phishing-frenzy icon indicating copy to clipboard operation
phishing-frenzy copied to clipboard

Published 20 hours ago verified publisher icon pentestgeek

Report should allow visit download report (nt)

Open Meatballs1 opened this issue 9 years ago • 6 comments

Meatballs1 avatar Jul 20 '15 14:07 Meatballs1

More details here, dont understand what we are after...

zeknox avatar Jul 20 '15 16:07 zeknox

If you click on each Visitor, you can see the Visits. However there isn't a straightforward way to get them out in a tabular form.

I would also like to extend Visits to get more information such as protocol (e.g. http/https) etc.

Meatballs1 avatar Jul 20 '15 19:07 Meatballs1

What do you envision the report would look like? For example you can download the raw apache logs to view all the logs related to the campaign, but it doesn't link to the email address.

You can download the excel spreadsheet which has all the targets in a list and which ones clicked or opened the report. Help me understand what this new report format would look like.

zeknox avatar Jul 20 '15 19:07 zeknox

I dont think the report format contained anything but email address, CLICKED, VISITED for me. I need to look to see if theres a bug, although my environment isn't fully up to date now.

Each Visitor has multiple Visits. So adding these into the existing report format doesn't really work as it would require multiple rows (although it would be useful to put in the last user-agent seen imo).

A seperate report of visits would be helpful which has far more HTTP header information and collates it to the email address would be useful. Each email address may have multiple lines though.

The Visit logs often indicate if there is a proxy/security appliance. You can tell as the initial IP is from a different IP. with a different user agent etc. Having to manually collate apache logs with email visitors isn't that joy bringing :)

Meatballs1 avatar Jul 20 '15 19:07 Meatballs1

I am currently using:

f = File.open('/tmp/phishy.csv', 'w')

f.puts "UID,Firstname,Lastname,Email,Opened?,Clicked?,visit_at,visit_updated_at,browser,ip_address,extra"

Victim.all.each do |victim|

victim.visits.each do |visit|
f.puts "\"#{victim.uid}\",\"#{victim.firstname}\",\"#{victim.lastname}\",\"#{victim.email_address}\",\"#{victim.opened?}\",\"#{victim.clicked?}\",\"#{visit.created_at}\",\"#{visit.updated_at}\",\"#{visit.browser}\",\"#{visit.ip_address}\",\"#{visit.extra}\""
end
end

f.close

Meatballs1 avatar Jul 21 '15 08:07 Meatballs1

Yo @Meatballs1 you still interested in this feature or did the PR https://github.com/pentestgeek/phishing-frenzy/pull/294 suffice for your needs?

zeknox avatar Nov 23 '16 01:11 zeknox