paced/killphish.py

## killphish.py
"""Feed random data to some host in an attempt to throw off phishers."""

# This attack is best carried out via a distributed network or several
# concurrent IP addresses. Use a VPN if available.

import urllib2, urllib
import json
import time
import random

# Modify payload and target.

cookie = "PHPSESSID=example"
host = "https://example.com"
userHeaders = {
  'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) ' + \
  'Gecko/20100101 Firefox/12.0',
  'Referrer':'https://google.com',
}

# The 'name' attribute as shown in the HTML, sent as key in HTTP POST request.

unameType = "username"
pwnameType = "password"

# Specify filenames for random username/password lists.

# For usernames:https://github.com/maryrosecook/commonusernames
# For passwords: https://wiki.skullsecurity.org/Passwords

userfile = "filename/here"
passfile = "filename/here"

# Then read them in as lists.

userlist = list()
passlist = list()

with open(userfile) as f:
  for i in f:
    userlist.append(i)

with open(passfile) as f:
  for i in f:
    passlist.append(i)

# Perform attack.

print(" -- Attack initialised, starting... --")

for i in range(100):
  # Fake "stealth" inputs by randomly staggering attacks.
  time.sleep(random.randint(1,20))

  # Create the payload and send it.
  fakeUser = random.choice(userlist).rstrip()
  fakePass = random.choice(passlist).rstrip()

  data = urllib.urlencode({unameType: fakeUser, pwnameType: fakePass})
  req = urllib2.Request(host, data, headers=userHeaders)
  req.add_header("Cookie", cookie)

  try:
    resp = urllib2.urlopen(req)
  except Execption as e:
    print("Failed, reason: " + e.message)

  print(" > Sent fake request with data '" + \
        str(fakeUser) + "': '" + str(fakePass) + "'.")

print(" -- Attack completed. --")
	"""Feed random data to some host in an attempt to throw off phishers."""

	# This attack is best carried out via a distributed network or several
	# concurrent IP addresses. Use a VPN if available.

	import urllib2, urllib
	import json
	import time
	import random

	# Modify payload and target.

	cookie = "PHPSESSID=example"
	host = "https://example.com"
	userHeaders = {
	'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) ' + \
	'Gecko/20100101 Firefox/12.0',
	'Referrer':'https://google.com',
	}

	# The 'name' attribute as shown in the HTML, sent as key in HTTP POST request.

	unameType = "username"
	pwnameType = "password"

	# Specify filenames for random username/password lists.

	# For usernames:https://github.com/maryrosecook/commonusernames
	# For passwords: https://wiki.skullsecurity.org/Passwords

	userfile = "filename/here"
	passfile = "filename/here"

	# Then read them in as lists.

	userlist = list()
	passlist = list()

	with open(userfile) as f:
	for i in f:
	userlist.append(i)

	with open(passfile) as f:
	for i in f:
	passlist.append(i)

	# Perform attack.

	print(" -- Attack initialised, starting... --")

	for i in range(100):
	# Fake "stealth" inputs by randomly staggering attacks.
	time.sleep(random.randint(1,20))

	# Create the payload and send it.
	fakeUser = random.choice(userlist).rstrip()
	fakePass = random.choice(passlist).rstrip()

	data = urllib.urlencode({unameType: fakeUser, pwnameType: fakePass})
	req = urllib2.Request(host, data, headers=userHeaders)
	req.add_header("Cookie", cookie)

	try:
	resp = urllib2.urlopen(req)
	except Execption as e:
	print("Failed, reason: " + e.message)

	print(" > Sent fake request with data '" + \
	str(fakeUser) + "': '" + str(fakePass) + "'.")

	print(" -- Attack completed. --")