Search Results for "phishing tool"

dnstwist is an open source cybersecurity tool designed to identify malicious or suspicious domain names that imitate legitimate websites. It works by generating a large set of domain name permutations based on a target domain and analyzing whether any of those variants are actively registered or used. These permutations simulate common techniques used in phishing attacks, typosquatting, and brand impersonation campaigns.

Seeker is an open source project that demonstrates how to obtain precise location information from devices using social engineering and web-based techniques. The tool sets up a phishing page that asks for location permissions, allowing GPS and other device data to be shared if the user consents. It can capture latitude, longitude, accuracy, altitude, direction, and even speed, with results displayed in a terminal. The project supports both manual deployment and tunneling services like Ngrok for external access. ...

MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling systems. ...

phishing_catcher is a security monitoring tool designed to detect potential phishing domains in near real time by analyzing TLS certificate issuance events. It listens to Certificate Transparency (CT) logs through the CertStream API and evaluates newly issued certificates as they appear. Each certificate often contains one or more domain names, which the tool analyzes to determine whether they resemble suspicious or phishing-related domains. phishing_catcher applies a configurable scoring mechanism that assigns numeric values to certain keywords, patterns, or top-level domains found within certificate domain names. ...

...Users can pick which tool to run. It is intended more for “ethical / lab / educational” hacking contexts rather than production or stealth scenarios. It depends a lot on external tools, grants, and root privileges in many cases.

King Phisher is an open source tool that can simulate real world phishing attacks. It has an easy-to-use, flexible architecture that allows for full control over both emails and server content. It is useful for running awareness campaigns and training, and can only be used for legal applications when the explicit permission of the targeted organization has been obtained.