https://github.com/solanav/phishflood

Flood phishing websites with realistic fake credentials
https://github.com/solanav/phishflood

credentials fake-data-generator phishing playwright-python

Last synced: 3 days ago
JSON representation

Flood phishing websites with realistic fake credentials

• Host: GitHub
• URL: https://github.com/solanav/phishflood
• Owner: solanav
• License: agpl-3.0
• Created: 2023-12-11T16:38:36.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-15T16:02:38.000Z (almost 2 years ago)
• Last Synced: 2024-03-26T08:48:08.183Z (almost 2 years ago)
• Topics: credentials, fake-data-generator, phishing, playwright-python
• Language: Python
• Homepage: https://solana.miami/phishflood/
• Size: 109 MB
• Stars: 15
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# PhishFlood

PhishFlood is a python tool that uses playwright to automate the process of filling phishing websites with fake credentials.

> **_NOTE_** This tool is meant for educational and research purposes only. Unauthorized use of this tool is strictly prohibited. The developers are not responsible for any misuse or damage caused by this tool.

## Table of content

- [PhishFlood](#phishflood)

  - [Table of content](#table-of-content)

  - [Demo](#demo)

  - [Installation](#installation)

    - [Prerequisites](#prerequisites)

    - [Clone the Repository](#clone-the-repository)

    - [Install Dependencies with Poetry](#install-dependencies-with-poetry)

  - [Usage](#usage)

    - [Running CLI](#running-cli)

    - [Running the API](#running-the-api)

  - [Testing](#testing)

  - [Contributing](#contributing)

    - [Architecture](#architecture)

  - [License](#license)

## Demo

Example page interaction:

![](images//output.gif)

Example output:

```json

{

    "url": "https://online.ib-internet-bakingssg.com/",

    "html": "...",

    "forms": [

        {

            "meta_id": 0,

            "id": null,

            "action": null,

            "method": "none",

            "type": null,

            "inputs": [

                {

                    "meta_id": 0,

                    "id": null,

                    "name": "UID",

                    "placeholder": null,

                    "type": "text"

                },

                {

                    "meta_id": 1,

                    "id": null,

                    "name": "pin",

                    "placeholder": null,

                    "type": "number"

                }

            ]

        }

    ],

    "actions": [

        {

            "action": "fill",

            "form": 0,

            "input": 0,

            "value": "cyber_dragon83",

            "status": "success"

        },

        {

            "action": "fill",

            "form": 0,

            "input": 1,

            "value": "383510",

            "status": "success"

        }

    ]

}

```

## Installation

### Prerequisites

- Python 3.11 or higher

- Git

- Poetry

### Clone the Repository

```bash

git clone https://github.com/solanav/phishflood.git

cd phishflood

```

### Install Dependencies with Poetry

```bash

poetry install

```

## Usage

### Running CLI

```bash

poetry run python -m phishflood example.org

```

PhishFlood will launch a Playwright browser instance in the background and start filling in fake credentials on known phishing websites. The results will be stored on the `samples/` directory.

### Running the API

To start the API and all required componets (RabbitMQ, PostgreSQL and the workers) you can run:

```bash

docker compose -f docker/docker-compose.yml --compatibility up --build

```

The API will be running in `localhost:8000` and you can start exploring the different endpoints through the web UI:

![Alt text](images/api_root.png)

And here is a sample of one of the endpoints

![Alt text](images//action_list.png)

## Testing

We use [pytest](https://docs.pytest.org/en/stable/) for testing. To run the tests, use the following command:

```bash

poetry run pytest

```

Make sure to have a controlled testing environment, as the tests involve interactions with websites.

## Contributing

If you would like to contribute to this project, please open an issue or submit a pull request. We welcome any suggestions, improvements, or bug fixes.

### Architecture

Here is a general overview of the code in this repository so you have an easier time contributing:

- `api/`: django project that provides the API to submit new cases and retrieve results.

- `credfind/`: module that finds forms and inputs in a given HTML source file.

- `credgen/`: module that generates random (realistic) credentials for inputs found in `credfind`.

- `data/`: folder with emails and passwords for the `credgen` module.

- `docker/`: contains the docker-compose and Dockerfiles necesary to get up and running the service.

- `pages/`: HTML sites to test the modules.

- `phishflood/`: main module that glues credfind and credgen, using [playwright](https://github.com/microsoft/playwright-python).

- `samples/`: output for the information obtained when using the `phishflood` manually as opposed to using it through the API.

- `tests/`: folder containing the unittests that check everything is behaving as expected.

- `entrypoint.sh`: script that prepares the django `api` and launches it. Used in `docker/Dockerfile.api`.

## License

This project is licensed under the [AGPL License](LICENSE).