Generate various type of statistics from phishing engagement results.
APACHE-2.0 License
This script structures the results obtained from Phishing engagements into a MySQL database and generates different types of statistics.
The database model used is as follows:
Employee: Holds information about the targetted Employee
client
email
role
Link: Intermediate table linking an Employee
to a Payload
ref
email
Payload: Holds information about the delivered Payload
idP
type
host
agent
date
ref
The statistics are all generated into individual worksheets within a single .xlsx
file, as shown in the following screenshot.
The following statistics are currently implemented:
Click Types Per User
Clicks Over Time
Email Distribution
Clicks Per Payload Type
Click Originating IP
Users Who Did/Did Not Click
Clicks Per Department
$ git clone https://github.com/AresS31/phishstat
$ cd phishstat
# pip install -r requirements.txt
The MYSQL_USER
and MYSQL_PASSWORD
global variable must be edited within the script (line 34 and 35).
$ python phishstat.py [-h] -c CLIENT -l APACHE_LOG -p PARAMETER -r EMAIL2REF -t
TARGET [-v]
-h, --help show this help message and exit
-c CLIENT, --client CLIENT
name for the database storing the engagement results
-l APACHE_LOG, --log APACHE_LOG
Apache log file
-p PARAMETER, --parameter PARAMETER
GET parametereter used to identify each clicks
-r EMAIL2REF, --ref EMAIL2REF
file containing the email to reference
-t TARGET, --target TARGET
file containg the target details
-v, --verbose enable verbose mode
11.22.33.44 - - [25/Oct/2016:10:51:21 +0100] "GET /phishing.gov.uk?region=KT4-EAC82 HTTP/1.1" 301 577 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"
11.22.33.44 - - [25/Oct/2016:10:51:22 +0100] "GET /phishing.gov.uk/?region=KT4-BDCB5 HTTP/1.1" 200 22729 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"
11.22.33.44 - - [25/Oct/2016:10:53:36 +0100] "GET /phishing.gov.uk?region=KT4-C2AE6 HTTP/1.1" 301 577 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
11.22.33.44 - - [25/Oct/2016:10:53:36 +0100] "GET /phishing.gov.uk/?region=KT4-30747 HTTP/1.1" 200 22729 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
11.22.33.44 - - [25/Oct/2016:10:53:36 +0100] "GET /phishing.gov.uk/?region=KT4-779D8 HTTP/1.1" 200 22729 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
Note: The GET parameter (-p, --param) used to parse the results in the above example is region
.
[email protected],Director
[email protected],Technical
[email protected],Support
[email protected],Sale
[email protected],Other
[email protected],KT4-EAC82
[email protected],KT4-BDCB5
[email protected],KT4-C2AE6
[email protected],KT4-30747
[email protected],KT4-779D8
Copyright (C) 2017 - 2018 Alexandre Teyar
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.