[Owasp-alabama] Phishing Tool ideas and opinion

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Wed Jul 8 13:19:39 EDT 2009


Howdy all,

 

Just my two cents on this:  I don't think that releasing it is really
all that bad.  The crackers that we all work to stop probably already
have their own custom tools that do this.  Besides that, phishing should
be part of pen testing any way.  This is just another tool that the
security community could use to train and educate our end users as well
as aid in the security testing of a network.  I would love to see this
some time. 

 

Good luck with it.

 

Mike Conway, Security +, CEH

Dynetics, Inc.

www.dynetics.com

 

 

From: owasp-alabama-bounces at lists.owasp.org
[mailto:owasp-alabama-bounces at lists.owasp.org] On Behalf Of
owasp-alabama at lists.owasp.org
Sent: Wednesday, July 08, 2009 11:53 AM
To: owasp-alabama at lists.owasp.org
Subject: [Owasp-alabama] Phishing Tool ideas and opinion

 

Hey Guys,

 

I wanted to have a discussion with the list about the Lunker phishing
tool that was worked on last year.  Basically, it's a phishing framework
used to perform controlled phishing attacks.  It's written in PHP,
Python, MySQL.

 

Myself and Brad Causey did most of the development up to this point.
Anyway, I wanted to get the lists opinion on releasing the tool to the
public. We talked about it last year, and decided that the tool was too
powerful in the hands of the wrong people. But there more I think about
it, so it MetaSploit, BeEF, and most other security tools.

 

The way Lunker is currently configured it must use a valid SMTP account
to send emails, so it's not anonymous or anything. We also only include
a credential harvesting payload, and not advanced OS or Browser
exploits.

 

So my question is, how do you guys feel about releasing this tool from
the Alabama Chapter?

 

I have some more work to finish it up, but would setup SVN access for
anyone who wanted to contribute.

 

Joshua Perrymon, CEH, OPST, OPSA

CEO PacketFocus LLC

Josh at packetfocus.com

1.877.PKT.FOCUS

1.205.994.6573

www.packetfocus.com <http://www.packetfocus.com/> 

 

President Alabama OWASP Chapter www.owasp.org <http://www.owasp.org/> 

Selected for "Top 5 Coolest hacks of 2007" Dark Reading/ Forbes.com

www.linkedin.com/in/packetfocus

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-alabama/attachments/20090708/1cf80313/attachment.html 


More information about the Owasp-alabama mailing list