Scribd
Upload
87 views3 pages

Comparative Analysis of Phishing Tools

Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-2 , February 2021, URL: https://www.ijtsrd.com/papers/ijtsrd49446.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49446/comparative-analysis-of-phishing-tools/sudhakar-p

Uploaded by

Editor IJTSRD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views3 pages

Comparative Analysis of Phishing Tools

Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-2 , February 2021, URL: https://www.ijtsrd.com/papers/ijtsrd49446.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49446/comparative-analysis-of-phishing-tools/sudhakar-p

Uploaded by

Editor IJTSRD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

International Journal of Trend in Scientific Research and Development (IJTSRD)

Volume 6 Issue 2, January-February 2022 Available Online: www.ijtsrd.com e-ISSN: 2456 – 6470

Comparative Analysis of Phishing Tools


Sudhakar P1, Dr. Uma Rani Chellapandy2
1
Student, 2Associate Professor,
1,2
Department of MCA, Jain deemed-to-be University, Bengaluru, Karnataka, India

ABSTRACT How to cite this paper: Sudhakar P | Dr.


A phishing attack is the type of social engineering which Uma Rani Chellapandy "Comparative
Cybercriminals use to manipulate people to collect sensitive Analysis of Phishing Tools" Published
information. With today’s available technology phishing can be in International
Journal of Trend in
launched even with smartphones in a few clicks. Setting up and
Scientific Research
operating a phishing attack is fast, inexpensive, and low risk with no
and Development
expert knowledge anyone can launch an attack. many originations (ijtsrd), ISSN: 2456-
have suffered losses from phishing. Phishing is the most common 6470, Volume-6 |
social engineering attack which contributes more than 75 percent of Issue-2, February IJTSRD49446
all security breaches. 2022, pp.1451-
1453, URL:
This article examines and compares various phishing tools which can
www.ijtsrd.com/papers/ijtsrd49446.pdf
simulate phishing attacks to give people real-life phishing attack
experiences and make people aware of the risk and train how to Copyright © 2022 by author (s) and
respond. International Journal of Trend in
Scientific Research and Development
KEYWORDS: Phishing, toolkits, social engineering, cyber awareness Journal. This is an
Open Access article
distributed under the
terms of the Creative Commons
Attribution License (CC BY 4.0)
(http://creativecommons.org/licenses/by/4.0)

1. INTRODUCTION
As the number of internet users is increasing over conduct (simulate a real-time phishing attack) and
time, cybercrimes are also increasing due to the lack control every part of a phishing awareness campaign.
of cyber security awareness in the users. End-user
In this paper, different types of phishing tools are
cyber security awareness relates to how well they
compared where the description and features of each
understand the cyber security threats that their
tool are explained followed by a comparison chart.
networks face, the risks they pose, and the security
The user can choose the best tool among them.
best practices that may be used to guide their
behavior. 2. INVESTIGATION TOOLS
2.1. Gophish
In Phishing an attacker sends bogus messages to a
Gophish is a web-based toolkit developed with go-
human target in order to fool them into exposing
language that enables pentesters to conduct real-world
sensitive information or installing malware on their
phishing simulations. The main objective of this tool
machine. Phishing attacks have become more
is to make it Affordable and Accessible to everyone.
sophisticated, allowing the attacker to monitor
It is an open-source application
everything the victim does while on the site and
bypassing any further protection levels. A phishing Features:
attack can be launched by anyone with minimum Multiple Campaign
knowledge which makes it a dangerous and most REST API
common threat. supports Windows, Linux, and Mac OSX
GUI
Internet users need to be trained about these types of Real-time result reports
attacks and also need to be thought about how to
respond to the attacks. 2.2. King phisher
It provides a complete suite with graphical user
A phishing toolkit is a platform with pre-configured interface to launch and manage Phishing Campaigns
or customized phishing tests, that allows us to

@ IJTSRD | Unique Paper ID – IJTSRD49446 | Volume – 6 | Issue – 2 | Jan-Feb 2022 Page 1451
International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
that imitate phishing attempts in the real world to By extracted tokens, an attacker can break any kind of
exercise and prepare end-users how to respond to multi-factor authentication enabled on the user's
such attacks. King Phisher has the ability to run a account.
variety of campaigns parallelly.
Features:
Feature: Access token capturing
Run multiple phishing campaigns parallelly
2.5. Hidden Eye
For a more credible appearance, send an email
The hidden eye is a simple to use phishing toolkit that
with included photos.
enables the integration of various modules such as
Supports 2fa capturing
keylogger, custom templets, data collectors. It
Captures Geolocation
consists of preloaded social media templates which
API are ready to integrate with other modules.
GUI
Features:
2.3. SET tool kit All the sites are mobile compatible.
The Social-Engineer Toolkit is a CUI-based toolkit. It Keylogger
contains a huge collection of browser exploits and
Fake security templets
allows creating custom payloads, it is a powerful pen- 2FA capturing
testing tool.
2.6. Social phish
Features: Social phish is a simple open-source basic level
free and Open Source
Phishing Tool. It is simple than Social Engineering
supports Linux, and Windows. Toolkit. It consists of preloaded popular social media
Supports integration with custom modules. templates such as Facebook, Instagram, Google,
provides many attack vectors Microsoft, etc. also providing the option to create and
2.4. Evilginx2 use a custom template.
bypassing multi-factor authentication is the main Features:
feature of this tool, this is one of the best tools
open-source tool.
available on the internet. As the man-in-the-middle,
written in bash language.
Evilginx2 collects all access tokens along with Supports Ngrok,serveo.net tunneling.
usernames and passwords. This feature of extracting
access tokens makes it outstanding than other tools.
3. COMPARISON TABLE
Go King SET tool Hidden Social
Phishing tools Evilginx2
phish phisher kit Eye phish
Open-source
Multiple phishing campaigns
GUI
Report generation
Geo-location
Capture 2fa tokens
API
Keylogger
OS
Linux
Mac
Windows
Android

4. FUTURE SCOPE A company security posture will be good enough


Even using additional security mechanisms like until the employees are well aware of cyber threats.
multi-facture authentication is useless when the user As social engineering type of attacks focuses on
is not aware of basic security elements. Every user on human nature to breake into information system. It is
the internet should be aware of cyber-attacks and their necessary to exercise the employee with emerging
risk. Educating Internet users on common threats is threats that are sophisticated enough to exploit human
important to successfully fight against cyber threats. behavior.

@ IJTSRD | Unique Paper ID – IJTSRD49446 | Volume – 6 | Issue – 2 | Jan-Feb 2022 Page 1452
International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
5. CONCLUSION 6. REFERENCES
Social networking sites is one of the most common [1] http://en.wikipedia.org/wiki/Internet_security_a
platform where all categories of people use, which wareness
makes it huge threat surface for phishing attack.
[2] https://getgophish.com/
In this paper, the differences between some phishing
[3] https://github.com/rsmusllp/king-phisher
tools are listed along with a comparison chart. There
are many tools available on the internet with different [4] https://github.com/kgretzky/evilginx2
features. Selecting the right tool based on the criteria [5] https://github.com/yevgen2020/HiddenEye
depends on an individual user.
[6] https://github.com/xHak9x/SocialPhish

@ IJTSRD | Unique Paper ID – IJTSRD49446 | Volume – 6 | Issue – 2 | Jan-Feb 2022 Page 1453

You might also like