[go: up one dir, main page]
Scribd
Upload
53 views4 pages

Advanced BEC Simulation Tools Guide

The document is a guide for conducting Business Email Compromise (BEC) phishing simulations using various ethical tools. It details five tools: Gophish for full simulations, SET for email spoofing, Evilginx2 for credential capture, Modlishka for reverse proxy phishing, and Ngrok for exposing local servers online. Each tool includes steps for setup and its specific purpose in phishing simulations.

Uploaded by

muhammedabass06
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views4 pages

Advanced BEC Simulation Tools Guide

The document is a guide for conducting Business Email Compromise (BEC) phishing simulations using various ethical tools. It details five tools: Gophish for full simulations, SET for email spoofing, Evilginx2 for credential capture, Modlishka for reverse proxy phishing, and Ngrok for exposing local servers online. Each tool includes steps for setup and its specific purpose in phishing simulations.

Uploaded by

muhammedabass06
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Business Email Compromise (BEC) Phishing Simulation Guide

Advanced Tools for BEC Simulation (Ethical Use Only)

These tools are used for internal phishing simulations and awareness training under authorized conditions

only.

Never use them for unauthorized activities.

1. Gophish Open-Source Phishing Framework

Website: https://getgophish.com

Steps:

1. Download Gophish and run the binary (Windows/Linux).

2. Access the admin panel at https://localhost:3333.

3. Create email templates using BEC scenarios.

4. Create a landing page (optional).

5. Add sending profile with SMTP settings.

6. Launch a campaign with selected targets.

7. Track opens, clicks, and replies.

Purpose: Manage full phishing simulation from dashboard.

2. SET (Social Engineer Toolkit)

GitHub: https://github.com/trustedsec/social-engineer-toolkit

Steps:

1. Clone repo and install: `git clone ... && sudo python setup.py install`
Business Email Compromise (BEC) Phishing Simulation Guide

2. Run SET: `sudo setoolkit`

3. Choose: Social Engineering Attacks > Mass Mailer Attack.

4. Spoof From address and paste your BEC template.

5. Send spoofed email.

Purpose: Email spoofing and social engineering simulation.

3. Evilginx2 Advanced Credential Capture

GitHub: https://github.com/kgretzky/evilginx2

Steps:

1. Clone and build Evilginx2.

2. Register domain and point to server.

3. Use phishlets to mimic Office365, Google, etc.

4. Create phishing URLs.

5. Send link in test phishing campaign.

6. Capture credentials and tokens.

Purpose: Simulate man-in-the-middle credential attacks.

4. Modlishka Reverse Proxy Phishing

GitHub: https://github.com/drk1wi/Modlishka

Steps:

1. Clone and build: `go build modlishka.go`


Business Email Compromise (BEC) Phishing Simulation Guide

2. Configure with target site and SSL cert.

3. Launch proxy server.

4. Use link in phishing test email.

5. Collect credentials from target site clone.

Purpose: Capture credentials via proxy phishing.

5. Ngrok Phishing Tunnel Helper

Website: https://ngrok.com

Steps:

1. Install Ngrok.

2. Launch local phishing server (e.g., Gophish).

3. Start Ngrok tunnel: `ngrok http 80`

4. Use public URL in test email.

5. Monitor clicks and visits.

Purpose: Expose local phishing tools to internet for testing.

Summary Table

| Tool | Use Case | Type |

|-------------|----------------------------------|-------------------------|

| Gophish | Full phishing simulation | Open-source framework |

| SET | Email spoofing, templates | Social engineering tool |

| Evilginx2 | Proxy + credential harvesting | MITM phishing proxy |


Business Email Compromise (BEC) Phishing Simulation Guide

| Modlishka | Reverse proxy for login phishing | Credential phisher |

| Ngrok | Expose phishing servers online | Tunneling tool |

You might also like