Phishing Arsenal
Phishing campaign automation for authorized red team engagements.
What It Does
Manages phishing campaign tracking, generates convincing landing pages from live target sites, discovers squatting-eligible domains via typosquatting and homograph analysis, crafts spoofed emails with SPF/DKIM/DMARC bypass analysis, and builds payloads including Office macros, ISO containers, and HTML smuggling. Pure Python — no compilation required.
Scripts
| Script | Description |
|---|---|
campaign_tracker | Campaign tracking — target management, delivery status, credential capture logging |
landing_page_gen | Landing page generation — clones target login pages, instruments credential capture |
domain_squatter | Domain squatting discovery — typosquatting, homograph, combosquatting candidates |
email_spoofer | Email spoofing with SPF/DKIM/DMARC analysis and bypass technique selection |
payload_crafter | Payload crafting — Office macros, ISO+LNK, HTML smuggling, QR code generation |
When to Use
Use when the engagement scope includes social engineering or credential harvesting. Research target email infrastructure first, then register squatting domains, generate landing pages, and craft payloads.
Usage
RedTeamScript(skill="phishing-arsenal", script="landing_page_gen", args="--url https://target.com/login --output landing/")