DeepSea Phishing Gear

DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on the inside of a perimeter.

Goals

• Operate with a minimal footprint deep inside enterprises (Internal phish delivery).
• Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-prem mail servers)
• Quickly re-target connectivity parameters.
• Flexibly add headers, targets, attachments
• Correctly format and inline email templates, images and multipart messages.
• Use content templates for personalization
• Account for various secure email communication parameters
• Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns.
• Help create content with minimal dependencies. Embedded tools to support Markdown->HTML->TXT workflow. |

45 config lines is all you need to consistently send a decent phish ...

---

Usage

Read more here

Build

cd ~/go/src/
export GOPATH=~/go

git clone  https://github.com/dsnezhkov/deepsea
cd deepsea

export GO111MODULE=on
go get
go build -o deepsea main.go

Operations

Setup campaigns workspace

mkdir -p campaigns/campaign1
cp conf/template.yaml campaigns/campaign1/campaign1.yaml
cd campaigns/campaign1

Set Workspace tasks

• edit campaign.yaml

See descriptions of directives in template

• edit marks.csv

ident,email,firstname,lastname
<dynamic>,user@gmail.com,,

Load Marks

Note: Manual step (TBD for resolution):

• Create DB file: touch campain.db

• load marks from CSV (command like params shown, but could also be defined in the yml)

../../deepsea  --config campaign1.yaml  storage -d ./campaign.db  load -s ./marks.csv

Alternatively, split db management tasks:

• create DB

../../deepsea  --config campaign1.yaml  storage  -d ./campaign.db manager  -T createtable
Using config file: ./campaign1.yaml
2019/11/18 13:16:16 Task: createtable
2019/11/18 13:16:16 Creating Marks table

• load marks from CSV

../../deepsea  --config campaign1.yaml  storage -d ./campaign.db  load -s ./marks.csv
Using config file: ./campaign.yaml
2019/11/18 13:21:11 Dropping table Mark if exists
2019/11/18 13:21:11 Creating Marks table
2019/11/18 13:21:11 Pointing to mark table
2019/11/18 13:21:11 Removing existing rows if any
2019/11/18 13:21:11 Inserting a row
2019/11/18 13:21:11 Querying for result : find()
2019/11/18 13:21:11 Getting all results
2019/11/18 13:21:11 Printing Marks

vobi97v7, user@gmail.com, , .

• you can verify the marks are loaded

../../deepsea  --config ./campaign.yaml  storage  -d ./campaign.db manager  -T showmarks
Using config file: ./campaign.yaml
2019/11/18 13:22:17 Task: showmarks
2019/11/18 13:22:17 Querying for result : find()

-= Table: Marks =-
vobi97v7, user@gmail.com, , .

Create Content

Tow methods: templated and hand-rolled

Templated

1. Get a decent HTML template Ex: wget https://raw.githubusercontent.com/leemunroe/responsive-html-email-template/master/email.html

2. write content introduce key/value pairs from yml's template-data/dictonary and interpolate in the template

3. Inline CSS (if needed) when done with the template (.htpl)

../../deepsea mailclient --config ./campaign.yaml  content inline

4. Create a TXT verson from the HTML version (.ttpl)

../../deepsea mailclient --config ./campaign.yaml  content multipart

Hand rolled. Tools

DeepSea provides tools to help roll yourt own html. Most likely you might want to:

• Cretate HTML snippets from Markdown for fast prototyping
• HTML to TEXT for seeing how HTML structure looks in terminal and multipart testing
• Inline CSS Styling for older clients
• Multipart messages

Example (MD2HTML):

../../deepsea mailclient --config ./campaign.yaml  content md2html  -M ./campaigns/campaign1.md -H ./campaigns/campaign1.html

#STDOUT
../../deepsea mailclient --config ./campaign.yaml  content md2html  -M ./campaigns/campaign1.md 

../../deepsea mailclient --config ./campaign.yaml  content html2text  -K ./campaigns/campaign1.html -L ./campaigns/campaign1.txt

Mail Campaign

../../deepsea mailclient --config ./campaign.yaml 

Using config file: ./campaign.yaml
SMTP Server : smtp.office365.com
SMTP Port   : 587
SMTP User : user@outlook.com
SMTP TLS : yes
From: user@outlook.com
To: campaign.db
Subject: Subject.
Text Template: message.ttpl
HTML Template: message.htpl

-= SMTP Authentication Credentials for smtp.office365.com =-
Enter Password: 

2019/11/18 18:14:18 Pointing to mark table
2019/11/18 18:14:18 Querying for result : find()
2019/11/18 18:14:18 Getting all results
2019/11/18 18:14:18 -= Marks =-
Emailing: user@gmail.com [id:vobi97v7] 

Note: We ask for password on the email provider account interactively for now.

Testing

If you need to run campaign to a test emails, you can reload test marks. For that, just recycle the data in the marks table like so:

../../deepsea  --config ./campaign.yaml storage manager -T recycletable
Using config file: ./campaign.yaml
2019/11/18 18:39:17 Task: recycletable
2019/11/18 18:39:17 Dropping table Mark if exists
2019/11/18 18:39:17 Creating Marks table

• edit marks.csv
• load test marks

../../deepsea  --config ./campaign.yaml storage load