R-CISC BLOG

Phishing-As-A-Service (PHASS) Platforms and Frameworks

PHISHING-AS-A-SERVICE (PHAAS) allows attackers to create individual phishing campaigns, schedule and process emails and a lot of other related procedures that are involved in phishing computer targets. While most currently available PhaaS platforms are designed to test the resilience of organizations and their ability to detect social engineering attempts against their employees and help craft training programs to mitigate phishing threats, there are a few that are designed to aid cybercriminals launch and manage illegal phishing campaigns. Some of these legitimate, commercial or open source platforms can also be used for unlawful phishing attacks.

Hack$#!t — EIllegal Phishing Framework:

Hack$#!t is a Phishing-as-a-Service platform named that records the credentials of the phishing bait victims. The phished bait pages are packaged with base64 encoding and served from secure (HTTPS) websites with a top-level domain (TLD) to evade traditional scanners. The victim’s credentials are sent to the Hack$#!t PhaaS platform via websockets.

FiercePhish Phishing Framework:

The FiercePhish phishing framework is an extensive open-source solution that allows attackers to create and manage individual phishing campaigns. Functionalities include the following:

  • Prefix Establishment – This feature enables the attackers to set up custom URL’s that mask as legitimate sources.
  • Phishing Campaigns Creation and Operation – The framework allows the careful tuning of sending a predefined number of emails over defined periods of time.
  • Sending of Individual Emails – This is used for sending emails to specific targets.
  • Email Configuration Check – The FiercePhish platform allows the operators to parse MX records, A records and SPF records to ensure proper configuration.
  • Activity Logs – The platform tracks all activity and can give detailed information such when the emails were sent and all interactions performed with them.
  • Quick Replacement – The program allows the operators to use an easy Import/Export feature to issue a new server into sending out the emails.
  • User Management – FiercePhish allows its operators to use multiple accounts for better organization.
  • Two-Factor Authentication – The operators can use Two-Factor Authentication using Google’s service.

SPF “SpeedPhishing Framework”:

The SpeedPhishing Framework was designed to help simplify and automate the email phishing process and particularly assist with “credential harvesting” attacks. When provided with minimal input (such as just a target domain name), SPF can search for potential targets, deploy multiple phishing websites, craft and send phishing emails to those targets, record the results, generate a basic report, among other more advanced tasks.

Functionalities include:

  • Can be run fully automated or interactively
  • Automated target identification
  • Profiling of target company
  • Hosting of templated and dynamically generated phishing websites
  • Sending emails
  • Collection of phishing results
  • Verification of results

Ghost Phisher – Phishing Attack Tool:

Ghost Phisher is a Wireless and Ethernet security auditing and phishing attack tool that can emulate access points and deploy. The tool comes with a fake DNS server, phony DHCP server, fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. It could be used as a honeypot and could be used to service DHCP requests, DNS requests or phishing attacks.

Functionalities include:

  • HTTP Server
  • Inbuilt RFC 1035 DNS Server
  • Inbuilt RFC 2131 DHCP Server
  • Web page Hosting and Credential Logger (Phishing)
  • Wifi Access point Emulator
  • Session Hijacking (Passive and Ethernet Modes)
  • ARP Cache Poisoning (MITM and DOS Attacks)
  • Penetration using Metasploit Bindings
  • Automatic credential logging using SQLite Database

Phishing Frenzy – E-mail Phishing Framework:

Phishing Frenzy is an Open Source Ruby on Rails e-mail phishing framework designed to help penetration testers manage multiple, complex phishing campaigns. Designed to streamline the phishing process while still providing clients with the best realistic phishing campaign possible, Phishing Frenzy’s goal is obtainable through campaign management, template reuse, statistical generation, and other features.

Functionalities include:

  • Sending Emails
  • Hosting Websites
  • Tracking Analytics
  • Website Cloning
  • E-mail Harvesting
  • Credential Harvesting
  • UID tracking for users
  • Reporting and Analytics
  • Export XML

Gophish – Open-Source Phishing Framework:

Gophish is a phishing framework that makes the simulation of real-world phishing attacks very straight forwards and makes industry-grade phishing training possible.

Functionalities include:

  • One-click Installation
  • Standalone, portable binary with static assets
  • Point-and-click Phishing
  • WebUI
  • Automated Phishing campaigns
  • RESTful API (JSON)
  • Computerized Training
  • Open-Source

Sptoolkit Rebirth – Simple Phishing Toolkit:

The Sptoolkit (rebirth) or Simple Phishing Toolkit project is an open source phishing education toolkit designed to focus on training employees.

Functionalities include:

  • Templates & Visual editor
  • Education completion tracking

Cartero Phishing Framework:

Cartero is a phishing framework with a full-featured CLI interface with a modular structure divided into commands that perform independent tasks (i.e., Mailer, Cloner, Listener, AdminConsole, etc…). Each sub-command can be configured and automated.

King Phisher Phishing Framework:

King Phisher is a tool for testing and promoting user awareness by simulating real-world phishing attacks. It features an easy to use architecture allowing full control over both emails and server content. It can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

  • Functionalities include:
  • Runs multiple phishing campaigns simultaneously
  • Sends emails with embedded images for a more legitimate appearance
  • Has Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geolocation of phishing visitors
  • Sends emails with calendar invitations

Sources:

https://www.netskope.com/blog/phishing-service-phishing-revamped/

https://thehackernews.com/2017/07/cybercrime-as-as-service.html

https://bestsecuritysearch.com/fiercephish-phishing-framework-released/

https://www.tripwire.com/state-of-security/off-topic/automating-email-phishing-with-spf/