mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-24 21:43:04 +00:00
Merge pull request #909 from yesimxev/master
Recovered email templates with HTML support
This commit is contained in:
commit
02ed2e8f11
1 changed files with 160 additions and 84 deletions
|
@ -139,6 +139,166 @@ option1 = input(setprompt(["5"], ""))
|
|||
if option1 == 'exit':
|
||||
exit_set()
|
||||
|
||||
if option1 == '1' or option1 == '2':
|
||||
|
||||
print ("""
|
||||
Do you want to use a predefined template or craft
|
||||
a one time email template.
|
||||
|
||||
1. Pre-Defined Template
|
||||
2. One-Time Use Email Template
|
||||
""")
|
||||
template_choice = input(setprompt(["1"], ""))
|
||||
# if predefined template go here
|
||||
if template_choice == '1':
|
||||
# set path for
|
||||
path = 'src/templates/'
|
||||
filewrite = open(userconfigpath + "email.templates", "w")
|
||||
counter = 0
|
||||
# Pull all files in the templates directory
|
||||
for infile in glob.glob(os.path.join(path, '*.template')):
|
||||
infile = infile.split("/")
|
||||
# grab just the filename
|
||||
infile = infile[2]
|
||||
counter = counter + 1
|
||||
# put it in a format we can use later in a file
|
||||
filewrite.write(infile + " " + str(counter) + "\n")
|
||||
# close the file
|
||||
filewrite.close()
|
||||
# read in formatted filenames
|
||||
fileread = open(userconfigpath + "email.templates", "r").readlines()
|
||||
print_info("Available templates:")
|
||||
for line in fileread:
|
||||
line = line.rstrip()
|
||||
line = line.split(" ")
|
||||
filename = line[0]
|
||||
# read in file
|
||||
fileread2 = open("src/templates/%s" % (filename), "r").readlines()
|
||||
for line2 in fileread2:
|
||||
match = re.search("SUBJECT=", line2)
|
||||
if match:
|
||||
line2 = line2.rstrip()
|
||||
line2 = line2.split("=")
|
||||
line2 = line2[1]
|
||||
# strip double quotes
|
||||
line2 = line2.replace('"', "")
|
||||
# display results back
|
||||
print(line[1] + ": " + line2)
|
||||
# allow user to select template
|
||||
choice = input(setprompt(["1"], ""))
|
||||
for line in fileread:
|
||||
# split based off of space
|
||||
line = line.split(" ")
|
||||
# search for the choice
|
||||
match = re.search(str(choice), line[1])
|
||||
if match:
|
||||
# print line[0]
|
||||
extract = line[0]
|
||||
fileopen = open("src/templates/" +
|
||||
str(extract), "r").readlines()
|
||||
for line2 in fileopen:
|
||||
match2 = re.search("SUBJECT=", line2)
|
||||
if match2:
|
||||
subject = line2.replace('"', "")
|
||||
subject = subject.split("=")
|
||||
subject = subject[1]
|
||||
match3 = re.search("BODY=", line2)
|
||||
if match3:
|
||||
body = line2.replace('"', "")
|
||||
body = body.replace(r'\n', " \n ")
|
||||
body = body.split("=")
|
||||
body = body[1]
|
||||
match4 = re.search("HTML=", line2)
|
||||
if match4:
|
||||
message_flag = "html"
|
||||
body = "\n"
|
||||
for line3 in fileopen:
|
||||
if re.match("SUBJECT=", line3):
|
||||
match = False
|
||||
elif re.match('HTML="', line3):
|
||||
match = True
|
||||
elif re.match('END"', line3):
|
||||
match = False
|
||||
elif match:
|
||||
body = body + line3
|
||||
if template_choice == '2':
|
||||
subject = input(setprompt(["1"], "Subject of the email"))
|
||||
try:
|
||||
html_flag = input(
|
||||
setprompt(["1"], "Send the message as html or plain? 'h' or 'p' [p]"))
|
||||
if html_flag == "" or html_flag == "p":
|
||||
message_flag = "plain"
|
||||
if html_flag == "h":
|
||||
message_flag = "html"
|
||||
# Here we start to check if we want to track users when they click
|
||||
# essentially if this flag is turned on, a quick search and replace
|
||||
# occurs via base64 encoding on the user name. that is then added
|
||||
# during the def mail function call and the username is posted as
|
||||
# part of the URL. When we check the users, they can be coorelated
|
||||
# back to the individual user when they click the link.
|
||||
|
||||
# track email is pulled dynamically from the config as
|
||||
# TRACK_EMAIL_ADDRESSES
|
||||
if track_email.lower() == "on":
|
||||
print(
|
||||
"You have specified to track user email accounts when they are sent. In")
|
||||
print(
|
||||
"order for this to work, you will need to specify the URL within the body")
|
||||
print(
|
||||
"of the email and where you would like to inject the base64 encoded name.")
|
||||
print(
|
||||
"\nWhen a user clicks on the link, the URL Will post back to SET and track")
|
||||
print(
|
||||
"each of the users clicks and who the user was. As an example, say my SET")
|
||||
print(
|
||||
"website is hosted at http://www.trustedsec.com/index.php and I want to track users.")
|
||||
print("I would type below " + bcolors.BOLD +
|
||||
"http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in")
|
||||
print(
|
||||
"order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the")
|
||||
print(
|
||||
"keyword that SET uses in order to replace the base name with the URL.")
|
||||
print("\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC +
|
||||
"on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!")
|
||||
print(
|
||||
"\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work.")
|
||||
print_warning(
|
||||
"IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
|
||||
body = input(setprompt(
|
||||
["1"], "Enter the body of the message, type END (capitals) when finished"))
|
||||
# loop through until they are finished with the body of the subject
|
||||
# line
|
||||
while body != 'exit':
|
||||
try:
|
||||
|
||||
body += ("\n")
|
||||
body_1 = input("Next line of the body: ")
|
||||
if body_1 == "END":
|
||||
break
|
||||
else:
|
||||
body = body + body_1
|
||||
|
||||
# except KeyboardInterrupts (control-c) and pass through.
|
||||
except KeyboardInterrupt:
|
||||
break
|
||||
|
||||
# if we are tracking emails, this is some cleanup and detection to see
|
||||
# if they entered .html instead or didn't specify insertuserhere
|
||||
if track_email.lower() == "on":
|
||||
# here we replace url with .php if they made a mistake
|
||||
body = body.replace(".html", ".php")
|
||||
if not "?INSERTUSERHERE" in body:
|
||||
print_error(
|
||||
"You have track email to on however did not specify ?INSERTUSERHERE.")
|
||||
print_error(
|
||||
"Tracking of users will not work and is disabled. Please re-read the instructions.")
|
||||
pause = input(
|
||||
"Press {" + bcolors.BOLD + "return" + bcolors.ENDC + "} to continue.")
|
||||
|
||||
# except KeyboardInterrupts (control-c) and pass through.
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
|
||||
# single email
|
||||
if option1 == '1':
|
||||
to = input(setprompt(["1"], "Send email to"))
|
||||
|
@ -240,90 +400,6 @@ if option1 != "99":
|
|||
else:
|
||||
break
|
||||
|
||||
subject = input(setprompt(["1"], "Email subject"))
|
||||
try:
|
||||
html_flag = input(
|
||||
setprompt(["1"], "Send the message as html or plain? 'h' or 'p' [p]"))
|
||||
|
||||
# if we are specifying plain or defaulting to plain
|
||||
if html_flag == "" or html_flag == "p":
|
||||
message_flag = "plain"
|
||||
# if we are specifying html
|
||||
if html_flag == "h":
|
||||
message_flag = "html"
|
||||
# start the body off blank
|
||||
body = ""
|
||||
# Here we start to check if we want to track users when they click
|
||||
# essentially if this flag is turned on, a quick search and replace
|
||||
# occurs via base64 encoding on the user name. that is then added
|
||||
# during the def mail function call and the username is posted as
|
||||
# part of the URL. When we check the users, they can be coorelated
|
||||
# back to the individual user when they click the link.
|
||||
|
||||
# track email is pulled dynamically from the config as
|
||||
# TRACK_EMAIL_ADDRESSES
|
||||
if track_email.lower() == "on":
|
||||
print(
|
||||
"You have specified to track user email accounts when they are sent. In")
|
||||
print(
|
||||
"order for this to work, you will need to specify the URL within the body")
|
||||
print(
|
||||
"of the email and where you would like to inject the base64 encoded name.")
|
||||
print(
|
||||
"\nWhen a user clicks on the link, the URL Will post back to SET and track")
|
||||
print(
|
||||
"each of the users clicks and who the user was. As an example, say my SET")
|
||||
print(
|
||||
"website is hosted at http://www.trustedsec.com/index.php and I want to track users.")
|
||||
print("I would type below " + bcolors.BOLD +
|
||||
"http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in")
|
||||
print(
|
||||
"order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the")
|
||||
print(
|
||||
"keyword that SET uses in order to replace the base name with the URL.")
|
||||
print("\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC +
|
||||
"on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!")
|
||||
print(
|
||||
"\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work.")
|
||||
print_warning(
|
||||
"IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
|
||||
body = input(setprompt(
|
||||
["1"], "Enter the body of the message, type END (capitals) when finished"))
|
||||
|
||||
# loop through until they are finished with the body of the subject
|
||||
# line
|
||||
while body != 'exit':
|
||||
try:
|
||||
|
||||
body += ("\n")
|
||||
body_1 = input("Next line of the body: ")
|
||||
if body_1 == "END":
|
||||
break
|
||||
else:
|
||||
body = body + body_1
|
||||
|
||||
# except KeyboardInterrupts (control-c) and pass through.
|
||||
except KeyboardInterrupt:
|
||||
break
|
||||
|
||||
# if we are tracking emails, this is some cleanup and detection to see
|
||||
# if they entered .html instead or didn't specify insertuserhere
|
||||
if track_email.lower() == "on":
|
||||
# here we replace url with .php if they made a mistake
|
||||
body = body.replace(".html", ".php")
|
||||
if not "?INSERTUSERHERE" in body:
|
||||
print_error(
|
||||
"You have track email to on however did not specify ?INSERTUSERHERE.")
|
||||
print_error(
|
||||
"Tracking of users will not work and is disabled. Please re-read the instructions.")
|
||||
pause = input(
|
||||
"Press {" + bcolors.BOLD + "return" + bcolors.ENDC + "} to continue.")
|
||||
|
||||
# except KeyboardInterrupts (control-c) and pass through.
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
|
||||
|
||||
def mail(to, subject, prioflag1, prioflag2, text):
|
||||
|
||||
msg = MIMEMultipart()
|
||||
|
|
Loading…
Reference in a new issue