Phishing tools
SingleFile
Extension that allow you to save an entire web page (JS, CSS, HTML, etc) in one single HTML page. Very useful to create clone pages.
Chrome Extension.
DNSTwist
To find a domain that looks like your target domain.
Browser based DNSTwist
Check for available domains that look like your target
GoPhish
Incredible platform to manage your phishing campaigns. However, does not give any statistics if a user download or execute a malware.
Domain purchase
Very easy to buy a domain and manage the DNS configurations.
Create HTML email
This tool is very useful to create a responsive email templates. You can export your work into an HTML file. The free tier is enough for most needs.
Sendgrid
Email delivery services. The free account allows you to send 100/email per day for free.
Expired Domains
Check for domains that have already gained a good reputation with the time.
MailHog
SMTP sever writter in Go for development purpose
Tips and tricks
Remove all external loaded content.
Modify the images by removing/adding pixels to change the signature.
Add to your phishing email any features that will make users think that others have performed the desired action. For example, add a counter, sold out products, etc.
Do not use Google Chrome for testing.
Avoid typo squatting in the domain name.
Never store your payload in the email.
Adapt your visual to your client. Makes it look legitimate and adapt the style to what they are used to see.
Last updated