Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2024-11-22 12:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Recovered email templates support

Browse source
This commit is contained in:
yesimxev 2021-11-18 02:10:59 +00:00
parent 80fe70d706
commit 50e34f4af4
1 changed files with 147 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

231
src/phishing/smtp/client/smtp_web.py
View file

@ -139,6 +139,153 @@ option1 = input(setprompt(["5"], ""))
if option1 == 'exit': if option1 == 'exit':
exit_set() exit_set()
if option1 == '1' or option1 == '2':
print ("""
Do you want to use a predefined template or craft
a one time email template.
1. Pre-Defined Template
2. One-Time Use Email Template
""")
template_choice = input(setprompt(["1"], ""))
# if predefined template go here
if template_choice == '1':
# set path for
path = 'src/templates/'
filewrite = open(userconfigpath + "email.templates", "w")
counter = 0
# Pull all files in the templates directory
for infile in glob.glob(os.path.join(path, '*.template')):
infile = infile.split("/")
# grab just the filename
infile = infile[2]
counter = counter + 1
# put it in a format we can use later in a file
filewrite.write(infile + " " + str(counter) + "\n")
# close the file
filewrite.close()
# read in formatted filenames
fileread = open(userconfigpath + "email.templates", "r").readlines()
print_info("Available templates:")
for line in fileread:
line = line.rstrip()
line = line.split(" ")
filename = line[0]
# read in file
fileread2 = open("src/templates/%s" % (filename), "r").readlines()
for line2 in fileread2:
match = re.search("SUBJECT=", line2)
if match:
line2 = line2.rstrip()
line2 = line2.split("=")
line2 = line2[1]
# strip double quotes
line2 = line2.replace('"', "")
# display results back
print(line[1] + ": " + line2)
# allow user to select template
choice = input(setprompt(["1"], ""))
for line in fileread:
# split based off of space
line = line.split(" ")
# search for the choice
match = re.search(str(choice), line[1])
if match:
# print line[0]
extract = line[0]
fileopen = open("src/templates/" +
str(extract), "r").readlines()
for line2 in fileopen:
match2 = re.search("SUBJECT=", line2)
if match2:
subject = line2.replace('"', "")
subject = subject.split("=")
subject = subject[1]
match3 = re.search("BODY=", line2)
if match3:
body = line2.replace('"', "")
body = body.replace(r'\n', " \n ")
body = body.split("=")
body = body[1]
if template_choice == '2':
subject = input(setprompt(["1"], "Subject of the email"))
try:
html_flag = input(
setprompt(["1"], "Send the message as html or plain? 'h' or 'p' [p]"))
if html_flag == "" or html_flag == "p":
message_flag = "plain"
if html_flag == "h":
message_flag = "html"
# Here we start to check if we want to track users when they click
# essentially if this flag is turned on, a quick search and replace
# occurs via base64 encoding on the user name. that is then added
# during the def mail function call and the username is posted as
# part of the URL. When we check the users, they can be coorelated
# back to the individual user when they click the link.
# track email is pulled dynamically from the config as
# TRACK_EMAIL_ADDRESSES
if track_email.lower() == "on":
print(
"You have specified to track user email accounts when they are sent. In")
print(
"order for this to work, you will need to specify the URL within the body")
print(
"of the email and where you would like to inject the base64 encoded name.")
print(
"\nWhen a user clicks on the link, the URL Will post back to SET and track")
print(
"each of the users clicks and who the user was. As an example, say my SET")
print(
"website is hosted at http://www.trustedsec.com/index.php and I want to track users.")
print("I would type below " + bcolors.BOLD +
"http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in")
print(
"order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the")
print(
"keyword that SET uses in order to replace the base name with the URL.")
print("\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC +
"on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!")
print(
"\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work.")
print_warning(
"IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
body = input(setprompt(
["1"], "Enter the body of the message, type END (capitals) when finished"))
# loop through until they are finished with the body of the subject
# line
while body != 'exit':
try:
body += ("\n")
body_1 = input("Next line of the body: ")
if body_1 == "END":
break
else:
body = body + body_1
# except KeyboardInterrupts (control-c) and pass through.
except KeyboardInterrupt:
break
# if we are tracking emails, this is some cleanup and detection to see
# if they entered .html instead or didn't specify insertuserhere
if track_email.lower() == "on":
# here we replace url with .php if they made a mistake
body = body.replace(".html", ".php")
if not "?INSERTUSERHERE" in body:
print_error(
"You have track email to on however did not specify ?INSERTUSERHERE.")
print_error(
"Tracking of users will not work and is disabled. Please re-read the instructions.")
pause = input(
"Press {" + bcolors.BOLD + "return" + bcolors.ENDC + "} to continue.")
# except KeyboardInterrupts (control-c) and pass through.
except KeyboardInterrupt:
pass
# single email # single email
if option1 == '1': if option1 == '1':
to = input(setprompt(["1"], "Send email to")) to = input(setprompt(["1"], "Send email to"))
@ -240,90 +387,6 @@ if option1 != "99":
else: else:
break break
subject = input(setprompt(["1"], "Email subject"))
try:
html_flag = input(
setprompt(["1"], "Send the message as html or plain? 'h' or 'p' [p]"))
# if we are specifying plain or defaulting to plain
if html_flag == "" or html_flag == "p":
message_flag = "plain"
# if we are specifying html
if html_flag == "h":
message_flag = "html"
# start the body off blank
body = ""
# Here we start to check if we want to track users when they click
# essentially if this flag is turned on, a quick search and replace
# occurs via base64 encoding on the user name. that is then added
# during the def mail function call and the username is posted as
# part of the URL. When we check the users, they can be coorelated
# back to the individual user when they click the link.
# track email is pulled dynamically from the config as
# TRACK_EMAIL_ADDRESSES
if track_email.lower() == "on":
print(
"You have specified to track user email accounts when they are sent. In")
print(
"order for this to work, you will need to specify the URL within the body")
print(
"of the email and where you would like to inject the base64 encoded name.")
print(
"\nWhen a user clicks on the link, the URL Will post back to SET and track")
print(
"each of the users clicks and who the user was. As an example, say my SET")
print(
"website is hosted at http://www.trustedsec.com/index.php and I want to track users.")
print("I would type below " + bcolors.BOLD +
"http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in")
print(
"order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the")
print(
"keyword that SET uses in order to replace the base name with the URL.")
print("\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC +
"on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!")
print(
"\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work.")
print_warning(
"IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
body = input(setprompt(
["1"], "Enter the body of the message, type END (capitals) when finished"))
# loop through until they are finished with the body of the subject
# line
while body != 'exit':
try:
body += ("\n")
body_1 = input("Next line of the body: ")
if body_1 == "END":
break
else:
body = body + body_1
# except KeyboardInterrupts (control-c) and pass through.
except KeyboardInterrupt:
break
# if we are tracking emails, this is some cleanup and detection to see
# if they entered .html instead or didn't specify insertuserhere
if track_email.lower() == "on":
# here we replace url with .php if they made a mistake
body = body.replace(".html", ".php")
if not "?INSERTUSERHERE" in body:
print_error(
"You have track email to on however did not specify ?INSERTUSERHERE.")
print_error(
"Tracking of users will not work and is disabled. Please re-read the instructions.")
pause = input(
"Press {" + bcolors.BOLD + "return" + bcolors.ENDC + "} to continue.")
# except KeyboardInterrupts (control-c) and pass through.
except KeyboardInterrupt:
pass
def mail(to, subject, prioflag1, prioflag2, text): def mail(to, subject, prioflag1, prioflag2, text):
msg = MIMEMultipart() msg = MIMEMultipart()