Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2024-11-27 06:50:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

pep8 formatting for phishing

Browse source
This commit is contained in:
TrustedSec 2016-06-27 11:01:46 -04:00
parent 0bc0301617
commit 60c8ad83f4
2 changed files with 59 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/phishing/smtp/client/smtp_client.py
View file

@ -13,8 +13,10 @@ import base64
import thread
# python 2 to 3 fix
try: from cStringIO import StringIO
except NameError: from io import StringIO
try:
from cStringIO import StringIO
except NameError:
from io import StringIO
from email.MIMEMultipart import MIMEMultipart
from email.MIMEBase import MIMEBase
from email.MIMEText import MIMEText
@ -74,23 +76,26 @@ for line in sendmail_file:
email_provider = line.replace("EMAIL_PROVIDER=", "").lower()
# support smtp for gmail
## Issue ## Set reports the email as successfully sent but I haven't had any success with it
# Issue ## Set reports the email as successfully sent but I haven't had
# any success with it
if email_provider == "gmail":
if sendmail == 0:
smtp = ("smtp.gmail.com")
port = ("587")
print_status("If you are using GMAIL - you will need to need to create an application password: https://support.google.com/accounts/answer/6010255?hl=en")
print_status(
"If you are using GMAIL - you will need to need to create an application password: https://support.google.com/accounts/answer/6010255?hl=en")
# support smtp for yahoo
if email_provider == "yahoo":
if sendmail == 0:
smtp = ("smtp.mail.yahoo.com")
port = ("587") #This was previously 465 and changed to 587
port = ("587") # This was previously 465 and changed to 587
# support smtp for hotmail
if email_provider == "hotmail":
if sendmail == 0:
smtp = ("smtp.live.com") #smtp.hotmail.com is no longer in use
smtp = ("smtp.live.com")
# smtp.hotmail.com is no longer in use
port = ("587")
# DEFINE METASPLOIT PATH
@ -136,7 +141,8 @@ if not os.path.isfile(setdir + "/template.pdf"):
if not os.path.isfile(setdir + "/template.rtf"):
if not os.path.isfile(setdir + "/template.mov"):
print("No previous payload created.")
file_format = input(setprompt(["1"], "Enter the file to use as an attachment"))
file_format = input(
setprompt(["1"], "Enter the file to use as an attachment"))
if not os.path.isfile("%s" % (file_format)):
while 1:
print_error("ERROR:FILE NOT FOUND. Try Again.")
@ -304,7 +310,8 @@ if option1 == '2':
if option1 == '99':
exit_set()
print(("""\n 1. Use a %s Account for your email attack.\n 2. Use your own server or open relay\n""" % (email_provider)))
print(("""\n 1. Use a %s Account for your email attack.\n 2. Use your own server or open relay\n""" %
(email_provider)))
relay = input(setprompt(["1"], ""))
counter = 0
# Specify SMTP Option Here
@ -399,7 +406,8 @@ def mail(to, subject, text, attach, prioflag1, prioflag2):
mailServer.login(provideruser, pwd)
mailServer.sendmail(from_address, to, io.getvalue())
except Exception as e:
print_error("Unable to deliver email. Printing exceptions message below, this is most likely due to an illegal attachment. If using GMAIL they inspect PDFs and is most likely getting caught.")
print_error(
"Unable to deliver email. Printing exceptions message below, this is most likely due to an illegal attachment. If using GMAIL they inspect PDFs and is most likely getting caught.")
input("Press {return} to view error message.")
print(str(e))
try:

56
src/phishing/smtp/client/smtp_web.py
View file

@ -10,9 +10,14 @@ import random
import time
import base64
# fix for python2 to 3 compatibility
try: from cStringIO import StringIO
except NameError: from io import StringIO
import email,email.encoders,email.mime.text,email.mime.base
try:
from cStringIO import StringIO
except NameError:
from io import StringIO
import email
import email.encoders
import email.mime.text
import email.mime.base
from email.MIMEMultipart import MIMEMultipart
from email.MIMEBase import MIMEBase
from email.MIMEText import MIMEText
@ -142,7 +147,8 @@ if option1 == '2':
setprompt(["1"], "Path to the file to import into SET"))
if not os.path.isfile(filepath):
while 1:
print("[!] File not found! Please try again and enter the FULL path to the file.")
print(
"[!] File not found! Please try again and enter the FULL path to the file.")
filepath = input(
setprompt(["1"], "Path to the file to import into SET"))
if os.path.isfile(filepath):
@ -201,8 +207,10 @@ if option1 != "99":
file_format = ""
yesno = raw_input("Do you want to attach a file - [y/n]: ")
if yesno.lower() == "y" or yesno.lower() == "yes":
file_format = raw_input("Enter the path to the file you want to attach: ")
if not os.path.isfile(file_format): file_format = ""
file_format = raw_input(
"Enter the path to the file you want to attach: ")
if not os.path.isfile(file_format):
file_format = ""
subject = input(setprompt(["1"], "Email subject"))
try:
@ -227,17 +235,28 @@ if option1 != "99":
# track email is pulled dynamically from the config as
# TRACK_EMAIL_ADDRESSES
if track_email.lower() == "on":
print("You have specified to track user email accounts when they are sent. In")
print("order for this to work, you will need to specify the URL within the body")
print("of the email and where you would like to inject the base64 encoded name.")
print("\nWhen a user clicks on the link, the URL Will post back to SET and track")
print("each of the users clicks and who the user was. As an example, say my SET")
print("website is hosted at http://www.trustedsec.com/index.php and I want to track users.")
print("I would type below " + bcolors.BOLD + "http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in")
print("order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the")
print("keyword that SET uses in order to replace the base name with the URL.")
print("\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC + "on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!")
print("\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work.")
print(
"You have specified to track user email accounts when they are sent. In")
print(
"order for this to work, you will need to specify the URL within the body")
print(
"of the email and where you would like to inject the base64 encoded name.")
print(
"\nWhen a user clicks on the link, the URL Will post back to SET and track")
print(
"each of the users clicks and who the user was. As an example, say my SET")
print(
"website is hosted at http://www.trustedsec.com/index.php and I want to track users.")
print("I would type below " + bcolors.BOLD +
"http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in")
print(
"order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the")
print(
"keyword that SET uses in order to replace the base name with the URL.")
print("\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC +
"on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!")
print(
"\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work.")
print_warning(
"IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
body = input(setprompt(
@ -295,7 +314,8 @@ def mail(to, subject, prioflag1, prioflag2, text):
fileMsg = email.mime.base.MIMEBase('application', '')
fileMsg.set_payload(file(file_format).read())
email.encoders.encode_base64(fileMsg)
fileMsg.add_header('Content-Disposition','attachment;filename=%s' % (file_format))
fileMsg.add_header(
'Content-Disposition', 'attachment;filename=%s' % (file_format))
msg.attach(fileMsg)
mailServer = smtplib.SMTP(smtp, port)