5 Repos
Integrated toolsets for designing and executing deceptive attacks to harvest user data.
Distinguishing note: No candidate covers a comprehensive framework for social engineering; others are either scrapers or narrow defenses.
Explore 5 awesome GitHub repositories matching security & cryptography · Social Engineering Frameworks. Refine with filters or upvote what's useful.
CamPhish is a social engineering framework and phishing tool designed to capture webcam photos and GPS coordinates from remote devices. It uses web interfaces to request browser permissions, allowing it to retrieve device media and geographic location data. The project includes a local server tunneling tool that creates public internet links, making hosted phishing pages accessible to remote users. It also features a GPS location tracker that retrieves latitude and longitude coordinates and displays them on maps. The system manages the exfiltration of captured data to a backend server, where
Provides a complete framework for deceiving users into disclosing media and location data.
Dieses Projekt ist ein Toolkit für offensive Sicherheit und ein Entwicklungs-Framework für die Erstellung von speichersicherer Malware, Netzwerk-Scannern und Payload-Generatoren. Es bietet einen strukturierten Ansatz zur Entwicklung von Exploits, Shellcode und Remote-Access-Tools. Das Framework zeichnet sich durch die Verwendung von Umgebungen ohne Standardbibliothek aus, um minimalen, eigenständigen Maschinencode und Shellcode zu generieren. Es unterstützt zudem die Kompilierung von Hochleistungslogik in WebAssembly für die Erstellung täuschend echter Web-Interfaces, die im Social Engineering eingesetzt werden. Die Funktionsbereiche umfassen automatisierte Schwachstellensuche mittels Fuzzing, Multi-Threaded- und asynchrone Netzwerk-Oberflächenkartierung sowie die Entwicklung von sich selbst verbreitenden Würmern. Das Toolkit enthält zudem Implementierungen für Ende-zu-Ende-verschlüsselte Kommunikationskanäle zur Sicherung des Datenverkehrs zwischen Remote-Implants und Command-Servern sowie plattformübergreifende Binärkompilierung für verschiedene Betriebssysteme.
Provides a toolset for designing deceptive web pages to harvest user data through social engineering.
Nexphisher is a command-line security utility and social engineering simulation framework designed for capturing credentials during authorized security audits. It functions as a tool for credential harvesting and penetration testing to evaluate organizational resilience against phishing attacks. The system orchestrates the deployment of realistic login pages and integrates network tunneling to expose local web servers to the public internet. This allows for remote security testing and the execution of controlled social engineering simulations. The framework provides capabilities for template
Provides an integrated toolset for designing and executing social engineering simulations to harvest user data.
AntiZhaPian is a social engineering framework and fraud simulation application. It generates fake security center dashboards and anti-fraud interfaces designed to deceive users into believing that official security software is installed. The project functions as a simulation tool that mimics the visual appearance and behavior of anti-fraud applications. It uses template-based rendering and state-driven UI simulation to create synthetic dashboards with dynamic dates and fake status indicators. The application includes a user profile management interface for viewing and updating personal accou
Provides a comprehensive framework for creating deceptive interfaces and simulating security software to mislead users.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Impersonates legitimate workflows by creating issues and comments to deliver payloads through social engineering.