Skip to content

A tool designed to hunt for Phishing Kit source code

Notifications You must be signed in to change notification settings

cybercdh/kitphishr

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

kitphishr

Hunts for Phishing Kit source code by traversing URL folders and searching in open directories for zip files.

The code handles large lists of URLs which may be hosting malicious content. You can supply your own list of URLs or alternatively the code will parse the latest list from PhishTank, PhishStats, OpenPhish and Phishing.Database so you can easily go hunting for badness.

Phishing kit source code is particularly valuable to blue-teamers as often it's easy to find the identity of the bad-guy in addition to log file locations where victim data is stored on the server.

Recommended Usage

$ cat urls | kitphishr -c 250 -v -d -o output

or

$ kitphishr -c 250 -v -d -o output

or simply

$ kitphishr

Demo

Options

-c int
    set the concurrency level (default 50)

-d  option to download suspected phishing kits

-o string
    directory to save output files (default "kits")

-t int
    set the connection timeout in seconds (useful to ensure the download of large files)

-v  get more info on URL attempts

Install

You need to have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):

go get -u github.com/cybercdh/kitphishr

or

go install github.com/cybercdh/kitphishr@latest

Configuration

Kitphishr will work just fine right out of the box, but if you're going to be running this tool a lot and you have access to a Phishtank account, then I suggest getting a free API key from Phishtank (registration is currently disabled, so an existing account is required).

Then, you can save this as an environment variable which Kitphishr will find and use:

$ export PT_API_KEY=<your_key>

or, to make this persist, add the following to your ~/.bashrc file:

export PT_API_KEY=<your_key>

Thanks

A lot of Go concepts were taken from @tomnomnom's excellent repos, particularly meg

Additionally, I took inspiration from ffuf

Finally, the initial idea for writing this tool came from great research from Duo Labs

Thanks to each of these developers for their awesome open-source tools.

About

A tool designed to hunt for Phishing Kit source code

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages