<Python>PhishingDetection 搭建简易的企业内部钓鱼测试脚本
脚本简要说明
邮箱服务器环境已在测试服务器上搭好(10.12.0.9),sendmail + dovecot ,
伪造域名: pmrd.com
登录账户: sw1t0 123456
脚本的主体代码文件三个:phishingDetection.py sendMail.py downloadMail.py
主要的两个功能模块分别由后两个py文件实现:
sendMail.py 实现给登录smtp服务器给目标发送钓鱼邮件的功能。
downloadMail.py 实现登录IMAP服务器查看邮箱收件箱内是否有未读邮件(钓鱼邮件回信),如果有,在控制台打印输出邮件正文内容,并给回信用户发送一封警告邮件提醒他/她遭到了钓鱼攻击以提高警惕。由定时器实现循环监听(默认一分钟,可在代码文件里修改)
使用: python phishingDetection.py
直接运行phishingDetection.py脚本即可,解析存放员工邮箱列表的txt(需和脚本放在同一目录下),调用sendmail.py依次给每个邮箱发送钓鱼邮件,并同时以定时器调用了downloadMail.py在后台循环监听收件箱并执行相应功能。如果只查看收件箱那么单独运行downloadMail.py即可。
ps:
脚本在最后一次测试时没有异常问题,但是可能由于服务器上的用户权限等问题出现登录服务器失败等问题。如果出现请根据邮箱服务器日志解决:tail -f /var/log/maillog
phishingDetection.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
__author__ = "sw1t0"
import sendMail, downloadMail
import threading
if __name__ == '__main__':
user = 'sw1t0'
pwd = '123456'
fakeSender = "wangxunyi@pmrd.com"
subject = "密码泄漏安全警告"
message = "同学你好,公司数据库疑似泄漏。信息安全部正在全力核对排查,请将你的工号和姓名发给信息安全部做信息比对,直接回信即可。谢谢合作!" \
" 信息安全部 2016.5.31"
timer_downloadMail = threading.Timer(5, downloadMail.downloadMail_IMAP, [user, pwd])
timer_downloadMail.start()
emailList_file = open("mailbox_list.txt", 'r')
for line in emailList_file:
target_attack = line.strip()
sendMail.sendMail_attack(user, pwd, fakeSender, target_attack, subject, message)
sendMail.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
__author__ = "sw1t0"
import smtplib
from email.mime.text import MIMEText
from email.header import Header
def sendMail_attack(user, pwd, faker, target, subject, text):
msg = MIMEText(text,'plain', 'utf-8')
msg['From'] = faker #"securitytest@pwrd.com"
msg['To'] = target
msg['Subject'] = Header(subject, 'utf-8')
smtpSever = smtplib.SMTP('10.12.0.9', 25, timeout=120)
smtpSever.ehlo() # sendmail 认证方式的问题,必要要申明认证方式
smtpSever.esmtp_features["auth"] = "LOGIN PLAIN" # 否则抛出异常
smtpSever.login(user, pwd)
smtpSever.sendmail(faker, target, msg.as_string())
print "[+]{0} Attact Mail sent successfully.".format(target)
smtpSever.close()
def sendMail_warn(user, pwd, target):
text = "这是一个安全测试警告。你刚刚回复了一封钓鱼邮件,这是非常危险的行为。此类行为将有极大的可能泄漏你的个人私密信息和公司情况,并可能被一些恶意黑客加以利用" \
"成为攻击公司网络的有效手段。请提高安全防范意识,学会甄别钓鱼邮件和恶意链接,再次遇到此类询问个人及公司敏感信息的邮件做到不听不信不回复,以减少安全风险。\n" \
"蟹蟹o(∩_∩)o... by 信息安全部 sw1t0"
msg = MIMEText(text, 'plain', 'utf-8')
msg['From'] = user
msg['To'] = target
msg['Subject'] = Header("安全测试警告", 'utf-8')
smtpSever = smtplib.SMTP('10.12.0.9', 25, timeout=120)
#smtpSever.starttls()
smtpSever.ehlo() # sendmail 认证方式的问题,必要要申明认证方式
smtpSever.esmtp_features["auth"] = "LOGIN PLAIN" # 否则抛出异常
smtpSever.login(user, pwd)
smtpSever.sendmail(user+"@pmrd.com", target, msg.as_string())
print "[+]{0} Warn Mail sent successfully.\n".format(target)
if __name__ == '__main__':
user = 'sw1t0@pmrd.com'
pwd = '123456'
fakeSender = "wangxunyi@pmrd.com"
target = "wangxunyi@pwrd.com"
subject = "作业上交情况通知"
message = "这是一封内部的安全测试邮件,收到请忽略。"
sendMail_attack(user, pwd, fakeSender, target, subject, message)
downloadMail.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
__author__ = "sw1t0"
import imaplib, email
import sendMail
import threading
def downloadMail_IMAP(user, pwd):
mailServer = imaplib.IMAP4("10.12.0.9", 143)
mailServer.login(user, pwd)
mailServer.list() # 列出所有邮箱
Inbox_info = mailServer.select('Inbox') # 选择收件箱,包含邮件数量
status, count = mailServer.search(None, "UNSEEN") # UNSEEN 未读邮件
msgList = count[0].split()
try:
type, data = mailServer.fetch(msgList[len(msgList)-1], '(RFC822)') # 取出邮件 (没写循环,由主函数调用总是读取最新的未读邮件)
msg = email.message_from_string(data[0][1])
if msg != None:
target_warn = email.utils.parseaddr(msg.get("from"))[1] # 提取发信人地址
content = msg.get_payload(decode=True)
print "邮件内容:\n", content
if target_warn is not None:
sendMail.sendMail_warn(user, pwd, target_warn)
target_warn = None
#return target_warn
mailServer.close()
mailServer.logout()
#return target_warn
except IndexError:
print "无未读邮件"
pass
timer = threading.Timer(60, downloadMail_IMAP, [user, pwd]) # 定时器实现循环监听
timer.start()
if __name__ == '__main__':
username = "sw1t0"
password = "123456"
downloadMail_IMAP(username, password)
以这个为模版其实完全可以尝试开发出一个有WEB界面且功能丰富完善的钓鱼测试平台,然而自己能力有限,暂时还没有接触到python界面或者网站方向的开发,欢迎有兴趣的小伙伴和我交流讨论自己的见解或者思路。
© Sw1t0range | Powered by LOFTER