SeemsPhishy is a penetration testing toolkit for collecting data, extracting information and generating phishing emails, tailored to the target organization.
Through analyzing overt/public documents of an organization, certain keywords that pertain to that organization can be extracted. Subsequently, the ML-model generates a newsletter text on the basis of the extracted keywords. The main idea/assumption behind this approach is that a newsletter email containing certain keywords that pertain to the organization might not be as easily dismissed as a generic phishing email. The generated text aims to evoke interest and get the reader to click on "read more" which can be given a custom payload to track, for example, the number of clicks.
Start a Postgres database (with Docker)
docker container run -p 5432:5432 --name SeemsPhishyDB -e POSTGRES_PASSWORD=1234 postgres:12.2 Execute the init.sql and mockup.sql script to populate the database (found under src/SeemsPhishy/db).
Check if in line 23 in backend.py the right IP-address is used.
Install all python modules from requirements.txt (in the src folder).
Install the SeemsPhishy Module by executing the following:
python ./src/setup.py developInstall the english NLP model from Spacy:
python -m spacy download en_core_web_lgStarting the programming by executing the run.py script in ./src/SeemsPhishy/gui.
Attention. This docker stack needs a lot of resources. At least 16 GB of RAM is needed and the build time is very high due to many big python modules and models.
docker compose up --build --force-recreateor
docker compose upLastly visit localhost:5000 to access the Web-GUI
- Database
- Dataretrival
- GUI
- NLP
- NER
- Yake Keywords
- TF-IDF
- Text Generation
- E-Mail Newsletter
The developed and used text generation model can be found here: https://huggingface.co/Madhour/gpt2-eli5. For further information or reproduction, check out the used notebook.