33 | local response=$(curl -sL \ 34 | --socks5 127.0.0.1:9050 \ 35 | -o /dev/null \ 36 | -w "%{http_code}" \ 37 | -A "$ua" \ 38 | -d "username=$email&password=$pass" \ 39 | "$url") 40 | 41 | echo "[+] Sent fake login -> $email : $pass | HTTP $response" 42 | } 43 | 44 | # Function to refresh Tor circuit 45 | refresh_tor() { 46 | echo "[*] Refreshing Tor identity 🌐" 47 | pkill -HUP tor 2>/dev/null 48 | } 49 | 50 | echo -e "🌸 Starting Phish Spammer v3" 51 | echo "🌐 Base URL: $BASE_URL" 52 | echo "🔁 Targeting: ${TARGET_PATHS[*]}" 53 | echo "🧅 Routing through Tor SOCKS5 proxy" 54 | echo "⏰ Refreshing Tor circuit every $INTERVAL_MINUTES minutes" 55 | echo 56 | 57 | # Infinite loop until interrupted 58 | while true; do 59 | for path in "${TARGET_PATHS[@]}"; do 60 | full_url="${BASE_URL}${path}" 61 | 62 | # Send fake login 63 | send_fake_login "$full_url" 64 | 65 | # Random sleep to simulate human typing 66 | sleep $((RANDOM % 3 + 1)).$((RANDOM % 10)) 67 | 68 | # Check if it's time to refresh Tor 69 | now=$(date +%s) 70 | elapsed=$(( (now - LAST_ROTATE) / 60 )) 71 | if [ "$elapsed" -ge "$INTERVAL_MINUTES" ]; then 72 | refresh_tor 73 | LAST_ROTATE=$now 74 | fi 75 | done 76 | done 77 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PHISH HUNTER 2 | _by ek0ms savi0r_ 3 | 4 | Phish Hunter is a two-part toolkit for ethical hackers and defenders. 5 | One script investigates phishing sites. The other spams fake logins to waste attacker time. 6 | 7 | --- 8 | 9 | ## INSTALLATION 10 | 11 | Clone the repository from GitHub: 12 | ```bash 13 | git clone https://github.com/ekomsSavior/PHISH_HUNTER 14 | cd PHISH_HUNTER 15 | ``` 16 | 17 | Install required tools 18 | 19 | ```bash 20 | sudo apt update 21 | sudo apt install whois whatweb curl tor -y 22 | ``` 23 | 24 | Start and enable Tor 25 | 26 | ```bash 27 | sudo systemctl enable tor 28 | sudo systemctl start tor 29 | ``` 30 | 31 | --- 32 | 33 | ## 1. DOMAIN RECON (`phish_hunter.sh`) 34 | 35 | This script investigates a phishing domain by: 36 | - Resolving the IP address 37 | - Performing a WHOIS lookup 38 | - Fetching HTTP headers 39 | - Fingerprinting the server with WhatWeb 40 | - Identifying IP ownership 41 | - Locating abuse contact info 42 | 43 | **Usage:** 44 | 45 | ```bash 46 | chmod +x phish_hunter.sh 47 | ./phish_hunter.sh 48 | ``` 49 | 50 | You will be prompted to enter a domain like 51 | ``` 52 | tracker2051.com 53 | ``` 54 | 55 | The tool will create a report 56 | ``` 57 | phish_report_tracker2051.com.txt 58 | ``` 59 | 60 | --- 61 | 62 | ## 2. SPAMMER (`phish_spammer_v3.sh`) 63 | 64 | This script sends fake login attempts to phishing pages. It 65 | 66 | - Targets common phishing paths such as `/login`, `/verify`, etc. 67 | - Routes traffic through Tor 68 | - Randomizes delays to simulate human typing 69 | - Rotates Tor circuits every few minutes 70 | 71 | **Usage:** 72 | 73 | ```bash 74 | chmod +x phish_spammer_v3.sh 75 | ./phish_spammer_v3.sh "https://examplephish.site" 76 | ``` 77 | 78 | Press CTRL+C to stop at any time. 79 | 80 | --- 81 | 82 | ## OPTIONAL: Proxy List Support 83 | 84 | You can use a custom list of SOCKS5 proxies for extra anonymity. 85 | 86 | 1. Create a file named `proxy_list.txt` in the same directory 87 | 2. Add one proxy per line, for example: 88 | ``` 89 | socks5://127.0.0.1:9050 90 | socks5://proxy1.example.net:1080 91 | socks5://192.168.1.100:1080 92 | ``` 93 | 3. Run the spammer with the proxy list: 94 | ```bash 95 | ./phish_spammer_v3.sh https://examplephish.site proxy_list.txt 96 | ``` 97 | 98 | If no proxy list is provided, the tool defaults to Tor via `127.0.0.1:9050`. 99 | 100 | --- 101 | 102 | ## WHAT TO DO IF THE SITE REDIRECTS 103 | 104 | Phishing pages often redirect to a secondary domain. 105 | 106 | Run 107 | 108 | ```bash 109 | curl -L -I http://originalsite.com 110 | ``` 111 | 112 | Look for a `Location:` header — that is your real target. 113 | 114 | Use that final URL when running the spammer. 115 | 116 | --- 117 | 118 | ## DISCLAIMER 119 | 120 | Use Phish Hunter only for 121 | 122 | - Ethical hacking with permission 123 | - Educational purposes 124 | - Systems and networks you own or are authorized to test 125 | 126 | Unauthorized use of these tools may violate the law. Be responsible and ethical. 127 | 128 | 129 | -------------------------------------------------------------------------------- /phish_hunter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # === Phish Hunter ULTRA MERGED — FINAL FORM === 4 | # by ek0ms savi0r 🫂 5 | # One beautiful .txt report, live screen updates, full control 6 | 7 | GREEN='\033[1;92m' 8 | RED='\033[1;91m' 9 | CYAN='\033[1;96m' 10 | NC='\033[0m' 11 | 12 | echo -e "${CYAN}🌸 Welcome to Phish Hunter 🌸 Let's stop the scammers!${NC}" 13 | read -p "Enter the phishing domain (e.g. fakeweb.com or www.helloworld.com): " INPUT_DOMAIN 14 | 15 | # Normalize domain 16 | STRIPPED_DOMAIN=$(echo "$INPUT_DOMAIN" | sed 's/^www\.//') 17 | DOMAIN="$STRIPPED_DOMAIN" 18 | CLEAN_DOMAIN=$(echo "$DOMAIN" | tr '.' '_') 19 | REPORT_FILE="phish_report_$CLEAN_DOMAIN.txt" 20 | 21 | echo -e "\n${CYAN}✨ Checking DNS resolution for $DOMAIN...${NC}" 22 | RESOLVED_IP=$(dig +short "$DOMAIN" | head -n1) 23 | 24 | if [ -z "$RESOLVED_IP" ]; then 25 | echo -e "${RED}❌ No IP found for $DOMAIN. Trying www.$STRIPPED_DOMAIN...${NC}" 26 | DOMAIN="www.$STRIPPED_DOMAIN" 27 | RESOLVED_IP=$(dig +short "$DOMAIN" | head -n1) 28 | fi 29 | 30 | if [ -z "$RESOLVED_IP" ]; then 31 | echo -e "${GREEN}🌈 Domain appears to be offline or unregistered. MISSION ACCOMPLISHED 💅${NC}" 32 | echo -e "${CYAN}✅ You can still report it to takedown services below.${NC}" 33 | echo -e "\n${CYAN}🔗 Report here:${NC}" 34 | echo "• Google: https://safebrowsing.google.com/safebrowsing/report_phish/" 35 | echo "• ICANN: https://www.icann.org/compliance/complaint" 36 | exit 0 37 | fi 38 | 39 | echo -e "${GREEN}✅ Domain resolves to: $RESOLVED_IP${NC}" 40 | 41 | # Start unified report file 42 | echo "🌸 PHISH HUNTER REPORT — $DOMAIN 🌸" > "$REPORT_FILE" 43 | echo "Generated on $(date)" >> "$REPORT_FILE" 44 | echo "Resolved IP: $RESOLVED_IP" >> "$REPORT_FILE" 45 | echo "----------------------------------------" >> "$REPORT_FILE" 46 | 47 | # WHOIS domain 48 | echo -e "\n${CYAN}🔍 WHOIS lookup for domain...${NC}" 49 | echo -e "\n🔍 WHOIS for $DOMAIN:\n" >> "$REPORT_FILE" 50 | whois "$DOMAIN" | tee -a "$REPORT_FILE" 51 | 52 | # HTTP headers 53 | echo -e "\n${CYAN}📡 Checking HTTP Headers...${NC}" 54 | echo -e "\n📡 HTTP Headers:\n" >> "$REPORT_FILE" 55 | curl -I "http://$DOMAIN" --max-time 5 | tee -a "$REPORT_FILE" 56 | 57 | # WhatWeb fingerprint 58 | echo -e "\n${CYAN}🕵️‍♀️ Fingerprinting site with WhatWeb...${NC}" 59 | echo -e "\n🕵️‍♀️ WhatWeb Fingerprinting:\n" >> "$REPORT_FILE" 60 | whatweb "http://$DOMAIN" | tee -a "$REPORT_FILE" 61 | 62 | # WHOIS for IP 63 | echo -e "\n${CYAN}🌍 WHOIS lookup for resolved IP...${NC}" 64 | echo -e "\n🌍 WHOIS for $RESOLVED_IP:\n" >> "$REPORT_FILE" 65 | whois "$RESOLVED_IP" | tee -a "$REPORT_FILE" 66 | 67 | # Recon links 68 | echo -e "\n${CYAN}🧪 Adding passive recon links...${NC}" 69 | echo -e "\n🧪 Passive Recon Links:" >> "$REPORT_FILE" 70 | echo "→ VirusTotal: https://www.virustotal.com/gui/domain/$DOMAIN" | tee -a "$REPORT_FILE" 71 | echo "→ URLScan: https://urlscan.io/domain/$DOMAIN" | tee -a "$REPORT_FILE" 72 | 73 | # Abuse contacts 74 | echo -e "\n${CYAN}📬 Searching WHOIS output for abuse contacts...${NC}" 75 | echo -e "\n📬 Abuse Emails from WHOIS:\n" >> "$REPORT_FILE" 76 | grep -Ei 'abuse|contact|email' "$REPORT_FILE" | sort -u | tee -a "$REPORT_FILE" 77 | 78 | # Final advice 79 | echo -e "\n${CYAN}🛡️ Recommended Next Steps:${NC}" 80 | echo -e "\n🛡️ Final Steps:\n" >> "$REPORT_FILE" 81 | echo "1. Report to Google Safe Browsing" | tee -a "$REPORT_FILE" 82 | echo "2. Email abuse contacts with this report attached" | tee -a "$REPORT_FILE" 83 | echo "3. File complaint via ICANN if needed" | tee -a "$REPORT_FILE" 84 | 85 | # Done! 86 | echo -e "\n${GREEN}🎉 Report saved as $REPORT_FILE — go off, defender supreme! 🛡️💖${NC}" 87 | --------------------------------------------------------------------------------