t4d / stalkphish Goto Github PK
View Code? Open in Web Editor NEWStalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
License: GNU Affero General Public License v3.0
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
License: GNU Affero General Public License v3.0
I am trying gathering Phishing kits using StalkPhish. It is working very well.
But I have an trouble and think that I report the trouble.
Timeout parameter of requests.get is not working sometimes.
One requests.get in StalkPhish is not ended more than hours oftenly.
Reference : https://stackoverflow.com/questions/53242211/python-requests-timeout-not-working-properly
Yes
Originally posted by @KCHARGING in #26 (comment)
Hello,
i have this error, can you help me.
2023-05-30 16:24:07,135 - StalkPhish.py - INFO - Configuration file to use: .\stalkphish\conf\example.conf
2023-05-30 16:24:07,135 - StalkPhish.py - INFO - Database: ./db/StalkPhish.sqlite3
2023-05-30 16:24:07,136 - StalkPhish.py - INFO - Main table: StalkPhish
2023-05-30 16:24:07,158 - StalkPhish.py - INFO - Investigation table: StalkPhishInvestig
2023-05-30 16:24:07,166 - StalkPhish.py - INFO - Files directory: ./files/
2023-05-30 16:24:07,167 - StalkPhish.py - INFO - Download directory: ./dl/
2023-05-30 16:24:07,167 - StalkPhish.py - INFO - Declared Proxy: None
2023-05-30 16:24:07,167 - StalkPhish.py - INFO - Proceeding to OSINT modules launch
2023-05-30 16:24:07,547 - urlscan.py - INFO - Searching for 'cliquesante'...
2023-05-30 16:24:08,351 - urlquery.py - INFO - Searching for 'cliquesante'...
2023-05-30 16:24:08,358 - StalkPhish.py - ERROR - Main error (<class 'ImportError'>, ImportError("cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (C:\Users\merci\PycharmProjects\StalkPhish\venv\lib\site-packages\urllib3\util\ssl_.py)"), <traceback object at 0x000001E7AB431180>)
Hi,
Not sure if i am missing something here,
Running on Ubuntu Server 16.04,
When try run i get the following
Traceback (most recent call last):
File "./StalkPhish.py", line 26, in
from tools.utils import VerifyPath
File "/home/[username]/StalkPhish/stalkphish/tools/utils.py", line 13, in
from ipwhois.net import Net
ImportError: No module named 'ipwhois'
When i look in the modules i dont see anything for ipwhois. I can comment this out in the utils.py to work but then clearly i wont get the ipwhois data
Cheers
For the moment StalkPhish only download the first zip file which appear in 'Ziplst' list. Should download all those zip files.
For a better view of a threat, or bunch of threats, we could add ASN (Asynchonous System Number) into database.
When PageTitle can't be retrieved in tools/download.py script, an error occured with this message:
ERROR - Error Downloading zip: argument of type 'NoneType' is not iterable
It miss a special warning message when the configuration file specified does not exist.
We can create a smaller container using alpine:latest image instead of Phusion.
When building docker container with docker-compose up --build -d Tor is not started.
An exception error occured when PageTitle can't be retrieved because the connection to URL timeouts.
2019-06-10 11:41:59,384 - download.py - ERROR - Get PageTitle Error: http://webmail.microsoftwindows10techsupport.com:2095/(<class 'requests.exceptions.ConnectTimeout'>, ConnectTimeout(MaxRetryError("SOCKSHTTPConnectionPool(host='webmail.microsoftwindows10techsupport.com', port=2095): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.contrib.socks.SOCKSConnection object at 0x7fb9e1323eb8>, 'Connection to webmail.microsoftwindows10techsupport.com timed out. (connect timeout=5)'))")), <traceback object at 0x7fb9e0eb21c8>)
Not sure what I am missing. I am running this on Ubuntu 4.4.0-131-generic and Python3 (Python 3.5.2 (default, Nov 12 2018, 13:43:14)
StalkPhish - The Phishing Kit stalker - v0.9.5.3 =-
2019-04-15 15:15:26,329 - StalkPhish.py - INFO - Configuration file to use: conf/example.conf
2019-04-15 15:15:26,329 - StalkPhish.py - INFO - Database: ./db/StalkPhish.sqlite3
2019-04-15 15:15:26,330 - StalkPhish.py - INFO - Main table: StalkPhish
2019-04-15 15:15:26,331 - StalkPhish.py - INFO - Investigation table: StalkPhishInvestig
2019-04-15 15:15:26,332 - StalkPhish.py - INFO - Files directory: ./files/
2019-04-15 15:15:26,332 - StalkPhish.py - INFO - Download directory: ./dl/
2019-04-15 15:15:26,333 - StalkPhish.py - INFO - Declared Proxy: None
2019-04-15 15:15:26,333 - StalkPhish.py - ERROR - Main error (<class 'AttributeError'>, AttributeError("'NoneType' object has no attribute 'split'",), <traceback object at 0x7f2cc9d32648>)
The Phishing.Database module does not start due to a indentation error in StalkPhish.py
When download.py
script try to catch a zipfiles protected by a captcha system, the zip file is created and declared in database, but this file is not a zipfile (HTML file most of the time)... this is not what I'm (probably you are) looking for.
It needs a file verification before writing to disk and declare into DB.
Receiving the below error when executing StalkPhish on a fresh O/S (Raspbian) install and fresh Git Pull on July 18/2019.
2019-07-18 20:00:39,477 - StalkPhish.py - INFO - Proceeding to OSINT modules launch
2019-07-18 20:00:40,651 - urlscan.py - INFO - Searching for 'webmail'...
2019-07-18 20:00:44,297 - urlscan.py - INFO - hxxps[:]//bad-domain.com bad-domain.com x.x.x.x https://urlscan.io/result/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Thu Jul 18 20:00:40 2019 aborted
2019-07-18 20:00:44,298 - urlscan.py - ERROR - HTML parser Error: table StalkPhish has 8 columns but 10 values were supplied
What could be the cause of this and how to solve it?
[root@instance-20190708-2326 stalkphish]# python3 StalkPhish.py -c conf/example.conf
/ | | | | | | __ | | () | |
| ( | |_ __ | | | | |) | | _ | |
__ | / _` | | |/ / /| ' | / | '
__) | || (| | | <| | | | | | _ \ | | |
|/ __,|||_| || |||/| ||
-= StalkPhish - The Phishing Kit stalker - v0.9.8 =-
[!!!] ConfParser Error: (<class 'configparser.MissingSectionHeaderError'>, File contains no section headers.
file: 'conf/example.conf', line: 1
'\ufeff###################################\n', <traceback object at 0x7f2a8926ed48>)
Traceback (most recent call last):
File "StalkPhish.py", line 355, in ConfAnalysis
DBfile = CONF.DBfile
AttributeError: 'ConfParser' object has no attribute 'DBfile'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "StalkPhish.py", line 396, in main
ConfAnalysis(ConfFile)
File "StalkPhish.py", line 388, in ConfAnalysis
LOG.error("ConfAnalysis error " + str(err))
NameError: name 'LOG' is not defined
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "StalkPhish.py", line 460, in
main()
File "StalkPhish.py", line 453, in main
LOG.error("Main error " + str(err))
NameError: name 'LOG' is not defined
StillTryDownload is set to 'Y' even when the network, or proxy, connection is down.
It seems that, even if you asked for (in configuration, with keep_files = no
), the files get from phishtank or openphish, are never deleted.
pan0pt1c0n/PhishBait#1 (comment)
ue-1631388753
As I use another script for that (no published for now) I think we can extract, automaticaly, e-mails of actors when a phishing kit is downloaded.
When zip is extracted it's often possible to see a txt file where the activity is logged. For companies automating recuperation of such informations could be great.
If the URL retrieved contain only a domain name, StalkPhish will try to download a non existent $DOMAIN/.zip file.
Hi,
Is it possible to perform a phishing kit scan against a single URL, or a given list from a file, instead of passing through the database?
A kind of:
./StalkPhish.py -c conf/example.conf -G http://myurl.example/folder
hello .. i'm getting this error:
[!!!] ConfParser Error: (<class 'configparser.DuplicateOptionError'>, While reading from 'conf/example.conf' [line 35]: option 'http_proxy' in section 'CONNECT' already exists, <traceback object at 0x7f9dab3fab90>)
Traceback (most recent call last):
File "StalkPhish.py", line 321, in ConfAnalysis
DBfile = CONF.DBfile
AttributeError: 'ConfParser' object has no attribute 'DBfile'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "StalkPhish.py", line 358, in main
ConfAnalysis(ConfFile)
File "StalkPhish.py", line 351, in ConfAnalysis
LOG.error("ConfAnalysis error " + str(err))
NameError: name 'LOG' is not defined
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "StalkPhish.py", line 418, in
main()
File "StalkPhish.py", line 411, in main
LOG.error("Main error " + str(err))
NameError: name 'LOG' is not defined
Hello t4d,
Tried to install StalkPhish on Mac OS X docker.
Have the following error
Step 6/13 : RUN pip3 install --upgrade pip
---> Running in f3329252cd17
/bin/sh: pip3: not found
ERROR: Service 'stalkphish' failed to build : The command '/bin/sh -c pip3 install --upgrade pip' returned a non-zero code: 127
Nice end of week-end and stay safe you and your family
Eric
It seems that when you try to declare a unique URL (with -u option), if this URL does not start with "http|s://" an Invalid or Missing Requests schema occured.
When scraping PhishTank if you use Tor network Cloudflare will stop the crawler and you will not be able to retrieve informations.
When you use -u option of StalkPhish (add unique url) the ASN number is quoted in database, it should not.
When a zip file name to download is > 255 chars, the file can't be write on disk, and no particular message append.
-= StalkPhish - The Phishing Kit stalker - v0.9.8-3 =-
2022-10-16 06:10:22,488 - StalkPhish.py - INFO - Configuration file to use: conf/example.conf
2022-10-16 06:10:22,489 - StalkPhish.py - INFO - Database: ./db/StalkPhish.sqlite3
2022-10-16 06:10:22,489 - StalkPhish.py - INFO - Main table: StalkPhish
2022-10-16 06:10:22,490 - StalkPhish.py - INFO - Investigation table: StalkPhishInvestig
2022-10-16 06:10:22,491 - StalkPhish.py - INFO - Files directory: ./files/
2022-10-16 06:10:22,491 - StalkPhish.py - INFO - Download directory: ./dl/
2022-10-16 06:10:22,491 - StalkPhish.py - INFO - Declared Proxy: socks5://127.0.0.1:9050
2022-10-16 06:10:22,492 - StalkPhish.py - ERROR - Proxy connection error, exiting!
2023-06-03 15:24:23,027 - StalkPhish.py - INFO - Proceeding to OSINT modules launch
2023-06-03 15:24:23,099 - urlscan.py - ERROR - Urlscan connection error: SOCKSHTTPSConnectionPool(host='urlscan.io', port=443): Max retries exceeded with url: /api/v1/search/?q=page.url:webmail%20OR%20page.domain:webmail (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSHTTPSConnection object at 0x0000022A22AC98B0>: Failed to establish a new connection: [WinError 10054] Une connexion existante a dû être fermée par l’hôte distant'))
2023-06-03 15:24:23,099 - urlscan.py - ERROR - HTML parser Error: name 'HTMLText' is not defined
2023-06-03 15:24:23,140 - urlscan.py - ERROR - Urlscan connection error: SOCKSHTTPSConnectionPool(host='urlscan.io', port=443): Max retries exceeded with url: /api/v1/search/?q=page.url:secure%20OR%20page.domain:secure (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSHTTPSConnection object at 0x0000022A22AEA2B0>: Failed to establish a new connection: [WinError 10054] Une connexion existante a dû être fermée par l’hôte distant'))
2023-06-03 15:24:23,140 - urlscan.py - ERROR - HTML parser Error: name 'HTMLText' is not defined
2023-06-03 15:24:23,181 - urlscan.py - ERROR - Urlscan connection error: SOCKSHTTPSConnectionPool(host='urlscan.io', port=443): Max retries exceeded with url: /api/v1/search/?q=page.url:email%20OR%20page.domain:email (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSHTTPSConnection object at 0x0000022A22AEA040>: Failed to establish a new connection: [WinError 10054] Une connexion existante a dû être fermée par l’hôte distant'))
2023-06-03 15:24:23,181 - urlscan.py - ERROR - HTML parser Error: name 'HTMLText' is not defined
Thanks you
It seem's that we now need an API key to retrieve Phishtank's JSON file (see https://www.phishtank.com/developer_info.php).
I will publish a patch soon, with a new API_key variable.
please help me about error ?
# pip3 install -r requirements.txt
# pip install ipwhois
root@kali:~/Tools/StalkPhish/stalkphish# python3 StalkPhish.py
Traceback (most recent call last):
File "StalkPhish.py", line 26, in <module>
from tools.utils import VerifyPath
File "/root/Tools/StalkPhish/stalkphish/tools/utils.py", line 13, in <module>
from ipwhois.net import Net
ModuleNotFoundError: No module named 'ipwhois.net'
Hi,
Just an idea
As an enhancement, could be an configuration option to add an output into the config to allow this to write out to a JSON file or even a CSV.
Looking at how i can ingest this information into an Elastic instance the sqlite db using a plugin there is the following requirement: "Any tables being watched must have an id column that is monotonically increasing"
Having the option to output to a file such as just would allow a beat agent (filebeat) to simple read and send the file with no further modification required.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.