Phishing - “practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.” (Hadnagy, Fincher. Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. Wiley, 2015).
SMiShing- “the act of using mobile phone text messages, SMS (Short Message Service), to lure victims into immediate action. This action may include downloading mobile malware, visiting a malicious website, or calling a fraudulent phone number.”
Vishing- "practice of eliciting information or attempting to influence action via the telephone."
Impersonation- “practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.”
The Hacker's Playbook 3: Social Engineering - pg. 174
Social Engineering: The Science of Human Hacking - Christopher Hadnagy
Advanced Penetration Testing: Advanced Concepts in Social Engineering- pg. 194
Hacking: The next generation - Infiltrating the phishing underground: learning from online criminals, pg 177
Social Engineers Toolkit - The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly
BeeLogger - Generate Gmail Emailing Keyloggers to Windows.
evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
NecroBrowser - Necrobrowser is a browser instrumentation microservice written in NodeJS: it uses the Puppeteer library to control instances of Chrome or Firefox in headless and GUI mode.
catphish - Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.
FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
TigerShark - Bilingual PhishingKit. TigerShark integrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Zphisher - An automated phishing tool with 30+ templates.
SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
SocialFish - Educational Phishing Tool & Information Collector
shellphish - Phishing Tool for Instagram, Facebook, Twitter, Snapchat, Github