Skip to main content Phishing EMail Social Engineering Tool

Social Engineering is defined as the process of inducing people into giving away access or confidential information. From a security consultant point of view this topic is not new and there are many tools which can be used against the target. - Phishing EMAIL. The main purpose of this tool is to prove who clicked on the phishing email without attempting to exploit the web browser but collecting as much information as possible. For this reason it will be 100% undetectable by any antivirus and it will obtain sufficient data to have an initial proof of concept for the client.
Steps to use
  1. Find corporate email addresses: Phemail has an option for harvesting corporate email addresses and save them to a file. leverages Google to search for LinkedIn specific corporate e-mail targets.
  2. Create a phishing email template: You get to create your own custom phishing templates. Do not forget to add the string “{0}” in each URL as the script will replace this string with the correct URL automatically.
  3. Host/upload a single PHP file: This file contains JavaScript code which attempts to collect web browser information and save it in a log file in /tmp directory.
  4. Run the php file as shown in the following example: # -e test-emails.txt -f "Tax report " -r "Tax Report " -s "Important information about your tax" -b body.txt -w