mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [master] one page modified
This commit is contained in:
parent
8f2685c12a
commit
15302c949d
1 changed files with 18 additions and 10 deletions
|
@ -3,17 +3,17 @@
|
|||
## Methodology
|
||||
|
||||
1. Recon the victim
|
||||
1. Select the victim domain.
|
||||
2. Preform some basic web enumeration searching for login portals used by the victim and decide which one you will impersonate.
|
||||
3. Use some OSINT to find emails.
|
||||
1. Select the **victim domain**.
|
||||
2. Perform some basic web enumeration **searching for login portals** used by the victim and **decide** which one you will **impersonate**.
|
||||
3. Use some **OSINT** to **find emails**.
|
||||
2. Prepare the environment
|
||||
1. Buy the domain you are going to use for the phishing assessment
|
||||
2. Configure the email service related records \(SPF, DMARC, DKIM, rDNS\)
|
||||
3. Configure the VPS with gophish
|
||||
3. Prepare the templates
|
||||
1. Prepare the email template to redirect to the malicious web page
|
||||
2. Prepare the web page to steal the credentials
|
||||
4. Launch the attack!
|
||||
1. **Buy the domain** you are going to use for the phishing assessment
|
||||
2. **Configure the email service** related records \(SPF, DMARC, DKIM, rDNS\)
|
||||
3. Configure the VPS with **gophish**
|
||||
3. Prepare the campaign
|
||||
1. Prepare the **email template**
|
||||
2. Prepare the **web page** to steal the credentials
|
||||
4. Launch the campaign!
|
||||
|
||||
## Generate similar domain names
|
||||
|
||||
|
@ -44,6 +44,14 @@
|
|||
* [https://dnstwister.report/](https://dnstwister.report/)
|
||||
* [https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/](https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/)
|
||||
|
||||
## Discovering Emails
|
||||
|
||||
* [https://github.com/laramies/theHarvester](https://github.com/laramies/theHarvester) \(100% free\)
|
||||
* [https://phonebook.cz/](https://phonebook.cz/) \(100% free\)
|
||||
* [https://maildb.io/](https://maildb.io/)
|
||||
* [https://hunter.io/](https://hunter.io/)
|
||||
* [https://anymailfinder.com/](https://anymailfinder.com/)
|
||||
|
||||
## Configuring GoPhish
|
||||
|
||||
### Installation
|
||||
|
|
Loading…
Reference in a new issue