diff --git a/GoStats.php b/GoStats.php index c1ba2c6..ac4ba5a 100755 --- a/GoStats.php +++ b/GoStats.php @@ -7,8 +7,11 @@ */ $url = ""; // URL of GoPhish listner e.g. http://www.site.com:8080/ $key = ""; // GoPhish API key -$pwd = "/opt/Pwdlyser/"; // /directory/containing/pwdlyser -$geoip = true; // use freegeoip.net on IP addresses? set to false to disable this. +$pwd = "/opt/pwdlyser/"; // /directory/containing/pwdlyser +$geoip = false; // use freegeoip.net on IP addresses? set to false to disable this. +$formUsername = "username"; // username name of landing page form input box +$formPassword = "password"; // password name of landing page form input box + /*** * Main program - Don't edit below @@ -30,6 +33,7 @@ "useragent|u" => "Top 10 user agents", "attempts|m" => "Top 10 attempts to log in", "active|o" => "Active times", + "rolling|r" => "Activities per half hour", "speed|e" => "Clickthrough speed", "stats|s" => "Victim statistics", "pass|p" => "Password analysis with pwdlyser", @@ -45,18 +49,18 @@ /* Get list of campaigns */ if ($filter->getParam("list") !== false) { - echo "[+] Getting data from server\n"; - $curl = new curl(); + echo "[+] Getting data from server\n"; + $curl = new curl(); $curl->url = "$url/api/campaigns/?api_key=$key"; $list = $curl->curlQuery(); if(isset($list->message) && $list->message == "Invalid API Key"){ - echo "[!] Invalid API key\n"; - exit(0); + echo "[!] Invalid API key\n"; + exit(0); }else{ - echo "[id] -campaign name-\n"; - foreach($list as $id) - echo "[".$id['id']."] ".$id['name']."\n"; + echo "[id] -campaign name-\n"; + foreach($list as $id) + echo "[".$id['id']."] ".$id['name']."\n"; } exit(0); } @@ -67,57 +71,57 @@ echo "[!] Campaign ID not set\nn"; exit(0); }else{ - echo "[+] Getting data from server\n"; - $curl = new curl(); + echo "[+] Getting data from server\n"; + $curl = new curl(); $curl->url = "$url/api/campaigns/$campid?api_key=$key"; $list = $curl->curlQuery(); if(isset($list->message) && $list->message == "Invalid API Key"){ - echo "[!] Invalid API key\n"; - exit(0); + echo "[!] Invalid API key\n"; + exit(0); }else{ - /* all data got correctly time to do stuff! */ - echo "[$campid] ".$list['name']."\n"; - echo "\n--- Notable times ---\n"; + /* all data got correctly time to do stuff! */ + echo "[$campid] ".$list['name']."\n"; + echo "\n--- Notable times ---\n"; if(isset($list['launch_date']) && $list['launch_date'] <> ""){ $time = date('d-m-Y H:i', $datetime = strtotime(substr($list['launch_date'], 0, 10) . ' ' . substr($list['launch_date'], 11, 8 ))); echo "Campaign launched: $time\n"; } - foreach($list['timeline'] as $record){ - if($record['message'] == "Email Sent"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First email sent: $time\n"; - break; - } - } + foreach($list['timeline'] as $record){ + if($record['message'] == "Email Sent"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First email sent: $time\n"; + break; + } + } foreach($list['timeline'] as $record){ if($record['message'] == "Email Sent"){ $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); } } - echo "Last email sent:: $time\n"; - foreach($list['timeline'] as $record){ - if($record['message'] == "Clicked Link"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First email opened: $time\n"; - break; - } - } - foreach($list['timeline'] as $record){ - if($record['message'] == "Clicked Link"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First page view: $time\n"; - break; - } - } - foreach($list['timeline'] as $record){ - if($record['message'] == "Submitted Data"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First credentials submitted: $time\n"; - break; - } - } + echo "Last email sent: $time\n"; + foreach($list['timeline'] as $record){ + if($record['message'] == "Clicked Link"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First email opened: $time\n"; + break; + } + } + foreach($list['timeline'] as $record){ + if($record['message'] == "Clicked Link"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First page view: $time\n"; + break; + } + } + foreach($list['timeline'] as $record){ + if($record['message'] == "Submitted Data"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First credentials submitted: $time\n"; + break; + } + } if(isset($list['completed_date']) && $list['completed_date'] <> ""){ $time = date('d-m-Y H:i', $datetime = strtotime(substr($list['completed_date'], 0, 10) . ' ' . substr($list['completed_date'], 11, 8 ))); echo "Campaign finished: $time\n"; @@ -129,11 +133,11 @@ if ($filter->getParam("ips") !== false || $filter->getParam("all") !== false) { $ips = array(); foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['browser']['address'] !== "unknown") - $ips[] = (string)$details['browser']['address']; - } + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['browser']['address'] !== "unknown") + $ips[] = (string)$details['browser']['address']; + } } $ips = array_count_values($ips); arsort($ips); @@ -146,7 +150,7 @@ $geodetails = json_decode($geojson, true); $geoip_details = "- ".$geodetails['country_name'].", ".$geodetails['city']; } - echo "[$no] $ip $geoip_details\n"; + echo "[$no] $ip $geoip_details\n"; } } @@ -154,44 +158,45 @@ if ($filter->getParam("useragent") !== false || $filter->getParam("all") !== false) { $agents = array(); foreach($list['timeline'] as $item){ - if($item['details'] <> "" && $item['message'] == "Clicked Link"){ // only people who visited site, not email user agent - $details = json_decode($item['details'], true); - if($details['browser']['user-agent'] !== "unknown" && $details['browser']['user-agent'] !== "") - $agents[] = (string)$details['browser']['user-agent']; - } + if($item['details'] <> "" && $item['message'] == "Clicked Link"){ // only people who visited site, not email user agent + $details = json_decode($item['details'], true); + if($details['browser']['user-agent'] !== "unknown" && $details['browser']['user-agent'] !== "") + $agents[] = (string)$details['browser']['user-agent']; + } } $agents = array_count_values($agents); arsort($agents); $agents = array_slice($agents,0,10,true); echo "\n--- Top 10 User Agents ---\n"; foreach($agents as $ua=>$no){ - echo "[$no] $ua\n"; + echo "[$no] $ua\n"; } } /* Top 10 attempts to log in */ if($filter->getParam("attempts") !== false || $filter->getParam("all") !== false) { - $userids = array(); - foreach($list['results'] as $item){ - $userids[$item['id']] = $item['email']; + $userids = array(); + foreach($list['results'] as $item){ + $userids[$item['id']] = $item['email']; } - $attemptrids = array(); - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if(isset($details['payload']['password'][0]) && $details['payload']['password'][0] <> ""){ - $attemptrids[$details['payload']['rid'][0]] += 1; - } - } + $attemptrids = array(); + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if(isset($details['payload'][$formPassword][0]) && $details['payload'][$formPassword][0] <> ""){ + $attemptrids[$details['payload']['rid'][0]] += 1; + } + } } arsort($attemptrids); $attemptrids = array_slice($attemptrids,0,10,true); echo "\n--- Top 10 Login Attempts ---\n"; foreach($attemptrids as $id=>$amount){ - $newemail= preg_replace('/(?:^|.@).\K|.\.[^@]*$(*SKIP)(*F)|.(?=.*?\.)/', '*', $userids[$id]); - echo "[$amount] $newemail\n"; - } + //$newemail= preg_replace('/(?:^|.@).\K|.\.[^@]*$(*SKIP)(*F)|.(?=.*?\.)/', '*', $userids[$id]); + //echo "[$amount] $newemail\n"; + echo "[$amount] $userids[$id]\n"; + } } /* Active times */ @@ -225,6 +230,31 @@ } } +/* Rolling times */ +if($filter->getParam("rolling") !== false || $filter->getParam("all") !== false) { + $active_count = array(); + $active_percent = array(); + $total = 0; + echo "\n--- Rolling times (clicked link or submitted data) ---\n"; + foreach($list['timeline'] as $item){ + if($item['message'] == "Clicked Link" || $item['message'] == "Submitted Data" ){ + $month = (int)substr($item['time'], 5, 2); + $day = (int)substr($item['time'], 8, 2); + $hour = (int)substr($item['time'], 11, 2); + $min = (int)substr($item['time'], 14, 2); + $min = ($min < 30 ? "00" : 30); + $hour2 = $hour; + $min2 = $min; + if($min == 30){$hour2++; $min2 = "00";}else{$min2 = 30;} + $active_count[$month."/".$day." ".$hour.":".$min." - ".$hour2.":".$min2]++; + $total++; + } + + } + foreach($active_count as $id => $count) + echo "$id = $count\n"; +} + /* Clickthrough speed */ if ($filter->getParam("speed") !== false || $filter->getParam("all") !== false) { $speed_opened = array(); @@ -292,84 +322,84 @@ /* Victim statistics */ if ($filter->getParam("stats") !== false || $filter->getParam("all") !== false) { - $status = array(); - foreach($list['results'] as $item){ - if($item['status'] <> ""){ - $status[] = $item['status']; - } - } - echo "\n--- Victim Statistics ---\n"; - $statusall = count($status); - $counts = array_count_values($status); - echo "Targets: ".$statusall."\n"; - $openedpercent = ($counts['Email Opened'] / $statusall) * 100; - echo "Email opened: ".$counts['Email Opened']." (".round($openedpercent, 2)."%)\n"; - $linkpercent = ($counts['Clicked Link'] / $statusall) * 100; - echo "Visited link: ".$counts['Clicked Link']." (".round($linkpercent, 2)."%)\n"; - $subpercent = ($counts['Submitted Data'] / $statusall) * 100; - echo "Submitted data: ".$counts['Submitted Data']." (".round($subpercent, 2)."%)\n"; - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['payload']['password'][0] <> "") - $totalLoginAttempts++; - } - } + $status = array(); + foreach($list['results'] as $item){ + if($item['status'] <> ""){ + $status[] = $item['status']; + } + } + echo "\n--- Victim Statistics ---\n"; + $statusall = count($status); + $counts = array_count_values($status); + echo "Targets: ".$statusall."\n"; + $openedpercent = ($counts['Email Opened'] / $statusall) * 100; + echo "Email opened: ".$counts['Email Opened']." (".round($openedpercent, 2)."%)\n"; + $linkpercent = ($counts['Clicked Link'] / $statusall) * 100; + echo "Visited link: ".$counts['Clicked Link']." (".round($linkpercent, 2)."%)\n"; + $subpercent = ($counts['Submitted Data'] / $statusall) * 100; + echo "Submitted data: ".$counts['Submitted Data']." (".round($subpercent, 2)."%)\n"; + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['payload'][$formPassword][0] <> "") + $totalLoginAttempts++; + } + } echo "Total login attempts: $totalLoginAttempts\n"; } /* Pwdlyzer */ if ($filter->getParam("pass") !== false || $filter->getParam("all") !== false) { - $username = array(); - $password = array(); - echo "\n--- Password Statistics ---\n"; - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['payload']['password'][0] <> ""){ - $username[] = $details['payload']['username'][0]; - $password[] = $details['payload']['password'][0]; - } - } - } - $tmpfname = tempnam("/tmp", "GoStats-"); - $pwdfname = tempnam("/tmp", "GoStats-"); - $handle = fopen($tmpfname, "w"); - foreach($username as $id=>$user){ - fwrite($handle, "$user:".$password[$id]."\n"); - } - fclose($handle); - echo "[+] Launching pwdlyzer\n"; - exec("cd $pwd && ./pwdlyser.py -p $tmpfname --all > $pwdfname"); - unlink($tmpfname); - echo "[+] pwdlyzer results at: $pwdfname\n"; + $username = array(); + $password = array(); + echo "\n--- Password Statistics ---\n"; + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['payload'][$formPassword][0] <> ""){ + $username[] = $details['payload'][$formUsername][0]; + $password[] = $details['payload'][$formPassword][0]; + } + } + } + $tmpfname = tempnam("/tmp", "GoStats-"); + $pwdfname = tempnam("/tmp", "GoStats-"); + $handle = fopen($tmpfname, "w"); + foreach($username as $id=>$user){ + fwrite($handle, "$user:".$password[$id]."\n"); + } + fclose($handle); + echo "[+] Launching pwdlyzer\n"; + exec("cd $pwd && ./pwdlyser.py -p $tmpfname --all > $pwdfname"); + unlink($tmpfname); + echo "[+] pwdlyzer results at: $pwdfname\n"; } /* dump username:password list to file */ $dumpfile = $filter->getParam('dump'); if(file_exists($dumpfile)){ - echo "[!] File already exists ($dumpfile)\n"; + echo "[!] File already exists ($dumpfile)\n"; exit(0); } if(!file_exists($dumpfile) && isset($dumpfile)){ - $username = array(); - $password = array(); - echo "\n--- Dumping username:password to file ---\n"; - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['payload']['password'][0] <> ""){ - $username[] = $details['payload']['username'][0]; - $password[] = $details['payload']['password'][0]; - } - } - } - $handle = fopen($dumpfile, "w"); - foreach($username as $id=>$user){ - fwrite($handle, "$user:".$password[$id]."\n"); - } - fclose($handle); - echo "[+] File created: $dumpfile\n"; + $username = array(); + $password = array(); + echo "\n--- Dumping username:password to file ---\n"; + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['payload'][$formPassword][0] <> ""){ + $username[] = $details['payload'][$formUsername][0]; + $password[] = $details['payload'][$formPassword][0]; + } + } + } + $handle = fopen($dumpfile, "w"); + foreach($username as $id=>$user){ + fwrite($handle, "$user:".$password[$id]."\n"); + } + fclose($handle); + echo "[+] File created: $dumpfile\n"; } /* dump list of users requiring training */ diff --git a/GoStats.php b/GoStats.php index c1ba2c6..ac4ba5a 100755 --- a/GoStats.php +++ b/GoStats.php @@ -7,8 +7,11 @@ */ $url = ""; // URL of GoPhish listner e.g. http://www.site.com:8080/ $key = ""; // GoPhish API key -$pwd = "/opt/Pwdlyser/"; // /directory/containing/pwdlyser -$geoip = true; // use freegeoip.net on IP addresses? set to false to disable this. +$pwd = "/opt/pwdlyser/"; // /directory/containing/pwdlyser +$geoip = false; // use freegeoip.net on IP addresses? set to false to disable this. +$formUsername = "username"; // username name of landing page form input box +$formPassword = "password"; // password name of landing page form input box + /*** * Main program - Don't edit below @@ -30,6 +33,7 @@ "useragent|u" => "Top 10 user agents", "attempts|m" => "Top 10 attempts to log in", "active|o" => "Active times", + "rolling|r" => "Activities per half hour", "speed|e" => "Clickthrough speed", "stats|s" => "Victim statistics", "pass|p" => "Password analysis with pwdlyser", @@ -45,18 +49,18 @@ /* Get list of campaigns */ if ($filter->getParam("list") !== false) { - echo "[+] Getting data from server\n"; - $curl = new curl(); + echo "[+] Getting data from server\n"; + $curl = new curl(); $curl->url = "$url/api/campaigns/?api_key=$key"; $list = $curl->curlQuery(); if(isset($list->message) && $list->message == "Invalid API Key"){ - echo "[!] Invalid API key\n"; - exit(0); + echo "[!] Invalid API key\n"; + exit(0); }else{ - echo "[id] -campaign name-\n"; - foreach($list as $id) - echo "[".$id['id']."] ".$id['name']."\n"; + echo "[id] -campaign name-\n"; + foreach($list as $id) + echo "[".$id['id']."] ".$id['name']."\n"; } exit(0); } @@ -67,57 +71,57 @@ echo "[!] Campaign ID not set\nn"; exit(0); }else{ - echo "[+] Getting data from server\n"; - $curl = new curl(); + echo "[+] Getting data from server\n"; + $curl = new curl(); $curl->url = "$url/api/campaigns/$campid?api_key=$key"; $list = $curl->curlQuery(); if(isset($list->message) && $list->message == "Invalid API Key"){ - echo "[!] Invalid API key\n"; - exit(0); + echo "[!] Invalid API key\n"; + exit(0); }else{ - /* all data got correctly time to do stuff! */ - echo "[$campid] ".$list['name']."\n"; - echo "\n--- Notable times ---\n"; + /* all data got correctly time to do stuff! */ + echo "[$campid] ".$list['name']."\n"; + echo "\n--- Notable times ---\n"; if(isset($list['launch_date']) && $list['launch_date'] <> ""){ $time = date('d-m-Y H:i', $datetime = strtotime(substr($list['launch_date'], 0, 10) . ' ' . substr($list['launch_date'], 11, 8 ))); echo "Campaign launched: $time\n"; } - foreach($list['timeline'] as $record){ - if($record['message'] == "Email Sent"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First email sent: $time\n"; - break; - } - } + foreach($list['timeline'] as $record){ + if($record['message'] == "Email Sent"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First email sent: $time\n"; + break; + } + } foreach($list['timeline'] as $record){ if($record['message'] == "Email Sent"){ $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); } } - echo "Last email sent:: $time\n"; - foreach($list['timeline'] as $record){ - if($record['message'] == "Clicked Link"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First email opened: $time\n"; - break; - } - } - foreach($list['timeline'] as $record){ - if($record['message'] == "Clicked Link"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First page view: $time\n"; - break; - } - } - foreach($list['timeline'] as $record){ - if($record['message'] == "Submitted Data"){ - $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); - echo "First credentials submitted: $time\n"; - break; - } - } + echo "Last email sent: $time\n"; + foreach($list['timeline'] as $record){ + if($record['message'] == "Clicked Link"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First email opened: $time\n"; + break; + } + } + foreach($list['timeline'] as $record){ + if($record['message'] == "Clicked Link"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First page view: $time\n"; + break; + } + } + foreach($list['timeline'] as $record){ + if($record['message'] == "Submitted Data"){ + $time = date('d-m-Y H:i', $datetime = strtotime(substr($record['time'], 0, 10) . ' ' . substr($record['time'], 11, 8 ))); + echo "First credentials submitted: $time\n"; + break; + } + } if(isset($list['completed_date']) && $list['completed_date'] <> ""){ $time = date('d-m-Y H:i', $datetime = strtotime(substr($list['completed_date'], 0, 10) . ' ' . substr($list['completed_date'], 11, 8 ))); echo "Campaign finished: $time\n"; @@ -129,11 +133,11 @@ if ($filter->getParam("ips") !== false || $filter->getParam("all") !== false) { $ips = array(); foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['browser']['address'] !== "unknown") - $ips[] = (string)$details['browser']['address']; - } + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['browser']['address'] !== "unknown") + $ips[] = (string)$details['browser']['address']; + } } $ips = array_count_values($ips); arsort($ips); @@ -146,7 +150,7 @@ $geodetails = json_decode($geojson, true); $geoip_details = "- ".$geodetails['country_name'].", ".$geodetails['city']; } - echo "[$no] $ip $geoip_details\n"; + echo "[$no] $ip $geoip_details\n"; } } @@ -154,44 +158,45 @@ if ($filter->getParam("useragent") !== false || $filter->getParam("all") !== false) { $agents = array(); foreach($list['timeline'] as $item){ - if($item['details'] <> "" && $item['message'] == "Clicked Link"){ // only people who visited site, not email user agent - $details = json_decode($item['details'], true); - if($details['browser']['user-agent'] !== "unknown" && $details['browser']['user-agent'] !== "") - $agents[] = (string)$details['browser']['user-agent']; - } + if($item['details'] <> "" && $item['message'] == "Clicked Link"){ // only people who visited site, not email user agent + $details = json_decode($item['details'], true); + if($details['browser']['user-agent'] !== "unknown" && $details['browser']['user-agent'] !== "") + $agents[] = (string)$details['browser']['user-agent']; + } } $agents = array_count_values($agents); arsort($agents); $agents = array_slice($agents,0,10,true); echo "\n--- Top 10 User Agents ---\n"; foreach($agents as $ua=>$no){ - echo "[$no] $ua\n"; + echo "[$no] $ua\n"; } } /* Top 10 attempts to log in */ if($filter->getParam("attempts") !== false || $filter->getParam("all") !== false) { - $userids = array(); - foreach($list['results'] as $item){ - $userids[$item['id']] = $item['email']; + $userids = array(); + foreach($list['results'] as $item){ + $userids[$item['id']] = $item['email']; } - $attemptrids = array(); - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if(isset($details['payload']['password'][0]) && $details['payload']['password'][0] <> ""){ - $attemptrids[$details['payload']['rid'][0]] += 1; - } - } + $attemptrids = array(); + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if(isset($details['payload'][$formPassword][0]) && $details['payload'][$formPassword][0] <> ""){ + $attemptrids[$details['payload']['rid'][0]] += 1; + } + } } arsort($attemptrids); $attemptrids = array_slice($attemptrids,0,10,true); echo "\n--- Top 10 Login Attempts ---\n"; foreach($attemptrids as $id=>$amount){ - $newemail= preg_replace('/(?:^|.@).\K|.\.[^@]*$(*SKIP)(*F)|.(?=.*?\.)/', '*', $userids[$id]); - echo "[$amount] $newemail\n"; - } + //$newemail= preg_replace('/(?:^|.@).\K|.\.[^@]*$(*SKIP)(*F)|.(?=.*?\.)/', '*', $userids[$id]); + //echo "[$amount] $newemail\n"; + echo "[$amount] $userids[$id]\n"; + } } /* Active times */ @@ -225,6 +230,31 @@ } } +/* Rolling times */ +if($filter->getParam("rolling") !== false || $filter->getParam("all") !== false) { + $active_count = array(); + $active_percent = array(); + $total = 0; + echo "\n--- Rolling times (clicked link or submitted data) ---\n"; + foreach($list['timeline'] as $item){ + if($item['message'] == "Clicked Link" || $item['message'] == "Submitted Data" ){ + $month = (int)substr($item['time'], 5, 2); + $day = (int)substr($item['time'], 8, 2); + $hour = (int)substr($item['time'], 11, 2); + $min = (int)substr($item['time'], 14, 2); + $min = ($min < 30 ? "00" : 30); + $hour2 = $hour; + $min2 = $min; + if($min == 30){$hour2++; $min2 = "00";}else{$min2 = 30;} + $active_count[$month."/".$day." ".$hour.":".$min." - ".$hour2.":".$min2]++; + $total++; + } + + } + foreach($active_count as $id => $count) + echo "$id = $count\n"; +} + /* Clickthrough speed */ if ($filter->getParam("speed") !== false || $filter->getParam("all") !== false) { $speed_opened = array(); @@ -292,84 +322,84 @@ /* Victim statistics */ if ($filter->getParam("stats") !== false || $filter->getParam("all") !== false) { - $status = array(); - foreach($list['results'] as $item){ - if($item['status'] <> ""){ - $status[] = $item['status']; - } - } - echo "\n--- Victim Statistics ---\n"; - $statusall = count($status); - $counts = array_count_values($status); - echo "Targets: ".$statusall."\n"; - $openedpercent = ($counts['Email Opened'] / $statusall) * 100; - echo "Email opened: ".$counts['Email Opened']." (".round($openedpercent, 2)."%)\n"; - $linkpercent = ($counts['Clicked Link'] / $statusall) * 100; - echo "Visited link: ".$counts['Clicked Link']." (".round($linkpercent, 2)."%)\n"; - $subpercent = ($counts['Submitted Data'] / $statusall) * 100; - echo "Submitted data: ".$counts['Submitted Data']." (".round($subpercent, 2)."%)\n"; - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['payload']['password'][0] <> "") - $totalLoginAttempts++; - } - } + $status = array(); + foreach($list['results'] as $item){ + if($item['status'] <> ""){ + $status[] = $item['status']; + } + } + echo "\n--- Victim Statistics ---\n"; + $statusall = count($status); + $counts = array_count_values($status); + echo "Targets: ".$statusall."\n"; + $openedpercent = ($counts['Email Opened'] / $statusall) * 100; + echo "Email opened: ".$counts['Email Opened']." (".round($openedpercent, 2)."%)\n"; + $linkpercent = ($counts['Clicked Link'] / $statusall) * 100; + echo "Visited link: ".$counts['Clicked Link']." (".round($linkpercent, 2)."%)\n"; + $subpercent = ($counts['Submitted Data'] / $statusall) * 100; + echo "Submitted data: ".$counts['Submitted Data']." (".round($subpercent, 2)."%)\n"; + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['payload'][$formPassword][0] <> "") + $totalLoginAttempts++; + } + } echo "Total login attempts: $totalLoginAttempts\n"; } /* Pwdlyzer */ if ($filter->getParam("pass") !== false || $filter->getParam("all") !== false) { - $username = array(); - $password = array(); - echo "\n--- Password Statistics ---\n"; - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['payload']['password'][0] <> ""){ - $username[] = $details['payload']['username'][0]; - $password[] = $details['payload']['password'][0]; - } - } - } - $tmpfname = tempnam("/tmp", "GoStats-"); - $pwdfname = tempnam("/tmp", "GoStats-"); - $handle = fopen($tmpfname, "w"); - foreach($username as $id=>$user){ - fwrite($handle, "$user:".$password[$id]."\n"); - } - fclose($handle); - echo "[+] Launching pwdlyzer\n"; - exec("cd $pwd && ./pwdlyser.py -p $tmpfname --all > $pwdfname"); - unlink($tmpfname); - echo "[+] pwdlyzer results at: $pwdfname\n"; + $username = array(); + $password = array(); + echo "\n--- Password Statistics ---\n"; + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['payload'][$formPassword][0] <> ""){ + $username[] = $details['payload'][$formUsername][0]; + $password[] = $details['payload'][$formPassword][0]; + } + } + } + $tmpfname = tempnam("/tmp", "GoStats-"); + $pwdfname = tempnam("/tmp", "GoStats-"); + $handle = fopen($tmpfname, "w"); + foreach($username as $id=>$user){ + fwrite($handle, "$user:".$password[$id]."\n"); + } + fclose($handle); + echo "[+] Launching pwdlyzer\n"; + exec("cd $pwd && ./pwdlyser.py -p $tmpfname --all > $pwdfname"); + unlink($tmpfname); + echo "[+] pwdlyzer results at: $pwdfname\n"; } /* dump username:password list to file */ $dumpfile = $filter->getParam('dump'); if(file_exists($dumpfile)){ - echo "[!] File already exists ($dumpfile)\n"; + echo "[!] File already exists ($dumpfile)\n"; exit(0); } if(!file_exists($dumpfile) && isset($dumpfile)){ - $username = array(); - $password = array(); - echo "\n--- Dumping username:password to file ---\n"; - foreach($list['timeline'] as $item){ - if($item['details'] <> ""){ - $details = json_decode($item['details'], true); - if($details['payload']['password'][0] <> ""){ - $username[] = $details['payload']['username'][0]; - $password[] = $details['payload']['password'][0]; - } - } - } - $handle = fopen($dumpfile, "w"); - foreach($username as $id=>$user){ - fwrite($handle, "$user:".$password[$id]."\n"); - } - fclose($handle); - echo "[+] File created: $dumpfile\n"; + $username = array(); + $password = array(); + echo "\n--- Dumping username:password to file ---\n"; + foreach($list['timeline'] as $item){ + if($item['details'] <> ""){ + $details = json_decode($item['details'], true); + if($details['payload'][$formPassword][0] <> ""){ + $username[] = $details['payload'][$formUsername][0]; + $password[] = $details['payload'][$formPassword][0]; + } + } + } + $handle = fopen($dumpfile, "w"); + foreach($username as $id=>$user){ + fwrite($handle, "$user:".$password[$id]."\n"); + } + fclose($handle); + echo "[+] File created: $dumpfile\n"; } /* dump list of users requiring training */ diff --git a/README.md b/README.md index 01f7b48..2917625 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,32 @@ 11 - 24 = 4.69% | 23 - 1 = 0.20% 12 - 28 = 5.47% | 24 - = 0.00% + --- Rolling times (clicked link or submitted data) --- + 10/16 9:00 - 9:30 = 6 + 10/16 9:30 - 10:00 = 89 + 10/16 10:00 - 10:30 = 18 + 10/16 10:30 - 11:00 = 19 + 10/16 11:00 - 11:30 = 6 + 10/16 12:00 - 12:30 = 4 + 10/16 12:30 - 13:00 = 1 + 10/16 13:00 - 13:30 = 1 + 10/16 13:30 - 14:00 = 7 + 10/16 14:30 - 15:00 = 5 + 10/16 15:00 - 15:30 = 3 + 10/16 15:30 - 16:00 = 9 + 10/16 16:30 - 17:00 = 1 + 10/16 18:00 - 18:30 = 13 + 10/16 19:30 - 20:00 = 8 + 10/17 6:30 - 7:00 = 2 + 10/17 10:00 - 10:30 = 3 + 10/17 12:00 - 12:30 = 4 + 10/17 16:30 - 17:00 = 23 + 10/18 9:30 - 10:00 = 1 + 10/18 11:30 - 12:00 = 4 + 10/18 16:00 - 16:30 = 4 + 10/19 7:30 - 8:00 = 1 + 10/19 18:30 - 19:00 = 3 + [+] Clickthrough Speed Quickest click: 2 sec Longest click: 18 min