SPF – SpeedPhishing Framework

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises.The framework will not only allow you to send phishing emails but also to setup phishing domain.

Usually phishing attack will involve sending targeted email messages combined with social engineering technique as an example attacker claim that the target going to lose email access due to numerous unsuccessful login attempts. To remedy the situation, the victim must click on the link offered by the attackers and go through verification, otherwise the account will be deleted permanently.

SPF - SpeedPhishing Framework
SPF – SpeedPhishing Framework

There are many options with this framework as the ability to creation of phishing website on several servers and sending the phishing campaign to all the listed users found and generate a report with the finding.

You can find theHarvester module which will run OSINT search for a domain you select and will go over search engines to find email addresses. That beside several email templates ready for usage for the following technologies:

  • Cisco VPN
  • Citrix gateway
  • Domino server webmail
  • Juniper VPN Server
  • Webmail – Office 365
  • OWA Server

Most message will claim to be from the helpdesk and inviting victim to open the phishing link to submit the credentials “As part of improvements to company Internet security, we have rolled out an updated new webmail access server.\n\n[[TARGET]]\n\nPlease verify that you can access the site before this Friday.\n\nIT Support”

The link will lead to a web template that display the VPN gateway similar to the vendor.

You can read more and download this tool over here: https://github.com/tatanus/SPF

Notify of
Inline Feedbacks
View all comments