Phishing Infrastructure
Reference
BHIS Webcast
Configuration Overview
Domain Name
Reference
After you buy a domain set the name server records to Digital Ocean.
Buying Expired Domains
expireddomains.net
Domainhunter [Github]
Finding a domain based on keyword
Checks categorization against Bluecoat and IBM XForce.
Check IP History of Domain
Adding Content to Domain [Wayback machine]
If you want this url: https://web.archive.org/web/20121107182523/http://www.treeserviceorlando.net but without the WebArchive toolbar?
Add “id_” before the referenced url: https://web.archive.org/web/20121107182523id_/http://www.treeserviceorlando.net
Please note: The Wayback Machine doesn’t download jpgs or stylesheets when you add the “id_” to the url. Simply wget the regular version (with the toolbar, jpgs and style sheets), then wget the “id_” version later. It will write over the htmls w/ versions that don’t include the toolbar, and leave the rest in place.
Free/Paid HTML Templates
Get one page HTML pages.
Addition resources can be hosted on an S3 bucket.
Domain Categorization
During OSINT identify which internal proxy firewall technology the target is using.
GoPhish
Send Phish
Track interaction
Landing-page Hosting
Setup
Set up a certificate using Let'sEncrypt.
Setup the Sending Profile. Test with temp mails. If target does not have SPF records, you can send using their domain to improve trust factor.
Setup the landing page using 'Import URL' feature.
Setup up the Email Template.
Use stripo to create beautiful HTML emails.
After copying to email template, replace the URL with
{{.URL}}
Be creative with the pretense. Use the element of fear. Eg: Job cutbacks.
Clone a website using landing page feature on GoPhish.
Launch campaign
IOCs
Remove X-Mail Header value: gophish [Sending Profile settings]
Change Default RID parameter to anything else to avoid signatures. Eg: http://<URL>?rid=123
Nginx
HTTP Proxy/Router
BLOCK all scanning
Host multiple websites
Let'sEncrypt/SSL
Evilginx2
IOCs
Remove the Signature Evilginx Headers from http_proxy.go
Inject Stolen Cookies
Cookie Editor Extension [Mozilla extension] -> Import stolen cookie
Change source-IP to that of Victim's location to avoid suspicious logs.
SMTP Servers
Use Valid Mail server providers to gain reputation.
Deploy SMTP Server in VPS
Postfix-Server-Setup : Remove sensitive information from email headers.
Rate Emails
Mail-tester.com
Powershell: Send-MailMessage
Reference: Link
SendGrid
Use a valid domain to create free email IDs & send mails to targets
Mailgun
Analyze email content for spam score
Test Sending Emails with mailtrap.io
Use a proxy website URL while sending mails to redirect to landing page. This bypasses Email Filters and prevents scanners from flagging your landing domain as malicious.
Redirectors
Azure
Hide our IP Address
IP Filtering [Based on country]
Domain Reputation
azureedge.net
Automation
Ansible
For OS Configuration
Ansible Vault | Secret Management
Use when using hard-coded tokens/API Keys
Terraform
For everything other than OS Configuration.
Docker
Execution
Clone Github Repo
Set up API Keys[ Digital Ocean + Azure]
Configure variable files
Run playbook
Last updated