I Got Phished — by abuse.ch
"I Got Phished" is a project from abuse.ch that has the goal of collecting information regarding users that became victims of a phishing attack by entering their password on a phishing website.

Phishing Frenzy — by PentestGeek
Phishing Frenzy is a Linux-based application, with installation not to be handled by a rookie. Email Phishing in it's simplest form consists of three (3) primary components. Sending emails, hosting websites, and tracking analytics.

SecurityIQ PhishSim — by InfoSec Institute
Software-as-a-Service platform is available for free. Phishing campaign scheduling options and reports as well as an interactive education module.

LUCY Community
A social engineering platform that simulates phishing attacks with various scenarios and templates. It can be installed as a virtual appliance or with a script. The community version is free. OEM edition pdf

SimplePhish — by MicroSolved Inc.
Free for security teams to run their own phishing tests. The software can be installed on a Windows server or workstation.

Duo Insight — by Duo Security
Free phishing assessment tool that allows you to find vulnerable users and devices in minutes and start protecting them right away.

Ghost Phisher — by savio-code
Wireless and Ethernet security auditing and attack program. Python Qt GUI library, emulate access points and deploy various internal networking servers for networking, penetration testing and phishing attacks.

SpearPhisher — by TrsutedSec
Simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails.

The Social-Engineer Toolkit (SET) — by TrsutedSec
The Social-Engineer Toolkit (SET) was created and written by Dave Kennedy, the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. It has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, it is the standard for social-engineering penetration tests and supported heavily within the security community.

IsIt Phishing — by VadeSecure
Scan a url, brand name or subnet in format xx.xx.xx.xx/xx .

Netcraft Browser Extension — by Netcraft
The Netcraft anti-phishing browser extension provides comprehensive site information and phishing protection when browsing the web. Users can also use the extension to report URLs they believe to be malicious to Netcraft.

StreamingPhish — by Wes Connell
Python-basedutility uses supervised ML to detect phishing domains fr the Certificate Transparency log network. The firehose of domain names & SSL certificates are made available thanks to the certstream network (certstream,calidog,io).

Social Media Phishing Test (SPT) — by KnowBe4
Complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks.

King Phisher — by Secure State
Test and promote user awareness by simulating real world phishing attacks. Flexible architecture allowing full control over both emails and server content. Run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

Open-Source Phishing Framework — by Gophish
Powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.

Open DNS — via Cisco
Filter malicious and adult traffic. Simple but effective security control at home or the office.

Immunet — via Cisco
Leveraging threat intelligence gathered automatically from infections caught by other deployed Immunet clients.

Tarpitting
Network security and optimization process through which network administrators (NA) intentionally slow down the propagation of mass emails by restricting and demotivating spammers from sending bulk messages. This process is derived from a server, Teergrube ("tar pit" in German), which prevents spammers from using/connecting to a server by deliberately granting access to all new requesting users or machines.

Integrated Threat Management (ITM)
Security approach that consolidates different security components into a single platform or application for an enterprise IT architecture. ITM evolved as a response to increasingly complex and frequent malicious attacks by hackers and others intent on damaging systems.

Malware Analysis — by Microsoft
Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been incorrectly classified as malware.

Microsoft Safety Scanner - by Microsoft
Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.

Block Lists — by Malware Patrol
Malware Patrol provides block lists compatible with SpamAssassin. Configure your SpamAssassin to filter malicious URLs and protect your network, computers, and users from getting infected.

ApBleed — by Vanhoefm
Proof-Of-Concept to test heartbleed against wireless networks which use enterprise authentication. Generally this means a RADIUS server is used as a backend, which uses OpenSSL. Essentially, you can directly talk to a RADIUS server before authenticating. Hence you can also test for heartbleed before authenticating to the network.

Phishing Tools

© 2020 . phishy website