DeepSea Phishing Gear
DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on the inside of a perimeter.
Goals
- Operate with a minimal footprint deep inside enterprises (Internal phish delivery).
- Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-prem mail servers)
- Quickly re-target connectivity parameters.
- Flexibly add headers, targets, attachments
- Correctly format and inline email templates, images and multipart messages.
- Use content templates for personalization
- Account for various secure email communication parameters
- Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns.
- Help create content with minimal dependencies. Embedded tools to support Markdown->HTML->TXT workflow. |
45 config lines is all you need to consistently send a decent phish ...
Usage
Read more here
Build
cd ~/go/src/
export GOPATH=~/go
git clone https://github.com/dsnezhkov/deepsea
cd deepsea
export GO111MODULE=on
go get
go build -o deepsea main.goOperations
Setup campaigns workspace
mkdir -p campaigns/campaign1
cp conf/template.yaml campaigns/campaign1/campaign1.yaml
cd campaigns/campaign1Set Workspace tasks
- edit
campaign.yaml
See descriptions of directives in template
- edit marks.csv
ident,email,firstname,lastname
<dynamic>,[email protected],,
Load Marks
Note: Manual step (TBD for resolution):
-
Create DB file:
touch campain.db -
load marks from CSV (command like params shown, but could also be defined in the
yml)
../../deepsea --config campaign1.yaml storage -d ./campaign.db load -s ./marks.csv
Alternatively, split db management tasks:
- create DB
../../deepsea --config campaign1.yaml storage -d ./campaign.db manager -T createtable
Using config file: ./campaign1.yaml
2019/11/18 13:16:16 Task: createtable
2019/11/18 13:16:16 Creating Marks table- load marks from CSV
../../deepsea --config campaign1.yaml storage -d ./campaign.db load -s ./marks.csv
Using config file: ./campaign.yaml
2019/11/18 13:21:11 Dropping table Mark if exists
2019/11/18 13:21:11 Creating Marks table
2019/11/18 13:21:11 Pointing to mark table
2019/11/18 13:21:11 Removing existing rows if any
2019/11/18 13:21:11 Inserting a row
2019/11/18 13:21:11 Querying for result : find()
2019/11/18 13:21:11 Getting all results
2019/11/18 13:21:11 Printing Marks
vobi97v7, [email protected], , .- you can verify the marks are loaded
../../deepsea --config ./campaign.yaml storage -d ./campaign.db manager -T showmarks
Using config file: ./campaign.yaml
2019/11/18 13:22:17 Task: showmarks
2019/11/18 13:22:17 Querying for result : find()
-= Table: Marks =-
vobi97v7, [email protected], , .Create Content
Tow methods: templated and hand-rolled
Templated
-
Get a decent HTML template Ex:
wget https://raw.githubusercontent.com/leemunroe/responsive-html-email-template/master/email.html -
write content introduce key/value pairs from
yml'stemplate-data/dictonaryand interpolate in the template -
Inline CSS (if needed) when done with the template (.htpl)
../../deepsea mailclient --config ./campaign.yaml content inline
- Create a TXT verson from the HTML version (.ttpl)
../../deepsea mailclient --config ./campaign.yaml content multipartHand rolled. Tools
DeepSea provides tools to help roll yourt own html. Most likely you might want to:
- Cretate HTML snippets from Markdown for fast prototyping
- HTML to TEXT for seeing how HTML structure looks in terminal and multipart testing
- Inline CSS Styling for older clients
- Multipart messages
Example (MD2HTML):
../../deepsea mailclient --config ./campaign.yaml content md2html -M ./campaigns/campaign1.md -H ./campaigns/campaign1.html
#STDOUT
../../deepsea mailclient --config ./campaign.yaml content md2html -M ./campaigns/campaign1.md ../../deepsea mailclient --config ./campaign.yaml content html2text -K ./campaigns/campaign1.html -L ./campaigns/campaign1.txtMail Campaign
../../deepsea mailclient --config ./campaign.yaml
Using config file: ./campaign.yaml
SMTP Server : smtp.office365.com
SMTP Port : 587
SMTP User : [email protected]
SMTP TLS : yes
From: [email protected]
To: campaign.db
Subject: Subject.
Text Template: message.ttpl
HTML Template: message.htpl
-= SMTP Authentication Credentials for smtp.office365.com =-
Enter Password:
2019/11/18 18:14:18 Pointing to mark table
2019/11/18 18:14:18 Querying for result : find()
2019/11/18 18:14:18 Getting all results
2019/11/18 18:14:18 -= Marks =-
Emailing: [email protected] [id:vobi97v7] Note: We ask for password on the email provider account interactively for now.
Testing
If you need to run campaign to a test emails, you can reload test marks. For that, just recycle the data in the marks table like so:
../../deepsea --config ./campaign.yaml storage manager -T recycletable
Using config file: ./campaign.yaml
2019/11/18 18:39:17 Task: recycletable
2019/11/18 18:39:17 Dropping table Mark if exists
2019/11/18 18:39:17 Creating Marks table- edit
marks.csv - load test marks
../../deepsea --config ./campaign.yaml storage load