├── Images
    └── spoof.jpg
├── README.md
├── dial_numbers.txt
└── spoofMe.py


/Images/spoof.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/s4vitar/spoofMe/HEAD/Images/spoof.jpg


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # spoofMe
 2 | 
 3 | ![Spoof Image](Images/spoof.jpg)
 4 | 
 5 | **spoofMe** se trata de un programa construido en el lenguaje de programación _Python_, ideal para el Spoofing de llamadas y de mensajería instantánea (SMS).
 6 | 
 7 | Para el correcto funcionamiento del programa, es necesario contar con una cuenta del servicio https://www.spoofcard.com/, así como tener créditos registrados, pues en caso contrario el procedimiento no se efectuará correctamente.
 8 | 
 9 | Actualmente, la herramienta cuenta con las siguientes utilidades:
10 | 
11 | * Spoofing de Mensajería Instantánea (SMS)
12 | * Spoofing de Llamadas Telefónicas
13 | 
14 | Mejoras a incorporar:
15 | 
16 | * Gestión de llamadas telefónicas desde terminal.
17 | 


--------------------------------------------------------------------------------
/dial_numbers.txt:
--------------------------------------------------------------------------------
 1 | +1 6476953130 Toronto, Canada, CA
 2 | +1 6808881125 New York, New York, US
 3 | +1 9892560246 Saginaw, Michigan, US
 4 | +39 0356306566 Roma, Italy, IT
 5 | +1 3105106973 Avalon, CA, US
 6 | +41 435088716 Zurich, Switzerland, CH
 7 | +52 5541698059 Mexico City, Mexico, MX
 8 | +1 6479459613 Toronto, ON, CA
 9 | +1 4849714939 Bethlehem, PA, US
10 | +61 284172965 Sydney, Australia, AU
11 | +61 284172460 Sydney, Australia, AU
12 | +1 8299479633 Santiago, DR, DO
13 | +44 2036084705 London, UK, GB
14 | +972 39786563 Tel Aviv, Israel, IL
15 | +55 1139587496 Sao Paulo, Brazil, BR
16 | +1 9027010192 Nova Scotia, Canada, CA
17 | +1 6479300282 Toronto, ON, CA
18 | +1 6042292710 Vancouver, Canada, CA
19 | +1 5874004196 Alberta, Canada, CA
20 | +1 5146130810 Montreal, Canada, CA
21 | +1 3069921020 Saskatoon, Canada, CA
22 | +35 3766060769 Dublin, Ireland, IE
23 | +55 2139580666 Rio De Janeiro, Brazil, BR
24 | 


--------------------------------------------------------------------------------
/spoofMe.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python
  2 | # coding: utf-8
  3 | 
  4 | # Autor: Marcelo Vázquez (aka s4vitar)
  5 | 
  6 | import re, shutil, tempfile, signal
  7 | import requests
  8 | import sys
  9 | import ssl
 10 | import os
 11 | 
 12 | from time import sleep
 13 | 
 14 | class bcolors:
 15 |     HEADER = '\033[95m'
 16 |     OKBLUE = '\033[94m'
 17 |     OKGREEN = '\033[92m'
 18 |     WARNING = '\033[93m'
 19 |     FAIL = '\033[91m'
 20 |     ENDC = '\033[0m'
 21 |     BOLD = '\033[1m'
 22 |     UNDERLINE = '\033[4m'
 23 | 
 24 | if len(sys.argv) != 4:
 25 | 	print "\n" + bcolors.OKGREEN + "[" + bcolors.ENDC + bcolors.OKBLUE + "*" + bcolors.OKGREEN + "] Usage: python " + sys.argv[0] + " <area-code> <phone-number> <login-pin>\n" + bcolors.ENDC
 26 | 	print bcolors.BOLD + "Example: python " + sys.argv[0] + " 34 XXXXXXXXX 1234\n" + bcolors.ENDC
 27 | 	sys.exit(0)
 28 | 
 29 | def signal_handler(key, frame):
 30 | 	print "\n\n[*] Exiting...\n"
 31 | 	sys.exit(1)
 32 | 
 33 | signal = signal.signal(signal.SIGINT, signal_handler)
 34 | 
 35 | area_code = sys.argv[1]
 36 | phone_number = "+" + area_code + sys.argv[2]
 37 | login_pin = sys.argv[3]
 38 | 
 39 | url = 'https://www.spoofcard.com/login'
 40 | url_account = 'https://www.spoofcard.com/account'
 41 | url_settings = 'https://www.spoofcard.com/account/settings'
 42 | url_call_spoof = 'https://www.spoofcard.com/account/calls/create'
 43 | url_sms_spoof = 'https://www.spoofcard.com/account/two-way-sms/create'
 44 | 
 45 | def sed_inplace(filename, pattern, repl):
 46 | 
 47 |     pattern_compiled = re.compile(pattern)
 48 | 
 49 |     with tempfile.NamedTemporaryFile(mode='w', delete=False) as tmp_file:
 50 |         with open(filename) as src_file:
 51 |             for line in src_file:
 52 |                 tmp_file.write(pattern_compiled.sub(repl, line))
 53 | 
 54 |     shutil.copystat(filename, tmp_file.name)
 55 |     shutil.move(tmp_file.name, filename)
 56 | 
 57 | def sms_spoofing():
 58 | 	destination_number = raw_input('\nDestination Number [+34XXXXXXXXX]: ')
 59 | 	display_number = raw_input('\nDisplay Number [+34XXXXXXXXX]: ')
 60 | 	message = raw_input('\nEnter message to display: ')
 61 | 
 62 | 	sms_spoofing_data = {'body': message, 'destination_address': destination_number, 'source_address': display_number, 'tos_accepted': 'true', 'oneWay': 'true'}
 63 | 	sms_spoofing_headers = {'accept-encoding': 'gzip, deflate, br', 'accept-language': 'es-ES,es;q=0.9,en;q=0.8', 'content-type': 'application/x-www-form-urlencoded', 'accept': 'application/json, text/plain, */*', 'x-requested-with': 'XMLHttpRequest'}
 64 | 
 65 | 	r = session.post(url_sms_spoof, data=sms_spoofing_data, headers=sms_spoofing_headers, verify=False)
 66 | 
 67 | 	print "\n[*] Message has been sent\n"
 68 | 
 69 | def call_spoofing():
 70 | 	destination_number = raw_input('\nDestination Number [+34XXXXXXXXX]: ')
 71 | 	display_number = raw_input('\nDisplay Number [+34XXXXXXXXX]: ')
 72 | 
 73 | 	call_spoofing_data = {'destination_address': destination_number, 'display_address': display_number, 'event_type': 'outbound-call', 'plugins[background_noise][choice_index]': '9'}
 74 | 	call_spoofing_headers = {'content-type': 'application/x-www-form-urlencoded; charset=UTF-8', 'accept': 'application/json, text/javascript, */*; q=0.01', 'x-requested-with': 'XMLHttpRequest'}
 75 | 
 76 | 	r = session.post(url_call_spoof, data=call_spoofing_data, headers=call_spoofing_headers, verify=False)
 77 | 
 78 | 	content_file = open("dial_response.txt", "w")
 79 | 	content_file.write(r.content)
 80 | 	content_file.close()
 81 | 
 82 | 	sed_inplace('dial_response.txt', r'\,', '\n')
 83 | 
 84 | 	dial_access_code = []
 85 | 
 86 | 	with open('dial_response.txt') as f:
 87 | 	        for lines in f:
 88 | 				if re.search("access_code", lines):
 89 | 					dial_access_code.append(lines.split(':')[1].split('"')[1])
 90 | 
 91 | 	with open('dial_numbers.txt') as f:
 92 | 		dial_numbers = [lines.rstrip('\n') for lines in f.readlines()]
 93 | 
 94 | 	print '\n--------------------------------------------'
 95 | 
 96 | 	for numbers in dial_numbers:
 97 | 		print numbers
 98 | 
 99 | 	print "\n------------------"
100 | 	print "Access-Code: %s |" % dial_access_code[0]
101 | 	print '--------------------------------------------\n'
102 | 
103 | 	print "[*] Now call any of the numbers listed above [It is recommended to call the number +39 0356306566]"
104 | 	print "[*] Once done, you will need to enter the Access-Code provided above"
105 | 	print "[*] When finished, press <Enter> key to finish the program\n"
106 | 
107 | 	raw_input("Press <Enter> to continue...")
108 | 
109 | 	os.remove("dial_response.txt")
110 | 	session.close()
111 | 
112 | banner = "\n╱╱╱╱╱╱╱╱╱╱╱╱╱╭━┳━╮╭━╮\n"
113 | banner += "╱╱╱╱╱╱╱╱╱╱╱╱╱┃╭┫┃╰╯┃┃\n"
114 | banner += "╭━━┳━━┳━━┳━━┳╯╰┫╭╮╭╮┣━━╮\n"
115 | banner += "┃━━┫╭╮┃╭╮┃╭╮┣╮╭┫┃┃┃┃┃┃━┫" + bcolors.WARNING + " (Owner Marcelo Vázquez - aka " + bcolors.ENDC + bcolors.OKBLUE + "s4vitar" + bcolors.ENDC + bcolors.WARNING + ")\n" + bcolors.ENDC
116 | banner += "┣━━┃╰╯┃╰╯┃╰╯┃┃┃┃┃┃┃┃┃┃━┫\n"
117 | banner += "╰━━┫╭━┻━━┻━━╯╰╯╰╯╰╯╰┻━━╯\n"
118 | banner += "╱╱╱┃┃\n"
119 | banner += "╱╱╱╰╯\n"
120 | 
121 | print banner
122 | 
123 | login = {'provider_type': 'phone', 'access_token': '', 'redirect_url': '', 'countrycode': area_code, 'phone_number': phone_number, 'login-pin': login_pin}
124 | 
125 | requests.packages.urllib3.disable_warnings()
126 | 
127 | print "\n" + bcolors.OKGREEN + "[" + bcolors.ENDC + bcolors.OKBLUE + "*" + bcolors.ENDC + bcolors.OKGREEN + "] Collecting data...\n" + bcolors.ENDC
128 | 
129 | session = requests.Session()
130 | r = session.post(url, data=login, verify=False)
131 | 
132 | content_file = open("content_response.txt", "w")
133 | content_file.write(r.content)
134 | content_file.close()
135 | 
136 | with open('content_response.txt') as f:
137 | 	for lines in f:
138 | 		if re.search("incorrect", lines):
139 | 			print bcolors.OKGREEN + "[" + bcolors.ENDC + bcolors.OKBLUE + "*" + bcolors.ENDC + bcolors.OKGREEN + "] The data entered does not correspond to any account\n" + bcolors.ENDC
140 | 			print bcolors.OKGREEN + "[" + bcolors.ENDC + bcolors.OKBLUE + "*" + bcolors.ENDC + bcolors.OKGREEN + "] Please, create an account first at https://www.spoofcard.com\n" + bcolors.ENDC
141 | 			os.remove("content_response.txt")
142 | 			sys.exit(0)
143 | 
144 | os.remove("content_response.txt")
145 | 
146 | r = session.post(url_account, data=login, verify=False)
147 | 
148 | content_file = open("content_response.txt", "w")
149 | content_file.write(r.content)
150 | content_file.close()
151 | 
152 | with open('content_response.txt') as f:
153 |         for lines in f:
154 |                 if re.search("credits_remaining", lines):
155 | 			total_credits = lines.split('>')[2].split('<')[0]
156 | 
157 | 
158 | os.remove("content_response.txt")
159 | 
160 | r = session.post(url_settings, verify=False)
161 | 
162 | content_file = open("settings_response.txt", "w")
163 | content_file.write(r.content)
164 | content_file.close()
165 | 
166 | with open('settings_response.txt') as f:
167 |         for lines in f:
168 |                 if re.search("first_name:", lines):
169 |                         first_name = lines.split(':')[1].split('\'')[1]
170 | 		if re.search("last_name:", lines):
171 | 			last_name = lines.split(':')[1].split('\'')[1]
172 | 		if re.search("email:", lines):
173 | 			email = lines.split(':')[1].split('\'')[1]
174 | 
175 | os.remove("settings_response.txt")
176 | 
177 | print "*****************************"
178 | print "Credits on Account: %s " % total_credits + '\n'
179 | print "First name: %s" % first_name
180 | print "Second name: %s" % last_name
181 | print "Email: %s" % email
182 | print "*****************************"
183 | 
184 | if total_credits == "0":
185 | 	print '\n' + bcolors.FAIL + "You have no credits available" + bcolors.ENDC + '\n'
186 | 	sys.exit(0)
187 | 
188 | print "\n     " + bcolors.WARNING + "[" + bcolors.ENDC + bcolors.HEADER + "MENU" + bcolors.ENDC + bcolors.WARNING + "]" + bcolors.ENDC
189 | print "-----------------"
190 | print "1. Call Spoofing"
191 | print "2. SMS Spoofing"
192 | print "0. Exit"
193 | print "-----------------"
194 | 
195 | menu_option = raw_input("Choose option: ")
196 | 
197 | if menu_option == "1":
198 | 	call_spoofing()
199 | elif menu_option == "2":
200 | 	sms_spoofing()
201 | elif menu_option == "0":
202 | 	sys.exit(0)
203 | else:
204 | 	print "\nInvalid Option\n"
205 | 


--------------------------------------------------------------------------------