Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


THIS PROJECT IS TO BE USED FOR EDUCATIONAL PURPOSES ONLY. Obtain explicit consent from users before using this tool. A project that demonstrates the capability for posting phishing posts to social network users.


Many toolkits (e.g. SET) provide for automatically generating phishing payloads, but nothing currently exists to automatically generate front-end content to entice users to click on links. Furthermore, social media is an interesting attack surface: users provide a wealth of information which networks readily provide through REST APIs, and due to character limitations, links are generally shortened and grammar tends to be colloquial.

This project demonstrates the capability for automatically generating spear-phishing posts on social media. It uses two methods for generating text for the post: Markov models trained on the target's recent timeline statuses, and an LSTM Neural Network trained on a more general corpus. It also shortens the given url using and appends that to the post, prepends the post with their username, and triages users to those with high engagement or value.


  • Python 2.7
  • Active Twitter developer API credentials, a Twitter account username and password, and a API key (all to be placed in the corresponding variables in
  • word-rnn, downloaded and installed from

To Run:

  1. Clone this repository.
  2. In the root of the repository, create and fill in with your obtained credentials from the various services.
  3. Download tweets_model.t7 and move into word-rnn/cv/
  4. Obtain a list of users and a URL that you want them to click on.
  5. Run pip install -r requirements.txt inside a virtual environment.
  6. Run python The various options and parameters are available if you run python -h.


A machine learning based social media pen-testing tool




No releases published


No packages published