{"id":13844968,"url":"https://github.com/GemGeorge/SniperPhish","last_synced_at":"2025-07-12T00:32:34.502Z","repository":{"id":38687641,"uuid":"282608662","full_name":"GemGeorge/SniperPhish","owner":"GemGeorge","description":"SniperPhish - The Web-Email Spear Phishing Toolkit","archived":false,"fork":false,"pushed_at":"2024-04-30T16:01:29.000Z","size":8235,"stargazers_count":526,"open_issues_count":20,"forks_count":114,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-08-05T17:43:29.958Z","etag":null,"topics":["phishing","phishing-tool","sniperphish","social-engineering","spearphishing"],"latest_commit_sha":null,"homepage":"https://sniperphish.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GemGeorge.png","metadata":{"files":{"readme":"README.md","changelog":"ChangePwd.php","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-07-26T08:31:52.000Z","updated_at":"2024-08-04T08:40:23.000Z","dependencies_parsed_at":"2023-02-11T11:45:57.505Z","dependency_job_id":"2f96dd8e-e8c4-4e39-b39e-03c01b1cf0bc","html_url":"https://github.com/GemGeorge/SniperPhish","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GemGeorge%2FSniperPhish","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GemGeorge%2FSniperPhish/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GemGeorge%2FSniperPhish/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GemGeorge%2FSniperPhish/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GemGeorge","download_url":"https://codeload.github.com/GemGeorge/SniperPhish/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225772834,"owners_count":17521898,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["phishing","phishing-tool","sniperphish","social-engineering","spearphishing"],"created_at":"2024-08-04T17:03:04.424Z","updated_at":"2024-11-21T17:31:05.086Z","avatar_url":"https://github.com/GemGeorge.png","language":"PHP","funding_links":[],"categories":["others","PHP","Phishing"],"sub_categories":["Steganography"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/15928266/116806917-ab0f8d80-ab62-11eb-8d34-962fdfe692a7.png\" \u003e\u003c/img\u003e\u003c/a\u003e\n\u003c/h1\u003e\n\u003cp align=\"center\"\u003e \n  \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?label=php\u0026message=%3E=8.1\u0026color=green\u0026style=flat\u0026logo=php\"\u003e\u003c/a\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?label=Platform\u0026message=Linux/Windows\u0026color=orange\u0026style=flat\"\u003e\u003c/a\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?label=License\u0026message=MIT\u0026color=blue\u0026style=flat\"\u003e\u003c/a\u003e\n   \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/badge/Contributions-Welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# SniperPhish\n[SniperPhish](https://sniperphish.com/) (SP in short) is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercise and would be reminded to take prior permission from the targeted organization to avoid legal implications.\n\n## Basic Requirements\n* Operating System: Windows or Linux. The macOS support is not verified.\n* Web Server: Any web server supporting PHP v8.1 or higher (for SP\u003c=2.0, minimum requirement is PHP v7.4).\n* Database: MySQL\n\n## Installation\n1. Clone this repo or download the latest release\n2. Put the contents in your web root folder\n3. Open installation page http://localhost/install in your browser and follow the steps\n4. After installation, SniperPhish will redirect to login page http://localhost/spear\n\u003eDefault login - *Username: `admin`   Password: `sniperphish`*\n\n## Main Features\n* Web tracker code generation - track your website visits and form submissions independently\n* Tracks data from phishing website containing any number of pages\n* Create and schedule Phishing mail campaigns\n* Combine your phishing site with email campaign for centrally tracking\n* An independent \"Quick Tracker\" module for quick tracking an email or web page visit\n* Advance report generation - generate reports based on the tracking data you needed\n* Mail campaigns with QR/Bar code support (both locally and remotely embedding in mails)\n* Track phishing message replies\n* Signed and encrypted mail support\n* Advanced mail campaign customization – read receipt, TO/CC/BCC emails etc.\n* Anti-flood control for emails\n* Non-ASCII (Punycode transcription) support for email and domain\n* Auto-renaming attachments on-the-fly\n\n## Screenshots\n\u003ckbd\u003e![Web-Email Campaign Dashboard](https://user-images.githubusercontent.com/15928266/175827939-baef7654-70a6-4305-b627-8849cce6a442.png)\u003c/kbd\u003e\n\n\u003ckbd\u003e![Web Tracker Insertion](https://user-images.githubusercontent.com/15928266/116777832-198c1700-aaa1-11eb-9f10-4a0b27c172d8.gif)\u003c/kbd\u003e\n\n## Creating Web-Email Campaign - Quick Guide\nIn short, we create web tracker -\u003e Add the web tracker to the phishing website -\u003e create mail campaign with a link pointing to the phishing website -\u003e start mail campaign.\n#### Creating a web tracker:\n1. Design your website in your favorite programming language. Make sure you provided unique \"id\" and \"name\" value for HTML fields such as text field, checkbox etc.\n2. Generate a web-tracker code `Web Tracker -\u003e New Tracker` for your phishing site. The \"Web Pages\" tab lists the pages you want to track.\n    * To track form submission data, provide the \"id\" or \"name\" values of HTML fields present in your phishing site form.\n    * Repeat above for each page in your phishing site which is required to track.\n3. From the final output, copy the generated JS link and place it in between \u0026lt;Head\u0026gt; and \u0026lt;/Head\u0026gt; section of each website page. This JS script contains the tracking code.\n4. Finally, save the tracker created. Now the tracker is activated and listening in the background. Opening your phishing site pages or form submissions are tracked.\n\n#### Creating an Email campaign:\n1. Go to `Email Campaign -\u003e User Group` and add target users \n2. Go to `Email Campaign -\u003e Sender List` and configure Mail server details\n3. Go to `Email Campaign -\u003e Email Template` and create mail template. Here, you can to link your phishing website based on the web tracker you created. For that, click on `Insert` menu from email template editor and chose `Link to Web Tracker`. Select your web tracker from the pop-up window and insert it.\n4. Now go to `Email Campaign -\u003e Campaign List -\u003e New Mail Campaign` and select/fill the fields to create the campaign.\n5. Start Mail campaign\n\n_Note: SniperPhish tracks your phishing website only if the page is called by appending `rid` parameter (ie. `?rid={{RID}}`) at the end. For example opening `http://yourphishingsite.com/login?rid=abcd` will be tracked, but not `http://yourphishingsite.com/login`. Above 3rd step does this by default._\n\n#### Viewing combined Web-Email Result\nGo to `Web-MailCamp Dashboard -\u003e Select Campaign`. Then select the web tracker and email campaign you created.\u003cbr/\u003e\n\u003ckbd\u003e\u003cimg src=\"https://user-images.githubusercontent.com/15928266/116777253-2e1bdf80-aaa0-11eb-9c44-e1db8f200c39.png\" height=\"286\"\u003e\u003c/img\u003e\u003c/kbd\u003e\n\n## More\n* SniperPhish website: https://sniperphish.com/\n* SniperPhish demo: https://demo.sniperphish.com/spear/\n* SniperPhish documentation: https://docs.sniperphish.com/\n\n## SniperPhish honors contributions of\nJoseph Nygil ([@j_nygil](https://twitter.com/j_nygil)) and Sreehari Haridas ([@sr33h4ri](https://twitter.com/sr33h4ri))\n\n## Come let's connect and collaborate\nJoin on our SniperPhish discord community to engage with us!\n* Discord: https://sniperphish.com/discord/\n* Subscribe: https://www.youtube.com/@sniperphish\n\n## Donation\nIf this project help you 'Phish', you can give me a cup of coffee :) \n\n[![bitcoin](https://user-images.githubusercontent.com/15928266/124384822-9c318c80-dd05-11eb-948c-f0b9e697b740.png)](https://sniperphish.com/donate)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGemGeorge%2FSniperPhish","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGemGeorge%2FSniperPhish","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGemGeorge%2FSniperPhish/lists"}