Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Rvn0xsy/Pricking

基于反向代理的水坑部署工具
https://github.com/Rvn0xsy/Pricking

Last synced: 3 months ago
JSON representation

基于反向代理的水坑部署工具

Awesome Lists containing this project

README 

        
# Pricking



[Pricking](https://github.com/Rvn0xsy/Pricking) 是一个自动化部署水坑和网页钓鱼的项目。



想要了解更多可以阅读:



- [红队技巧:基于反向代理的水坑攻击](https://payloads.online/archivers/2021-02-16/1)



:collision: :collision: :collision: 支持HTTPS/HTTP



## 使用方法



更多使用方式可以参考 [Pricking Wiki](https://github.com/Rvn0xsy/Pricking/wiki)



> 使用本项目需要拥有一个域名,将A记录指向到当前服务器,否则只能通过IP访问。



### 安装方式 - Golang install



```bash

$ go install -v github.com/Rvn0xsy/Pricking/cmd/pricking@latest

```



### 安装方式 - 下载二进制文件



[Releases](https://github.com/Rvn0xsy/Pricking/releases)



### 安装方式 - 编译



```bash

$ git clone https://github.com/Rvn0xsy/Pricking

$ cd Pricking

$ make

```



### Quick Start Pricking Web :collision:



```bash

$ ./pricking -config ./config/config.yaml -url https://payloads.online

```



### 配置文件



```yaml

filter_type:

  - "text/html" # 仅针对网页内容进行注入

exclude_file:   # 静态文件的数据包不进行注入

  - ".jpg"

  - ".css"

  - ".png"

  - ".js"

  - ".ico"

  - ".svg"

  - ".gif"

  - ".jpeg"

  - ".woff"

  - ".tff"

static_dir: "./pricking-js-suite" # Pricking Js Suite 目录

pricking_prefix_url: "/pricking_static_files" # 静态目录名,不能与目标网站冲突

listen_address: ":9999" # 监听地址:端口

inject_body: "" # 注入代码

```



## [Pricking Js Suite 模块说明](pricking-js-suite/)



- modules/cookie.js 获取网页Cookie并打印在控制台上

- ...



## 引入方式



在static.js中添加:



```js

import * as  from './modules/.js'

```



例如 `cookie.js`:



```js

import * as Cookie from './modules/cookie.js'

```



## 贡献



请为我提交[Pull Request](https://github.com/Rvn0xsy/Pricking/pulls)