Initial release (Closes: 3703)
Sophie Brun
7 years ago
| 0 | phishery for Debian | |
| 1 | ------------------ | |
| 2 | ||
| 3 | <this file describes information about the source package, see Debian policy | |
| 4 | manual section 4.14. You WILL either need to modify or delete this file> | |
| 5 | ||
| 6 | ||
| 7 | ||
| 8 | -- Sophie Brun <[email protected]> Fri, 12 May 2017 15:23:49 +0200 | |
| 9 |
| 0 | phishery (1.0.2-0kali1) kali-dev; urgency=medium | |
| 1 | ||
| 2 | * Initial release (Closes: 3703) | |
| 3 | ||
| 4 | -- Sophie Brun <[email protected]> Fri, 12 May 2017 15:23:49 +0200 |
| 0 | 10 |
| 0 | Source: phishery | |
| 1 | Section: misc | |
| 2 | Priority: extra | |
| 3 | Maintainer: Sophie Brun <[email protected]> | |
| 4 | Build-Depends: debhelper (>= 10), | |
| 5 | dh-golang, | |
| 6 | golang-any, | |
| 7 | golang-github-fatih-color-dev | |
| 8 | Standards-Version: 3.9.8 | |
| 9 | Homepage: https://github.com/ryhanson/phishery | |
| 10 | Vcs-Browser: http://git.kali.org/gitweb/?p=packages/phishery.git;a=summary | |
| 11 | Vcs-Git: git://git.kali.org/packages/phishery.git | |
| 12 | XS-Go-Import-Path: github.com/ryhanson/phishery | |
| 13 | Testsuite: autopkgtest | |
| 14 | ||
| 15 | Package: phishery | |
| 16 | Architecture: any | |
| 17 | Built-Using: ${misc:Built-Using} | |
| 18 | Depends: ${shlibs:Depends}, | |
| 19 | ${misc:Depends} | |
| 20 | Description: Basic Auth Credential Harvester with Word Doc Template Injector | |
| 21 | This package contains a Simple SSL Enabled HTTP server with the primary | |
| 22 | purpose of phishing credentials via Basic Authentication. | |
| 23 | The power of phishery is best demonstrated by setting a Word document's | |
| 24 | template to a phishery URL. This causes Microsoft Word to make a request to | |
| 25 | the URL, resulting in an Authentication Dialog being shown to the end-user. The | |
| 26 | ability to inject any .docx file with a URL is possible using phishery's | |
| 27 | -i [in docx], -o [out docx], and -u [url] options. |
| 0 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ | |
| 1 | Upstream-Name: phishery | |
| 2 | Source: https://github.com/ryhanson/phishery | |
| 3 | ||
| 4 | Files: * | |
| 5 | Copyright: 2016 Ryan Hanson | |
| 6 | License: Expat | |
| 7 | ||
| 8 | Files: archivex/* | |
| 9 | Copyright: 2014, Jhonathan Paulo Banczek | |
| 10 | License: BSD-3-clause | |
| 11 | All rights reserved. | |
| 12 | . | |
| 13 | Redistribution and use in source and binary forms, with or without | |
| 14 | modification, are permitted provided that the following conditions are met: | |
| 15 | . | |
| 16 | * Redistributions of source code must retain the above copyright notice, this | |
| 17 | list of conditions and the following disclaimer. | |
| 18 | . | |
| 19 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 20 | this list of conditions and the following disclaimer in the documentation | |
| 21 | and/or other materials provided with the distribution. | |
| 22 | . | |
| 23 | * Neither the name of archivex nor the names of its | |
| 24 | contributors may be used to endorse or promote products derived from | |
| 25 | this software without specific prior written permission. | |
| 26 | . | |
| 27 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 28 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 29 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 30 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 31 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 32 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 33 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 34 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 35 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 36 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 37 | ||
| 38 | Files: debian/* | |
| 39 | Copyright: 2017 Sophie Brun <[email protected]> | |
| 40 | License: Expat | |
| 41 | ||
| 42 | License: Expat | |
| 43 | Permission is hereby granted, free of charge, to any person obtaining a | |
| 44 | copy of this software and associated documentation files (the "Software"), | |
| 45 | to deal in the Software without restriction, including without limitation | |
| 46 | the rights to use, copy, modify, merge, publish, distribute, sublicense, | |
| 47 | and/or sell copies of the Software, and to permit persons to whom the | |
| 48 | Software is furnished to do so, subject to the following conditions: | |
| 49 | . | |
| 50 | The above copyright notice and this permission notice shall be included in | |
| 51 | all copies or substantial portions of the Software. | |
| 52 | . | |
| 53 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| 54 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| 55 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
| 56 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| 57 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | |
| 58 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER | |
| 59 | DEALINGS IN THE SOFTWARE. |
| 0 | Description: Change the paths to default config files | |
| 1 | In Kali the config files are installed in /etc/phishery/ and not | |
| 2 | directly in the same directory than the binary which is installed in | |
| 3 | /usr/bin/ | |
| 4 | Change the default paths to point to /etc/phishery | |
| 5 | Author: Sophie Brun <[email protected]> | |
| 6 | Last-Update: 2017-05-15 | |
| 7 | --- | |
| 8 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ | |
| 9 | --- a/main.go | |
| 10 | +++ b/main.go | |
| 11 | @@ -27,8 +27,8 @@ const usage = | |
| 12 | Options: | |
| 13 | -h, --help Show usage and exit. | |
| 14 | -v Show version and exit. | |
| 15 | - -s The JSON settings file used to setup the server. [default: "settings.json"] | |
| 16 | - -c The JSON file to store harvested credentials. [default: "credentials.json"] | |
| 17 | + -s The JSON settings file used to setup the server. [default: "/etc/phishery/settings.json"] | |
| 18 | + -c The JSON file to store harvested credentials. [default: "/etc/phishery/credentials.json"] | |
| 19 | -u The phishery URL to use as the Word document template. | |
| 20 | -i The Word .docx file to inject with a template URL. | |
| 21 | -o The new Word .docx file with the injected template URL. | |
| 22 | @@ -39,8 +39,8 @@ var neat = neatprint.NewNeatPrint() | |
| 23 | func main() { | |
| 24 | var ( | |
| 25 | flVersion = flag.Bool("v", false, "") | |
| 26 | - flSettings = flag.String("s", "settings.json", "") | |
| 27 | - flCredentials = flag.String("c", "credentials.json", "") | |
| 28 | + flSettings = flag.String("s", "/etc/phishery/settings.json", "") | |
| 29 | + flCredentials = flag.String("c", "/etc/phishery/credentials.json", "") | |
| 30 | flUrl = flag.String("u", "", "") | |
| 31 | flDocx = flag.String("i", "", "") | |
| 32 | flBadocx = flag.String("o", "", "") | |
| 33 | @@ -103,4 +103,4 @@ func createBadocx(url string, in string, | |
| 34 | ||
| 35 | neat.Info("Injected Word document has been saved!") | |
| 36 | os.Exit(0) | |
| 37 | -} | |
| 38 | \ No newline at end of file | |
| 39 | +} | |
| 40 | --- a/settings.json | |
| 41 | +++ b/settings.json | |
| 42 | @@ -1,12 +1,12 @@ | |
| 43 | { | |
| 44 | "ip": "0.0.0.0", | |
| 45 | "port": "443", | |
| 46 | - "sslCert": "server.crt", | |
| 47 | - "sslKey": "server.key", | |
| 48 | + "sslCert": "/etc/phishery/server.crt", | |
| 49 | + "sslKey": "/etc/phishery/server.key", | |
| 50 | "basicRealm": "Secure Document Gateway", | |
| 51 | "responseStatus": 200, | |
| 52 | - "responseFile": "template.dotx", | |
| 53 | + "responseFile": "/etc/phishery/template.dotx", | |
| 54 | "responseHeaders": [ | |
| 55 | ["Content-Type", "application/vnd.openxmlformats-officedocument.wordprocessingml.template"] | |
| 56 | ] | |
| 57 | -} | |
| 58 | \ No newline at end of file | |
| 59 | +} | |
| 60 | --- a/README.md | |
| 61 | +++ b/README.md | |
| 62 | @@ -37,8 +37,8 @@ $ phishery --help | |
| 63 | Options: | |
| 64 | -h, --help Show usage and exit. | |
| 65 | -v Show version and exit. | |
| 66 | - -s The JSON settings file used to setup the server. [default: "settings.json"] | |
| 67 | - -c The JSON file to store harvested credentials. [default: "credentials.json"] | |
| 68 | + -s The JSON settings file used to setup the server. [default: "/etc/phishery/settings.json"] | |
| 69 | + -c The JSON file to store harvested credentials. [default: "/etc/phishery/credentials.json"] | |
| 70 | -u The phishery URL to use as the Word document template. | |
| 71 | -i The Word .docx file to inject with a template URL. | |
| 72 | -o The new Word .docx file with the injected template URL. | |
| 73 | @@ -51,11 +51,11 @@ Modify the provided settings.json file a | |
| 74 | { | |
| 75 | "ip": "0.0.0.0", | |
| 76 | "port": "443", | |
| 77 | - "sslCert": "server.crt", | |
| 78 | - "sslKey": "server.key", | |
| 79 | + "sslCert": "/etc/phishery/server.crt", | |
| 80 | + "sslKey": "/etc/phishery/server.key", | |
| 81 | "basicRealm": "Secure Document Gateway", | |
| 82 | "responseStatus": 200, | |
| 83 | - "responseFile": "template.dotx", | |
| 84 | + "responseFile": "/etc/phishery/template.dotx", | |
| 85 | "responseHeaders": [ | |
| 86 | ["Content-Type", "application/vnd.openxmlformats-officedocument.wordprocessingml.template"] | |
| 87 | ] | |
| 88 | @@ -125,4 +125,4 @@ $ ./phishery | |
| 89 | [HTTP] IP Address : 127.0.0.1 | |
| 90 | [AUTH] Username : john.doe | |
| 91 | [AUTH] Password : Summer15 | |
| 92 | -``` | |
| 93 | \ No newline at end of file | |
| 94 | +``` |
| 0 | Description: Fix spelling error | |
| 1 | Author: Sophie Brun <[email protected]> | |
| 2 | Last-Update: 2017-05-15 | |
| 3 | --- | |
| 4 | This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ | |
| 5 | --- a/phish/phishery.go | |
| 6 | +++ b/phish/phishery.go | |
| 7 | @@ -24,7 +24,7 @@ func StartPhishery(settingsFile string, | |
| 8 | settings := loadSettings(settingsFile) | |
| 9 | credStore, err := jstore.NewStore(credsFile) | |
| 10 | if err != nil { | |
| 11 | - return errors.New("Error initiliazing credential store: " + err.Error()) | |
| 12 | + return errors.New("Error initializing credential store: " + err.Error()) | |
| 13 | } | |
| 14 | neat.Event("Credential store initialized at: %s", credsFile) | |
| 15 | ||
| 16 | @@ -145,4 +145,4 @@ func printAuth(auth AuthInfo) { | |
| 17 | neat.Data("HTTP", "IP Address", auth.IPAddress) | |
| 18 | neat.Data("AUTH", "Username", auth.Username) | |
| 19 | neat.Data("AUTH", "Password", auth.Password) | |
| 20 | -} | |
| 21 | \ No newline at end of file | |
| 22 | +} |
| 0 | README.md |
| 0 | credentials.json server.crt server.key settings.json template.dotx etc/phishery |
| 0 | 3.0 (quilt) |
| 0 | Test-Command: phishery -v |