Exomind is a tool designed to deliver targetted phising attacks through social networks. In order to do this we must first retrieve information from them in an OSINT fashion, this information is then used to impersonate key individuals whose fake online profiles can be used as the delivery medium for links into handcrafted webpages.

The most sophisticated attack that we have implemented so far is a sub-network replication attack, this means we are not only impersonating one individual, but also creating fake profiles for a big-enough part of his subnetwork. This lets us detach from profiles of real people who may perceive the attack, and also gives us more control on the topology of the network.

# gutes is our attack target
gutes = Graph.TwitterProfile("http://twitter.com/gutes")

# exomind is the user that will impersonate gutes.
# cloneProfile clones the look and feel (theme, image, colors, etc...)
exomind = Graph.ControlledTwitterProfile("http://twitter.com/exomindtest1", "password")

# Test cloneFollowingStealth
# We first instantiate the bots for the profiles Exomind controls
exoclone = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone", "password")
exoclone1 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone1", "password")
exoclone2 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone2", "password")
exoclone3 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone3", "password")
exoclone4 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone4", "password")
exoclone5 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone5", "password")

#  Then for each user of the real sub-network we want to clone and follow, a bot
# is asisnged to that user. That can be done using the id or the screen-name of
# the target user.
followersTest = { 17157238 : exoclone, "axelbrz":exoclone1,
                 "MarioVilas":exoclone2, "eglinsky":exoclone3,
                 "tutterr":exoclone4, "whead":exoclone5,}
exomind.cloneFollowingStealth(gutes, followersTest)

The last version of the tool is available HERE. The previous version of Exomind is also available. Features of both of them are still not unified.

Features we are going to implement in coming versions

  • Graph plotting. This as available on the old version but has to be reimplemented.
  • Implement another social network where crawling has to be used. We currently only support twitter on the last version and via its API.
  • Migrate into the new version the social network reconstruction feature and leverage the data it generates into the sub-network replication attacks.

Known Issues

  • In some rare cases twython looses the authentication information. I was not able to reproduce this in order to report a bug.
  • The API calls to twitter via twython take too long to complete. Longer than manually using curl over the command line. I believe this is due to some authentication token being sent wrongly before the correct ones, but it also seems like a bug in twython.

Platforms: Linux

Release date: 2008-10-08

License type: Apache

Related information

Projects: Exomind

LeakedOut: the Social Networks You Get Caught In | State of the Art Automation of Open Source Intelligence and Impersonation in Social Networks