Miscellaneous demos and scripts for user awareness campaigns. These are odds and ends assembled based on some common asks from phishing campaigns of the past. More detail about usage and extending the payloads is in the blog: https://www.secureideas.com/blog/tartar-sauce-for-your-phishing-program
Note: These materials are for demonstrations and user awareness exercises conducted with the target organization's permission. Don't use them for evil.
- bootstrap_template.xlsm: An excel workbook with VBA pre-written for a few relatively benign payloads, such as writing a text file and opening it in notepad. Configuration is on the
.configsheet, which can be hidden once configured. Any other sheets added and populated to support an appropriate ruse. Note that in most cases today, the user will need to explicitly enable macros.
- showgo.js: A tiny JavaScript library for masking where links are pointed. Show one URL on hover and go to another, using the
data-go-urlattribute, for example:
<a href="https://trustworthysite.test" data-go-url="https://realdestination.test">Text to click</a>