Phishing-Frenzy – Ruby On Rails Phishing Framework

Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.The project was started in 2013 by the founder Brandon “zeknox" McCann. Brandon identified inefficiencies in the way that many penetration testers were conducting email phishing engagements. Wanting to make it easier to manage phishing campaigns Brandon started the "Phishing Frenzy" project.The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. This goal is obtainable through campaign management, template reuse, statistical generation, and other features the Frenzy has to offer.Documentation & InfoRelevant up to date documentation can be found on the official Phishing Frenzy website located belowPhishing Frenzy WebsiteDownload Phishing-Frenzy

Link: http://feedproxy.google.com/~r/PentestTools/~3/i_FghfR6ELM/phishing-frenzy-ruby-on-rails-phishing.html

WordPress Database Upgrade Phishing Campaign

We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this:
The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline. WordPress wouldn’t define deadlines without a valid explanation, and hosting providers wouldn’t either (if you believed the email was from them).
Continue reading WordPress Database Upgrade Phishing Campaign at Sucuri Blog.

Link: https://blog.sucuri.net/2018/09/wordpress-database-upgrade-phishing-campaign.html

BlackEye – The Most Complete Phishing Tool, With 32 Templates +1 Customizable

BLACKEYE is an upgrade from original ShellPhish Tool (https://github.com/thelinuxchoice/shellphish) by thelinuxchoice under GNU LICENSE. It is the most complete Phishing Tool, with 32 templates +1 customizable. WARNING: IT ONLY WORKS ON LAN! This tool was made for educational purposes!Phishing Pages generated by An0nUD4Y (https://github.com/An0nUD4Y):InstagramPhishing Pages generated by Social Fish tool (UndeadSec) (https://github.com/UndeadSec/SocialFish):Facebook, Google, SnapChat, Twitter, MicrosoftPhishing Pages generated by @suljot_gjoka (https://github.com/whiteeagle0/blackeye):PayPal, eBay, CryptoCurrency, Verizon, DropBox, Adobe ID, Shopify, Messenger, TwitchMyspace, Badoo, VK, Yandex, devianARTLegal disclaimer:Usage of BlackEye for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.Usage:git clone https://github.com/thelinuxchoice/blackeyecd blackeyebash blackeye.shDownload Blackeye

Link: http://feedproxy.google.com/~r/PentestTools/~3/MvvGRkMVEwY/blackeye-most-complete-phishing-tool.html

How to Improve Your Website Posture – Part I

Have you ever wondered if your website security posture is adequate enough?
The risk of having a website compromise is never going to be zero. However, as a webmaster, you can play an important role in minimizing the chances of a website hack. A good security posture entails how to understand the importance of securing a website and how to implement security measures.
Correcting a poor security posture means recognizing problems that you might not notice.
Continue reading How to Improve Your Website Posture – Part I at Sucuri Blog.

Link: http://feedproxy.google.com/~r/sucuri/blog/~3/Qdij2AuzyEg/how-to-improve-your-website-posture-access-control.html