This Python script simulates a malicious email delivery attack that sends an email containing a fake PDF attachment with an embedded malicious payload. The email message appears to be from a trusted sender, prompting the recipient to open the attached document, which contains a hidden executable payload. The script is designed to simulate realistic email behavior, including random delays and email formatting.
Note: This script is for educational purposes only. It is crucial to use this responsibly in a controlled environment, such as a security training lab or penetration testing scenario, to demonstrate the risks of phishing and malware attacks.
- Fake Email Generation: Creates a fake email with a misleading subject and message body, making it appear as if it is a legitimate communication from a trusted source.
- Fake PDF Attachment: Attaches a fake PDF file that actually contains a base64-encoded malicious payload.
- Malicious Payload Encoding: Encodes the malicious payload to avoid detection by security software.
- SMTP Email Sending: Uses an SMTP server (Gmail in this case) to send the crafted email.
- Simulated Execution: Simulates the execution of the malicious payload on the recipient's machine (in a controlled, safe environment).
Before running the script, ensure the following:
- Python 3.x installed on your machine.
- The following Python libraries must be installed:
smtplibemailbase64osrandomtime
You can install any missing dependencies with pip.
-
Modify the Email Details:
- Set the
senderandrecipientemail addresses at the top of the script to your desired values. - Replace the
payload_pathwith the path to the malicious payload file you wish to encode (e.g.,.exeor other executable file).
- Set the
-
Configure the SMTP Server:
- The script currently uses Gmail's SMTP server (
smtp.gmail.comon port 587) for email delivery. - Ensure the sender's Gmail account is properly configured to allow SMTP connections.
- Replace
'example_password'with the actual password for the sender's Gmail account.
- The script currently uses Gmail's SMTP server (
-
Run the Script:
- Run the script by executing it in your terminal or Python environment.
- The email will be sent to the recipient with the fake PDF attachment.
-
Testing (Optional):
- The script includes a simulated payload execution (
os.system(payload_path)), which should only be tested in a safe, isolated environment (e.g., virtual machines or sandboxes).
- The script includes a simulated payload execution (
This script is for educational purposes to demonstrate the potential risks of phishing and email-based malware delivery. It is intended for use in controlled environments, such as penetration testing labs or cybersecurity training, and should never be used for malicious purposes. Always ensure you have proper consent before testing any scripts on live systems.
Running this script outside a safe, controlled environment can be illegal and unethical. Do not send emails like this without explicit permission, as it can cause real harm to individuals and organizations.
This script has no license therefore I own All Rights you can look at my code but you're not allowed to use it in any way whatsoever. if you use this script in any way and I find out about it and can prove it then I'm going to get your money because I like money. So does my attorney.
The author of this script is not responsible for any misuse, damage, or harm caused by its execution. I own All rights to this program and no one is allowed to use it in any way. under no circumstances is anyone allowed to use my program for any purpose whatsoever I've shown the code but it's not open source even though you can see it, doesn't mean that you own the rights to it no I own All rights to this.