Phishing-网络钓鱼攻击

钓鱼不仅是一种户外运动，更是一种网络安全攻击技术。本项目用于记录钓鱼攻击的相关内容，包括优秀的钓鱼技术技巧或优秀的钓鱼实战项目案例等。钓鱼攻击源于技术，又高于技术。钓鱼攻击源于欺骗，欺骗的尽头是免杀。深入研究并积极实践社工技术，在很多场合往往可以产生意想不到的结果！致敬凯文！作者：0e0w

本项目创建于2021年8月16日，最近的一次更新时间为2023年10月8日。

• 01-钓鱼攻击资源
• 02-钓鱼攻击技术
• 03-钓鱼攻击工具
• 04-钓鱼漏洞研究
• 05-钓鱼技术参考

01-钓鱼攻击资源

一、钓鱼书籍

二、钓鱼文章

• [ ] https://xz.aliyun.com/t/12682
• [ ] https://xz.aliyun.com/t/12247
• [ ] https://xz.aliyun.com/t/12020
• [ ] https://xz.aliyun.com/t/11980
• [ ] https://xz.aliyun.com/t/11898
• [ ] https://xz.aliyun.com/t/11885
• [ ] https://xz.aliyun.com/t/11655
• [ ] https://xz.aliyun.com/t/11519
• [ ] https://xz.aliyun.com/t/11400
• [ ] https://xz.aliyun.com/t/12247
• [ ] https://xz.aliyun.com/t/11400
• [ ] https://xz.aliyun.com/t/11471
• [ ] https://xz.aliyun.com/t/11300
• [ ] https://xz.aliyun.com/t/10878
• [ ] https://xz.aliyun.com/t/10339
• [ ] https://xz.aliyun.com/t/9549
• [ ] https://xz.aliyun.com/t/9159
• [ ] https://xz.aliyun.com/t/8705
• [ ] https://xz.aliyun.com/t/7958
• [ ] https://xz.aliyun.com/t/6763
• [ ] https://xz.aliyun.com/t/6325
• [ ] https://xz.aliyun.com/t/5412
• [ ] https://xz.aliyun.com/t/4556
• [ ] https://xz.aliyun.com/t/3526
• [ ] https://xz.aliyun.com/t/153
• [ ] https://xz.aliyun.com/t/12879
• [ ] https://www.freebuf.com/news/374367.html
• [ ] https://www.ibm.com/cn-zh/topics/phishing
• [ ] https://baike.baidu.com/item/%E7%BD%91%E7%BB%9C%E9%92%93%E9%B1%BC/1401858
• [ ] 什么是网络钓鱼？
• [ ] https://www.kaspersky.com.cn/resource-center/definitions/spear-phishing
• [ ] https://powerdmarc.com/zh/phishing-vs-spoofing/
• [ ] https://powerdmarc.com/zh/why-is-phishing-so-effective/
• [ ] https://www.secrss.com/articles/50739
• [ ] https://www.secrss.com/articles/27115
• [ ] https://help.eset.com/ems/6/zh-CN/antiphishing.html
• [ ] https://www.zhihu.com/question/348776633
• [ ] https://www.4hou.com/posts/nmOP
• [ ] https://www.51cto.com/article/223380.html
• [ ] https://www.wangan.com/wenda/7497
• [ ] 网络钓鱼-101-关于网络钓鱼攻击的初学者指南
• [ ] http://www.cnetsec.com/article/32731.html
• [ ] https://www.icann.org/resources/pages/phishing-2013-05-03-zh
• [ ] https://academy.binance.com/zh/articles/what-is-phishing
• [ ] https://www.freebuf.com/tag/%E7%BD%91%E7%BB%9C%E9%92%93%E9%B1%BC

三、钓鱼项目

• [ ] https://github.com/topics/phishing
• [ ] https://github.com/kgretzky/evilginx2
• [ ] https://github.com/rev1si0n/another-tmp-mailbox
• [ ] https://github.com/makdosx/mip22
• [ ] https://github.com/SkewwG/henggeFish
• [ ] https://github.com/taielab/Taie-AutoPhishing
• [ ] https://github.com/winezer0/FishingAutoMonitor
• [ ] https://github.com/5icorgi/SpoofWeb
• [ ] https://github.com/tib36/PhishingBook
• [ ] https://github.com/bingpo/FishingAutoMonitor
• [ ] https://www.freebuf.com/news/374367.html

02-钓鱼攻击技术

一、批量发送邮件

• https://github.com/chenjj/espoofer
• https://github.com/Jinnrry/PMail

二、钓鱼邮件模板

三、钓鱼网站制作

• https://mp.weixin.qq.com/s/2QDLDuOS_ieknSgrF2bz2w

四、钓鱼样本分析

五、鱼钩隐藏技术

03-钓鱼攻击工具

一、优秀工具

二、开源工具

04-钓鱼漏洞研究

• https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed
• https://github.com/j5s/CVE-2021-40444

05-钓鱼技术参考

• https://github.com/Getshell/BypassAV