/phishget.rb
Last active May 11, 2020
See https://lolware.net/2019/05/12/abusing-safebrowse.html for information
| #!/usr/bin/env ruby | |
| require 'httparty' | |
| FILELIST = [ | |
| '/dropbox.zip', | |
| '/robots.txt', # Not from the original list - this serves as a sanity check as it usually exists | |
| '/css/business-frontpage.css', | |
| '/newphase.zip', | |
| '/Doc.zip', | |
| '/wp-content.zip', | |
| '/auth.zip', | |
| '/Pdf.zip', | |
| '/secure-dropbox.zip', | |
| '/dropbox2016.zip', | |
| '/yahoo%202.txt', | |
| '/adobe.zip', | |
| '/mn.zip', | |
| '/Dropbox.zip', | |
| '/x.txt', | |
| '/dhl.zip', | |
| '/accepted_visitors.txt', | |
| '/GoogleDoc.zip', | |
| '/USAA2014.zip', | |
| '/docs.zip', | |
| '/8-login-form.zip', | |
| '/sent.zip', | |
| '/new2015.zip', | |
| '/Adobe.zip', | |
| '/G550.zip', | |
| '/info.txt', | |
| '/secured-view%20(2).zip', | |
| '/box.zip', | |
| '/rof.txt', | |
| '/webmail.zip', | |
| '/laXa1a1.txt', | |
| '/Drop.zip', | |
| '/page.zip', | |
| '/log.txt', | |
| '/adobelatest.zip', | |
| '/WellsLINK.zip', | |
| '/apple.zip', | |
| '/china.zip', | |
| '/License_linux.txt', | |
| '/new.zip', | |
| '/newp.zip', | |
| '/b1.txt', | |
| '/paypal.zip', | |
| '/ipad.zip', | |
| '/gmail.zip', | |
| '/Dropfile.zip', | |
| '/FE4Nt3a.zip', | |
| '/Arch.zip', | |
| '/IRS.zip', | |
| '/review.zip', | |
| '/yh.txt', | |
| '/eogpr.zip', | |
| '/dbfile.zip', | |
| '/1.txt', | |
| '/account.zip', | |
| '/godaddy.zip', | |
| '/PDF%20-01.zip', | |
| '/share.zip', | |
| '/secure.zip', | |
| '/login.alibaba.com.zip', | |
| '/Documentos.file.html.zip', | |
| '/pi9sI3ca6.zip', | |
| '/Gdoc.zip', | |
| '/as.txt', | |
| '/mam.txt', | |
| '/action.zip', | |
| '/office365.zip', | |
| '/la4BA0Re3L.zip', | |
| '/aol..txt', | |
| '/usaa.zip', | |
| '/MailVerification.zip', | |
| '/app.zip', | |
| '/pageo.zip', | |
| '/web1.zip', | |
| '/chq.zip', | |
| '/drop.zip', | |
| '/GOOGLENEWW.zip', | |
| '/admin.zip', | |
| '/nD.zip', | |
| '/Counter.zip', | |
| '/css.zip', | |
| '/survey.zip', | |
| '/CO9La3.zip', | |
| '/file.zip', | |
| '/ali.txt', | |
| '/logs.zip', | |
| '/account-liemted.info.zip', | |
| '/db.zip', | |
| '/zonalzone.zip', | |
| '/files.zip', | |
| '/adobeCom.zip', | |
| '/revalidate.zip', | |
| '/PDF.zip', | |
| '/google.zip', | |
| '/verify.zip', | |
| '/l0gz.txt', | |
| '/match2.zip', | |
| '/ww.zip', | |
| '/mobile.free.fr.zip', | |
| '/bmg.zip', | |
| '/Goldencat.zip', | |
| '/fA3NT3A.zip', | |
| '/Alibaba.com.zip', | |
| '/drive.zip', | |
| '/melog-india.txt', | |
| '/doc.zip', | |
| '/pagedoc.zip', | |
| '/art.zip', | |
| '/Google.zip', | |
| '/GD1.zip', | |
| '/googledoc.zip', | |
| '/wells.zip', | |
| '/New.zip', | |
| '/IR.zip', | |
| '/newhotmail.zip', | |
| '/gduc.zip', | |
| '/lnnn.zip', | |
| '/netflix.zip', | |
| '/example.zip', | |
| '/christianmingle.zip', | |
| '/payment.zip', | |
| '/2015.zip', | |
| '/googledrive.zip', | |
| '/Ameli.zip', | |
| '/update.zip', | |
| '/mgsnew..zip', | |
| '/note.txt', | |
| '/man.txt', | |
| '/hotmail.zip', | |
| '/login.zip', | |
| '/b4.txt', | |
| '/znD.zip', | |
| '/domain.zip', | |
| '/wellsfargo.zip', | |
| '/030317_akt.zip', | |
| '/newpage.zip', | |
| '/cnm.zip', | |
| '/irs.zip', | |
| '/Yahoo.zip', | |
| '/TT.zip', | |
| '/dp.zip', | |
| '/googledocs.zip', | |
| '/http.zip', | |
| '/ourtime.zip', | |
| '/m2u.zip', | |
| '/href.zip', | |
| '/Verify_now.zip', | |
| '/AOL.zip', | |
| '/changes.txt', | |
| '/1.zip', | |
| '/ipic.zip', | |
| '/remax.zip', | |
| '/kma.zip', | |
| '/Zone1.zip', | |
| '/2014gdocs.zip', | |
| '/msn.zip', | |
| '/users.txt', | |
| '/office.zip', | |
| '/g-doc-secure.zip', | |
| '/pdf.zip', | |
| '/rhb.com.my.zip', | |
| '/mgs.zip', | |
| '/ca7nA4la2.zip', | |
| '/Goldbook.zip', | |
| '/u1.zip', | |
| '/document.zip', | |
| '/m.zip', | |
| '/base.zip', | |
| '/docss.zip', | |
| '/bookmark.zip', | |
| '/Account.zip', | |
| '/Full.txt', | |
| '/cap1-360.zip', | |
| '/mint.zip', | |
| '/yahoo.zip', | |
| '/GD.zip', | |
| '/error_log.txt', | |
| '/host.zip', | |
| '/BDBB.zip', | |
| '/newdocxb.zip', | |
| '/License_windows.txt', | |
| '/Ed.zip', | |
| '/chm.zip', | |
| '/www.zip', | |
| '/upgrade.zip', | |
| '/ayo1.zip', | |
| '/wp-admin.zip', | |
| '/godaddyac.zip', | |
| '/ID.txt', | |
| '/drpbox.zip', | |
| '/dpbx.zip', | |
| '/web.zip', | |
| '/confirmation.zip', | |
| '/AmEx.zip', | |
| '/excel.zip', | |
| '/Login.zip', | |
| '/DHL.zip', | |
| '/logs.txt', | |
| '/gdocc.zip', | |
| '/Aol.txt', | |
| '/view.zip', | |
| '/ipaad.zip', | |
| '/Contact%20Logs.txt', | |
| '/succes.txt', | |
| '/cO9nI8C.zip', | |
| '/30horasdigitalmodulodesegurancafeitoparavoce.zip', | |
| '/agreement_docs2.zip', | |
| '/vu.txt', | |
| '/credits.txt', | |
| '/c6.zip', | |
| '/aol.zip', | |
| '/docx.zip', | |
| '/home.zip', | |
| '/onedrive.zip', | |
| '/STD.zip', | |
| '/gdoc.zip', | |
| '/drive.ggle.com.zip' | |
| ].freeze | |
| if ARGV.length != 1 | |
| puts "Usage: phishget.rb https://website.com" | |
| exit | |
| end | |
| address = ARGV[0] | |
| FILELIST.each do |u| | |
| response = HTTParty.get("#{address}#{u}") | |
| puts "Interesting URL found: #{u}" if response.code == 200 | |
| end | |
| puts "Successfully scanned #{FILELIST.length} URLs" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment