Evilginx2 FULL CAPACITY — Defense (15 outils) + Attack-Lab (11 outils red-team) — pour tester TES infras actuelles + futures

RED-TEAM AUTORISÉ

Outils défensifs

Scans effectués

IOCs détectés

Backends CLI

FIDO2

Solution recommandée

🔍 Scan Headers — IOCs Evilginx (X-Evilginx, X-Phishlet)

curl -I + check IOCs + headers sécurité manquants (HSTS, CSP).

Scannez une URL.

📧 Email Auth — DMARC/SPF/DKIM/MTA-STS

Audit posture anti-spoofing complet incluant DKIM (default + google selectors) + MTA-STS.

Audit.

🔐 TLS Cert — issuer + Let's Encrypt detection

openssl s_client cert info.

Fingerprint.

🛡️ TLS Deep Audit — testssl.sh BEAST/POODLE/etc

testssl.sh full vulns scan ~30s.

Audit ~30s.

🌐 WHOIS — registrar + age domain (red flag <30j)

Detect domaines récents = phishing typique.

WHOIS.

📝 Typosquat — Levenshtein vs 25 marques

Detect similarité avec marques connues.

Check.

🔤 IDN Homograph — cyrillique/grec/punycode

Detect chars Unicode visuellement identiques ASCII.

Check.

🌳 Subdomain Enum — Certificate Transparency crt.sh

Énumère sous-domaines.

Enum.

🚪 Port Scan — nmap 22/80/443/8080/8443/3389

Scan ciblé infra phishing.

Scan.

⚡ Nuclei — exposure/misconfig/phishing high+critical

~25s scan vulnerabilities.

Scan.

🏢 ASN / Reverse DNS — owner + country

whois cymru.com lookup ASN.

Lookup.

📨 Email Header Forensics — paste raw, score 0-100

Auth-Results + From/Return-Path mismatch + Received hops.

Coller + analyser.

📋 IOCs Evilginx2 catalog

IOCs documentés publiquement pour SIEM/EDR/WAF.

Charger.

🎯 Anatomy of attack — 10 étapes Evilginx

Pédagogie + ce qui bloque (FIDO2, CT monitor, DMARC, Conditional Access).

Charger.

🎓 Kit Awareness équipe WEVAL

Topics + GoPhish + FIDO2.

Charger.

🔫 Evilginx Status — binary v3.3.0 + phishlets

Vérifie binary /opt/oss/evilginx2/build/evilginx + phishlets disponibles. Pas démarré sur S204 prod — Yacine deploy sur VPS isolé.

Status.

🎣 Phishlets — bundled + community repo

Liste phishlets YAML disponibles + preview. Repo community : An0nUD4Y/Evilginx2-Phishlets

List.

📖 Setup Guide — VPS isolé + DNS + lures

Guide step-by-step: prérequis VPS, deploy commands, phishlets config, captured data.

Charger.

🌀 DNStwist — generate typosquat permutations registered

dnstwist 20250130 génère permutations + check enregistrés/live. Detect typosquats achetés par attaquants potentiels de TES domaines.

Scan.

🏴 Subdomain Takeover — subzy + crt.sh

Detect CNAMEs orphelins pointant vers ex-services (S3, Azure, Heroku abandonnés). Subdomain takeover = attaquant claim service abandonné.

Check.

🐟 GoPhish v0.12.1 Status

Binary /opt/oss/gophish/gophish + config. Pour campagne phishing autorisée awareness équipe.

Status.

📋 GoPhish Setup + intégration evilginx 3.3.0

Steps complets : config, SMTP, templates, intégration evilginx fork officiel.

Charger.

⚔️ Arsenal red-team S204 — 16 tools

Liste tools red-team installés : evilginx2, gophish, dnstwist, subzy, kingfisher, nuclei, nmap, nikto, sqlmap, hydra, john, hashcat, testssl.sh, httpx, hackingtool, mr-holmes.

List.

✉️ Templates campagne (Re-auth O365, MFA, OneDrive)

3 templates email phishing autorisés awareness équipe + best practices.

Charger.

🔑 Credential parsing — ~/.evilginx/data.db sqlite3

Comment extraire creds + cookies post-campagne + use session cookies in browser.

Charger.

📊 Infrastructure Audit — DMARC+SPF+MTA-STS+DNSSEC+HSTS+CSP+X-Frame score

Score 0-100 red-team readiness de TES domaines. Plus le score est haut, plus l'infra résiste aux phishlets.

Audit.

⚙️ Phishlet Generator NEW D64

Wizard YAML phishlet base : proxy_hosts + sub_filters + auth_tokens + credentials. Yacine adapte ensuite aux specs réels.

Generate.

🪝 Lure URL Builder NEW D64

4 lure options : standard, per-victim tracking, UA filter, redirect post-capture + 7-step setup commands.

Build.

📜 Cert Transparency Monitor NEW D64

Alerte sur certs créés récemment via crt.sh. Détecte attaquants créant LE wildcard pour ton brand.

Scan.

📋 Takeover Fingerprints DB NEW D64

18 providers fingerprints : S3, Heroku, GitHub Pages, Azure, Vercel, Netlify, Shopify, Fastly, Cloudfront, etc.

Load.

🔀 Open Redirect Detect NEW D64

Test 12 patterns redirect param. Open redirect = bypass URL filters phishing.

Test.

🔑 JWT Analyzer NEW D64

Decode JWT (header + payload) + détection vulnérabilités : alg=none, expired, HMAC weakness.

Paste JWT.

🌐 CORS Misconfig NEW D64

Test 3 origins : reflected, null, subdomain confusion. ACAO * + ACAC=true = exploit.

Check.

🛡️ WAF Detection NEW D64

wafw00f-style fingerprint : Cloudflare, Akamai, AWS WAF, Sucuri, Imperva, F5, Fastly, ModSecurity.

Detect.

🔄 Reverse IP Lookup NEW D64

Tous domaines hostés sur même IP via hackertarget.com (50/jour gratuit).

Lookup.

📧 Email Security MEGA Audit NEW D64

Audit complet 10 records DNS : SPF strict + DMARC alignment + DKIM key size + MTA-STS + TLS-RPT + BIMI + DANE/TLSA + CAA + DNSSEC. Score 0-100.

Audit.

📦 HTTP Smuggling Probe NEW D64

Light probe H1/H2 + Transfer-Encoding/Content-Length detection. H2.TE/H2.CL desync indicators.

Probe.

📡 GoPhish API Check NEW D64

Check API responding + auth + campaigns visible. 7 endpoints API documentés.

Check.

Evilginx2 FULL CAPACITY — Defense wevia-oss-evilginx-defensive.php + Attack-Lab wevia-oss-evilginx-redteam.php — 16 tools CLI red-team + 7 tools defensive — Doctrine 369 strict