Lure - User Recon Automation for GoPhish
Lure assists in phishing target collection by pulling and parsing email addresses for a target organization. The results are normalized into a format recognized by GoPhish, and then uploaded to the server.
Lure currently searches the following, but more sources are being added all the time.
Source | Authenticated? | Default? |
---|---|---|
Hunter.io | Yes | No |
TheHarvester | No | No |
LinkedIn* | Yes | No |
Website Scrape | No | Yes |
- LinkedIn searching leverages the Bing API, Not the LinkedIn API.
Where possible and practical, Lure uses web scraping to eliminate the need of API Keys. However, some services have provide better options in terms of number of results, lack of throttling, or access to additional information when an API key is used. By default, config.py uses only unauthenticated sources. We highly recommend registering for the services that use API keys, as most offer free accounts and will give you much better results.
- Clone the git repo:
git clone https://github.com/highmeh/lure/lure.git
- Install the prerequisites:
pip3 install -r requirements.txt
- Edit config.py to ensure your API keys and paths are correct.
- Give lure a domain to search and wait:
./lure.py -d microsoft.com
You can use the ./lure.py -d domain.com -f /path/to/file.csv
options to import a csv file in GoPhish format. Lure will append any search results to that list before uploading it.
Use ./lure.py -t
to generate a CSV template.
Yes, edit resources/config.py and change the sources to "True" or "False"
Disable theHarvester in resources/config.py. theHarvester takes a long time to generate very few results.
Lure was designed to be used along side GoPhish, but some users understandably wanted to use it for OSINT only. As of version 0.3, you can use the "-x" switch to ignore the GoPhish server options entirely and just perform email collection.
Use "-c" for Comma-Separated Value output, or "-p" to print e-mail addresses only.
Create an exclusions file. Add the emails you want to exclude, one per line, into a text file and run lure with the "-e file.txt" option.
Edit resources/config.py. You can run mv resources/config.sample.py resources/config.py
to fill in the configuration template.
GoPhish will not accept invalid entries. If one of the email addresses is collected erroneously and ends up being "username@[email protected]", "[email protected]", etc, it will be rejected during the upload. It also uses excludes duplicate emails.
20191028: v0.2 Released. Adds function to print records to stdout (-p flag). Adds in webpage email scraping for common webpage locations (on by default). Built in some error logic for domains that are invalid or return no results.
20191122: v0.3 Released. Suppress the upload to GoPhish (OSINT Only Mode) (-x). Exclude emails from an exclusion list (-e excludes.txt). Print emails only (-p). Print CSV Contents (-c).
20191125: v0.4 Released. Adds support for MailsHunt and for GitHub searches. Reorganized config.sample.py for easier reading/parsing. Minor bug fixes.
20230730: v0.4 Updated. Changed how data is received from hunter.io and bing/linkedin searches. Note that HIBP is currently broken.