Tuesday, June 5, 2012

Ghos-Phisher GUI suite for phishing and penetration attacks

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attack.

Ghost Phisher

New Version 1.4 

Ghost Phisher 1.4 includes the following new features
1. Inbuilt High speed RFC 2131 compliant DHCP Server

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

root@host:~# dpkg -i ghost-phisher_1.3_all.deb
Icons and Running the application:
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "Ghost Phisher.desktop"

In BackTrack 5 R2 run it from /opt/Ghost-Phisher/ and start.

To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher
Ghost Phisher Penetration Screenshots
Ghost phisher ships in with default Windows and Linux vulnerability pages, These pages can be used for penetration.Ghost automatically recognizes the remote operating system and displays the vulnerability pages according to the information fetched.

Payload Download

This screenshot displays windows machine penetrated upon payload execution using Metasploit

After the remote machines are exploited, Ghost automatically redirects the clients to the internet with the help of the alternate DNS settings and inbuilt cookie system.

Some More Screenshots:
You could Emulate WIFI access points for client redirections

Here shows client connected to fake access point

Heres the Fake-DNS tab; Notice the Fake-IP address specified

Here shows the victim supplied a fake lease by the DHCP

Here shows the victim gettings the fake resolved IP address:

Here shows our HTTP server, with a downloaded webpage intended to be faked:

Since our victim has our fake DHCP server address,therefore he gets directed to our fake http server:

Here shows our database area, which automatically captures and logs forms credentials

Check out his other project:
Saviour Emmanuel Ekiko

No comments:

Post a Comment