Weeman - http server for phishing

Changes to Original

• User Agent header parsing
• Automatic searchsploit against browser and OS
• Flash detection for IE
• JS folder contains client side extension
• Example redirect with image for internal pen testing

About

HTTP server for phishing in python. (and framework) Usually you will want to run Weeman with DNS spoof attack. (see dsniff, ettercap).

Weeman will do the following steps:

1. Create fake html page.
2. Wait for clients
3. Grab the data (POST).
4. Try to login the client to the original page 😃

The framework

You can use weeman with modules see examples in modules/, just run the command framework to access the framework.

Write a module for the framework

If you want to write a module please read the modules/. Soon I will write docs for the API.

Profiles

You can load profiles in weeman, for example profile for mobile site and profile for desktop site.

./weeman.py -p mobile.localhost.profile

Requirements

• Python <= 2.7.

Platforms

• Linux (any)
• Mac (Tested)
• Windows (Not supported)

Contributing

Contributions are very welcome!

1. fork the repository
2. clone the repo (git clone git@github.com:USERNAME/weeman.git)
3. make your changes
4. Add yourself in contributors.txt
5. push the repository
6. make a pull request

Thank you - and happy contributing!

DISCLAIMER

Usage of Weeman for attacking targets without prior mutual consent is illegal. Weeman developer not responsible to any damage caused by Weeman.

Copying

Copyright 2015 (C) Hypsurus hypsurus@mail.ru

License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html.

Beautifulsoup 4 library by Leonard Richardson under the MIT license.