As mentioned in an earlier post, I decided to write my own site cloner tool for use in my phishing exercise/engagements. I needed a tool that would complete (or as close as I could get) clone any given site and then update any forms with links to a data collection script that I specify.
The current version of the "Site Cloner" tool is hosted on GitHub at https://github.com/tatanus/PHISHING/blob/master/SCRIPTS/clonesite.py
In order to run the script, simply execute:
python clonesite.py <URL> <outdirectory> (optional <form action>)An example would be:
where:
<URL> = the full URL of the page to be cloned
<outdirectory> = where do you want the files to be saved to
<form action> = the script to execute when someone submits a form
python clonesite.py "http://www.safelogin.co" "safelogin" log.phpThis command line would execute "clonesite.py" on the URL "http://www.safelogin.co", save all files into the directory located at "./safelogin" and finally rewrite all forms to submit to a script called "log.php". Someone will have to create that script (log.php) later and stored in the same directory.
When the script is run, you will see verbose output similar to the following:
In this output you can see each page, link, file, and form that the script identifies and what it does with it. Some files (binary formats such as images) are simply downloaded, where as html documents will be processed for additional links and forms. Anytime a form is encountered, the "form tag" is rewritten.
FOUND A FORM [<form class="form-horizontal" action="/create.php" method="GET">]
REWROTE FORM TO BE [<form method="get" action="log.php" class="form-horizontal">]
As is shown in the above example, the form action was changed from being "/create.php" to being "log.php". By doing this automatically, it saves time and effort by not requiring the user to go back, find, and edit all of the forms them selves.
Below is an example of what "log.php" could look like:
I hope this script is of use to you. As always, if you have any comments/criticisms,etc, please leave a comment below.
No comments:
Post a Comment