Sponsored
Bugbounty Tools

pwnSpoof – Create Realistic Spoofed Log

Hey Folks, today in this tutorial we have an amazing tool for all of you which can give you fake spoof log by generating. pwnSpoof (from Punk Security) generates realistic spoofed log files for common web servers with customisable attack scenarios. Every log bundle is unique and completely customisable, making it perfect for generating CTF scenarios and for training serials.

Letโ€™s take a look ๐Ÿ™‚ !!

Installation

It is quite easy to deploy this tool in any kali linux operating system. First we need to clone the repository from Github via git clone command, enter the directory and thatโ€™s it. Now we can operate this tool with the help of โ€œpython3โ€ utility.

git clone https://github.com/punk-security/
cd pwnspoof
python pwnspoof.py --help

Hmm ๐Ÿ™‚ !! Like other tools, it also has a help command which we can use to find the use case of this tool.

IIS Spoof Fake Logs

Weโ€™re excited to see how impressive results we get with this tool. So first we try to generate fake IIS logs against a website and we get success. As you can see below it has generated all the logs in order which looks very real.

python3 pwnspoof.py banking --server-fqdn test.php.com --attack-type bruteforce --server-type IIS --out iis.log

NGINX logs

You can also specify your server name if you want to generate server wise logs.

python3 pwnspoof.py banking --server-fqdn test.php.com --attack-type command_injection --server-type NGINX

Attackers IP Address

This feature will allow us to create spoof logs with different IP addresses so that the logs look impressive.

python3 pwnspoof.py banking --spoofed-attacks 3 --iocs
About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
Sponsored
Shubham Goyal

A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.

Recent Posts

Gau (GetAllUrls) – Find Known and Hidden URL

The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…

4 months ago

Jsluicepp – Burp Extension for JS Secrets – BugBountyTip

Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…

9 months ago

Bypassing Firewalls (WAF) with XSS Payloads

Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…

9 months ago

Termux Cheat Sheet for Hackers

Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…

1 year ago

Cracking the X-Factor in Cybersecurity: How Humans are Protecting the Systems?

Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…

2 years ago

Cariddi – Hidden Endpoint Finder for Bug Hunting

Hey Folks, we are back today after such a long break, but don't worry we…

3 years ago
Sponsored

This website uses cookies.