Add Logging, Email Permutation, Improved Multithreaded Performance, Random password generation, Buffered credential generation, test server

CybrZone / phishkiller

The Unlicense

73 stars 36 forks source link

Add Logging, Email Permutation, Improved Multithreaded Performance, Random password generation, Buffered credential generation, test server #10

Open leolion3 opened 1 week ago

leolion3 commented 1 week ago

Added an old script of mine for generating email permutations, which generates thousands of emails per second.
Used Faker for generating random data.
Improved upon @sarimbinwaseem #3 implementation by shuffling email components (first, last names, numbers, symbols).
Changed password generation to use random amount of characters and random combination.
Used randomised user agents in each request

JanEickholt commented 6 days ago

The idea of email permutation usually comes from developing bots, use a mail multiple times, to confirm registrations These are usually filtered by every decent company / developer, via a duplicate check, if you don't need to confirm the registration that you send to the phishing site, there is really no use to this feature

leolion3 commented 6 days ago

The idea of email permutation usually comes from developing bots, use a mail multiple times, to confirm registrations These are usually filtered by every decent company / developer, via a duplicate check, if you don't need to confirm the registration that you send to the phishing site, there is really no use to this feature

Thats why first shuffling the email components. Plus its not entirely true, as I've personally used these permutations on various websites that provide a new customer bonus per email address.

Its actually only a gmail feature that dots get ignored in the username and that the gmail and googlemail domains are seen as identical. The upper/lowercase is turned on but can be turned off. The main objective of the permutation is turning an email like test@gmail.com into t.est t.e.st t.e.s.t, etc. and using various domains.

You can check out the demo here: https://github.com/leolion3/Portfolio/tree/master/Python/GmailPermutationGenerator

JanEickholt commented 6 days ago

For legitimate Services this might sometimes be the case (sometimes legal in nature), but if you want to "flood" a database with "legit looking" data, just adding dots and suffixes doesn't help, if it can be countered with a regex or simple script.

A simple script to filter out "dots" for gmail accounts (append as you wish), to counter-act your script -> a "phishkiller" should focus on legitimate looking data, limited by the ISP anyways

#!/usr/bin/env python3

unique = []

with open("export.txt", "r") as file:
    emails = file.readlines()
    for mail in emails:
        mail = mail.strip()
        mail = mail.lower()
        if mail.endswith("@googlemail.com"):
            mail = mail.replace("@googlemail.com", "@gmail.com")
        if mail.endswith("@gmail.com"):
            mail = mail.replace("@gmail.com", "")
            mail = mail.replace(".", "")
            mail = mail.split("+")[0]
            mail = mail + "@gmail.com"
            if mail not in unique:
                unique.append(mail)

print(unique)

JanEickholt commented 6 days ago

Thats why first shuffling the email components. Plus its not entirely true, as I've personally used these permutations on various websites that provide a new customer bonus per email address.

shuffling the components is valid

leolion3 commented 5 days ago

@JanEickholt I changed the dots into email permutations, wanna take a look? :) @CybrZone other than that its ready for merge, code contains latest changes as well