hemingway is a simple and easy to use spear phishing helper.

hemingway is a tool was built to allow simpler campaigns of phishing. It does not try to resolve issues with SMTP relaying or reputation but rather to allow a penetration tester or red team member to create a phishing campaign with a ready made server for the phishing. We also assume that if you are dealing with anti-phishing components you have already mapped their rules.

hemingway banner

hemingway banner

Usage and download:

git clone https://github.com/ytisf/hemingway && cd hemingway

python2 hemingway.py v or h

For now, Hemingway will not get a configuration file from the user but will rather work with a template. The example.conf file in the confs is currently available for example. The configuration file, however, is not the only files required but also the sample_conf folder which we’ll cover in a minute.



port: 25

max_connections: 3



addresses_csv: sample_conf/addresses.csv

html_body: sample_conf/body.html

txt_body: sample_conf/body.txt

subject: What are you doing here?

attachments: sample_conf/body.html, sample_conf/body.txt

This file is pretty straight and forward. It will give Hemingway the information it needs for the phishing campaign. Which files to attach (separated by a ‘,’ which means as much files as you want), subject of the email and HTML and TXT body. Now let’s have a look at the addresses file sample_conf/addresses.csv:

Bill Gates <Bill.Gates@microsoft.com>;tisf@mailinator.com

Roger Waters <rogers@pfloyd.com>;tisf@mailinator.com

John Cleese <john.c@python.com>;tisf@mailinator.com

Douglas Adams <adams@hhgttu.org>;tisf@mailinator.com

Karl Marx <everyone@state.com>;tisf@mailinator.com

As you can see, not much to say here as well. On the left will be the addresses for the spoofed sender and on the right the addresses of the victims.



HTML When you are creating you HTML body please remember that each image you embed will later be attached to the body and chagned to a CID so the recipients’ email clients’ will be able to interpret those images. Keep the images in the body of the email for the regex to find and store the images at the same folder as the HTML body is at, aka sample_conf.

Source: https://github.com/ytisf

Source: Security List Network™ @ November 27, 2016 at 02:50AM