https://github.com/aress31/phishstat

Generate various type of statistics from phishing engagement results.
https://github.com/aress31/phishstat

pentest phishing reporting statistics xlsx

Last synced: 3 months ago
JSON representation

Generate various type of statistics from phishing engagement results.

• Host: GitHub
• URL: https://github.com/aress31/phishstat
• Owner: aress31
• License: apache-2.0
• Created: 2018-01-04T14:08:31.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2019-11-22T08:15:41.000Z (about 5 years ago)
• Last Synced: 2024-05-02T02:12:10.448Z (9 months ago)
• Topics: pentest, phishing, reporting, statistics, xlsx
• Language: Python
• Homepage:
• Size: 639 KB
• Stars: 7
• Watchers: 2
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        
![phishstat](images/phishstat.png)

# phishstat

[![Language](https://img.shields.io/badge/Lang-Python-blue.svg)](https://www.python.org)

[![License](https://img.shields.io/badge/License-Apache%202.0-red.svg)](https://opensource.org/licenses/Apache-2.0)

## Automating the generation of statistics obtained from Phishing engagements.

This script structures the results obtained from Phishing engagements into a MySQL database and generates different types of statistics.

The database model used is as follows:

* **Employee**: Holds information about the targetted `Employee` 

  * `client`

  * `email`

  * `role`

* **Link**: Intermediate table linking an `Employee` to a `Payload`

  * `ref`

  * `email`

* **Payload**: Holds information about the delivered `Payload` 

  * `idP`

  * `type`

  * `host`

  * `agent`

  * `date`

  * `ref`

The statistics are all generated into individual worksheets within a single `.xlsx` file, as shown in the following screenshot.

 

![example](images/example.png)

The following statistics are currently implemented:

* `Click Types Per User`

* `Clicks Over Time`

* `Email Distribution`

* `Clicks Per Payload Type`

* `Click Originating IP`

* `Users Who Did/Did Not Click`

* `Clicks Per Department`

## Installation

```

$ git clone https://github.com/AresS31/phishstat

$ cd phishstat

# pip install -r requirements.txt

```

The `MYSQL_USER` and `MYSQL_PASSWORD` global variable must be edited  within the script (line 34 and 35).

## Usage

```

$ python phishstat.py [-h] -c CLIENT -l APACHE_LOG -p PARAMETER -r EMAIL2REF -t

                    TARGET [-v]

-h, --help            show this help message and exit

-c CLIENT, --client CLIENT

                      name for the database storing the engagement results

-l APACHE_LOG, --log APACHE_LOG

                      Apache log file

-p PARAMETER, --parameter PARAMETER

                      GET parametereter used to identify each clicks

-r EMAIL2REF, --ref EMAIL2REF

                      file containing the email to reference

-t TARGET, --target TARGET

                      file containg the target details

-v, --verbose         enable verbose mode

```

##### Apache log example:

```

11.22.33.44 - - [25/Oct/2016:10:51:21 +0100] "GET /phishing.gov.uk?region=KT4-EAC82 HTTP/1.1" 301 577 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"

11.22.33.44 - - [25/Oct/2016:10:51:22 +0100] "GET /phishing.gov.uk/?region=KT4-BDCB5 HTTP/1.1" 200 22729 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"

11.22.33.44 - - [25/Oct/2016:10:53:36 +0100] "GET /phishing.gov.uk?region=KT4-C2AE6 HTTP/1.1" 301 577 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

11.22.33.44 - - [25/Oct/2016:10:53:36 +0100] "GET /phishing.gov.uk/?region=KT4-30747 HTTP/1.1" 200 22729 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

11.22.33.44 - - [25/Oct/2016:10:53:36 +0100] "GET /phishing.gov.uk/?region=KT4-779D8 HTTP/1.1" 200 22729 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"         

```

*Note*: The GET parameter (-p, --param) used to parse the results in the above example is `region`.

##### Target file expected formatting:

```

[email protected],Director

[email protected],Technical

[email protected],Support

[email protected],Sale

[email protected],Other

```

##### Email to reference file expected formatting:

```

[email protected],KT4-EAC82

[email protected],KT4-BDCB5

[email protected],KT4-C2AE6

[email protected],KT4-30747

[email protected],KT4-779D8

```

## Possible Improvements

- [ ] Add new features.

- [ ] Source code optimisation.

## License

Copyright (C) 2017 - 2018 Alexandre Teyar

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.