hemingway is a tool was built to allow simpler campaigns of phishing. It does not try to resolve issues with SMTP relaying or reputation but rather to allow a penetration tester or red team member to create a phishing campaign with a ready made server for the phishing. We also assume that if you are dealing with anti-phishing components you have already mapped their rules.
Usage and download:
git clone https://github.com/ytisf/hemingway && cd hemingway
python2 hemingway.py –v or –h
For now, Hemingway will not get a configuration file from the user but will rather work with a template. The example.conf file in the confs is currently available for example. The configuration file, however, is not the only files required but also the sample_conf folder which we’ll cover in a minute.
subject: What are you doing here?
attachments: sample_conf/body.html, sample_conf/body.txt
This file is pretty straight and forward. It will give Hemingway the information it needs for the phishing campaign. Which files to attach (separated by a ‘,’ which means as much files as you want), subject of the email and HTML and TXT body. Now let’s have a look at the addresses file sample_conf/addresses.csv:
Bill Gates <Bill.Gates@microsoft.com>;firstname.lastname@example.org
Roger Waters <rogers@p–floyd.com>;email@example.com
John Cleese <firstname.lastname@example.org>;email@example.com
Douglas Adams <firstname.lastname@example.org>;email@example.com
Karl Marx <firstname.lastname@example.org>;email@example.com
As you can see, not much to say here as well. On the left will be the addresses for the spoofed sender and on the right the addresses of the victims.
HTML When you are creating you HTML body please remember that each image you embed will later be attached to the body and chagned to a CID so the recipients’ email clients’ will be able to interpret those images. Keep the images in the body of the email for the regex to find and store the images at the same folder as the HTML body is at, aka sample_conf.
Source: Security List Network™ @ November 27, 2016 at 02:50AM