Merith666
Pixel Perfectionist
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Hey Folks, today in this tutorial we have an amazing tool for all of you which can give you fake spoof log by generating. pwnSpoof (from Punk Security) generates realistic spoofed log files for common web servers with customisable attack scenarios. Every log bundle is unique and completely customisable, making it perfect for generating CTF scenarios and for training serials.
Let’s take a look
!!Installation
It is quite easy to deploy this tool in any kali linux operating system. First we need to clone the repository from Github via git clone command, enter the directory and that’s it. Now we can operate this tool with the help of “python3” utility.
git clone https://github.com/punk-security/
cd pwnspoof
python pwnspoof.py --help123git clone
https://github.com/punk-security/cd pwnspoofpython pwnspoof.py--help
Hmm
!! Like other tools, it also has a help command which we can use to find the use case of this tool.
IIS Spoof Fake Logs
We’re excited to see how impressive results we get with this tool. So first we try to generate fake IIS logs against a website and we get success. As you can see below it has generated all the logs in order which looks very real.
python3 pwnspoof.py banking --server-fqdn test.php.com --attack-type bruteforce --server-type IIS --out iis.log1python3 pwnspoof.py banking--server-fqdn test.php.com--attack-type bruteforce--server-type IIS--out iis.log
NGINX logs
You can also specify your server name if you want to generate server wise logs.
python3 pwnspoof.py banking --server-fqdn test.php.com --attack-type command_injection --server-type NGINX1python3 pwnspoof.py banking--server-fqdn test.php.com--attack-type command_injection--server-type NGINX
Attackers IP Address
This feature will allow us to create spoof logs with different IP addresses so that the logs look impressive.
python3 pwnspoof.py banking --spoofed-attacks 3 --iocs1python3 pwnspoof.py banking--spoofed-attacks3--iocs
