{"id":13540051,"url":"https://github.com/atexio/mercure","last_synced_at":"2025-04-02T06:32:03.582Z","repository":{"id":54155293,"uuid":"80608747","full_name":"atexio/mercure","owner":"atexio","description":"Mercure is a tool for security managers who want to train their colleague to phishing.","archived":true,"fork":false,"pushed_at":"2021-03-07T02:45:55.000Z","size":596,"stargazers_count":267,"open_issues_count":30,"forks_count":56,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-11-03T05:32:06.295Z","etag":null,"topics":["campaign","email","hacking","phishing","python","security"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/atexio/mercure/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atexio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-01T10:13:15.000Z","updated_at":"2024-08-12T19:27:31.000Z","dependencies_parsed_at":"2022-08-13T07:50:28.527Z","dependency_job_id":null,"html_url":"https://github.com/atexio/mercure","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atexio%2Fmercure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atexio%2Fmercure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atexio%2Fmercure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atexio%2Fmercure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atexio","download_url":"https://codeload.github.com/atexio/mercure/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246768347,"owners_count":20830651,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["campaign","email","hacking","phishing","python","security"],"created_at":"2024-08-01T09:01:38.537Z","updated_at":"2025-04-02T06:32:01.064Z","avatar_url":"https://github.com/atexio.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"546f4fe70faa2236c0fbc2d486a83391\"\u003e\u003c/a\u003e社工(SET)\u0026\u0026钓鱼\u0026\u0026鱼叉攻击","Python","[↑](#table-of-contents) Tools and frameworks","\u003ca id=\"3e622bff3199cf22fe89db026b765cd4\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"290e9ae48108d21d6d8b9ea9e74d077d\"\u003e\u003c/a\u003e钓鱼\u0026\u0026Phish","Phishing campaign tools"],"readme":"# Mercure\n\n[![Build Status](https://travis-ci.org/atexio/mercure.svg?branch=master)](https://travis-ci.org/atexio/mercure)\n[![Coverage Status](https://coveralls.io/repos/github/atexio/mercure/badge.svg?branch=master)](https://coveralls.io/github/atexio/mercure?branch=master)\n[![Documentation Status](https://readthedocs.org/projects/mercure/badge/?version=latest)](http://doc.mercure.io/en/latest/?badge=latest)\n[![Code Health](https://landscape.io/github/atexio/mercure/master/landscape.svg?style=flat)](https://landscape.io/github/atexio/mercure/master)\n[![Requirements Status](https://requires.io/github/atexio/mercure/requirements.svg?branch=master)](https://requires.io/github/atexio/mercure/requirements/?branch=master)\n\nMercure is a tool for security managers who want to teach their colleagues about phishing.\n\n\n## What Mercure can do:\n\n* Create email templates\n* Create target lists\n* Create landing pages\n* Handle attachments\n* Let you keep track in the Campaign dashboard\n* Track email reads, landing page visits and attachment execution.\n* Harvest credentials\n* Schedule campaigns\n* Minimize link in email templates\n\n\n## What Mercure will do:\n\n* Display more graphs (we like graphs!)\n* Provide a REST API\n* Allow for multi-message campaigns (aka scenarios)\n* Check browser plugins\n* User training\n\n# Docker Quickstart\n\n## Requirements\n\n* docker\n* docker-compose\n\n## Available configuration\n\n| Environment variable name | Status | Description | Value example |\n|---------------------------|----------|---------------------------------------------|------------------------------------|\n| SECRET_KEY | Required | Django secret key | Random string |\n| URL | Required | Mercure URL | https://mercure.example.com |\n| EMAIL_HOST | Required | SMTP server | mail.example.com |\n| EMAIL_PORT | Optional | SMTP port | 587 |\n| EMAIL_HOST_USER | Optional | SMTP user | phishing@example.com |\n| EMAIL_HOST_PASSWORD | Optional | SMTP password | P@SSWORD |\n| DEBUG | Optional | Run on debug mode | True |\n| SENTRY_DSN | Optional | Send debug info to sentry.io | https://23xxx:38xxx@sentry.io/1234 |\n| AXE_DISABLED | Optional | Forcebrute protection is disabled | True |\n| AXES_LOCK_OUT_AT_FAILURE | Optional | Ban on forcebrute login | True |\n| AXES_COOLOFF_TIME | Optional | Ban duration on forcebrute login (in hours) | 0.8333 |\n| DONT_SERVES_STATIC_FILE | Optional | Don't serve static files with django | True |\n\n\n## Sample deployment\n\nEdit docker compose configuration (```docker-compose.yml```)\n\n```yaml\nversion: '2'\n\nservices:\n front:\n image: atexio/mercure\n restart: always\n ports:\n - 8000:8000\n environment:\n SECRET_KEY: '\u003crandom value\u003e'\n URL: 'https://preprod.mercure.io'\n EMAIL_HOST: 'mail.example.com'\n EMAIL_HOST_USER: 'phishing@example.com'\n EMAIL_HOST_PASSWORD: 'P@SSWORD'\n volumes:\n - /etc/localtime:/etc/localtime:ro\n - ./data/database:/code/database\n - ./data/media:/code/media\n - ./data/migrations/phishing:/code/phishing/migrations\n\n```\n\nTo generate the SECRET_KEY variable, you can use this command:\n\n```shell\n# generate random SECRET_KEY\ncat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 200 | head -n 1\n```\n\nThe SECRET_KEY is used as a salt for django password hashing, don't change it after using it with mercure.\nAfter changing the secret key, you can run the container with this command:\n\n```shell\ndocker-compose up -d\n```\n\nNext, you can create a super user to log into web interface:\n\n```bash\n# create super user\ndocker-compose exec front python manage.py createsuperuser\n```\n\n# How to use mercure\n\nWe can consider mercure is divided into 5 steps :\n* Targets\n* Email Templates\n* Campaigns\n* Attachments\n* Landing page\n\nTargets, Email Templates and Campaign are the minimum required to run a basic phishing campaign.\n\n\n1. First, add your targets\n\n ![Targets](https://raw.githubusercontent.com/atexio/mercure/master/docs/img/mercure_targets.png)\n\n You need to fill mercure name, the target email.Target first and last name are optional, but can be usefull to the landing page\n\n2. Then, fill the email template.\n\n ![Landing page](https://raw.githubusercontent.com/atexio/mercure/master/docs/img/mercure_emailtemplate.png)\n\n You need to fill the mercure name, the subject, the send and the email content.\n To improve the email quality, you have to fill the email content HTML and the text content.\n To get information about opened email, check \"Add open email tracker\"\n You can be helped with \"Variables\" category.\n\n Attachments and landing page are optionnal, we will see it after.\n\n3. Finally, launch the campaign\n\n ![Campaign](https://raw.githubusercontent.com/atexio/mercure/master/docs/img/mercure_campaign.png)\n\n You need to fill the mercure name, select the email template and the target group.\n You can select the SMTP credentials, SSL using or URL minimazing\n\n\n4. Optional, add landing page\n\n ![Landing page](https://raw.githubusercontent.com/atexio/mercure/master/docs/img/mercure_landingpage.png)\n\n You need to fill the mercure name, the domain to use\n You can use \"Import from URL\" to copy an existing website.\n\n You have to fill the page content with text and HTML content by clicking to \"Source\"\n\n5. Optional, add Attachment\n\n ![Attachments](https://raw.githubusercontent.com/atexio/mercure/master/docs/img/mercure_attachment.png)\n\n You need to fill the mercure name, the file name which appears in the email and the file\n You also have to check if the the file is buildable or not, if you need to compute a file for example.\n\n To execute the build , you need to create a zip archive which contain a build script (named 'generator.sh' and a buildable file\n\n\n\n# Developers\n\n## To participate to the project :\n\n1. Fork the project\n\n2. Create new branch\n\n3. Make comments and clean commits to the repository\n\n4. Run unnittests\n\t```\n\tpython manage.py test --exclude-tag selenium\n\t```\n\n5. Perform a pull request\n\n\n# Responsible Disclosure of Security Vulnerabilities\n\nWe want to keep Mercure safe for everyone. If you've discovered a security vulnerability in Mercure, we appreciate your help in disclosing it to us in a responsible manner.\n\nSend an email to 'security@atexio.fr'. If you want, you can use with [PGP Key](https://pgp.mit.edu/pks/lookup?op=vindex\u0026search=security@atexio.fr)\n\n\n## Vulnerability summary\n\n* Name of the vulnerability\n* Attack Vector (AV)\n* Attack Complexity (AC)\n* Privileges Required (PR)\n* User Interaction (UI)\n* Scope (S)\n* Confidentiality (C)\n* Integrity (I)\n* Availability (A)\n\n\n## Reporter informations\n* Your Name\n* Your Mail\n* Your PGP public key\n\n\n## Technical details\n* More technical details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatexio%2Fmercure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatexio%2Fmercure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatexio%2Fmercure/lists"}