Skip to content

The NodeZero Phishing Script

Experimental

Under Testing, Limited Access Only User experience is subject to change.

Setting up your first phishing pentest requires understanding of the NodeZero Phishing Script, how it works, and what it can do. This page helps answer those questions.

How it works

The NodeZero Phishing Script works by identifying the username and passwords inputs on the login page and submitting them to NodeZero.

The phishing script is currently setup to work on login pages that have a form containing a username/email, password, and a submit button. It does not capture other fields.

Since login pages vary we need a flexible way to capture what input is the username, password, and submit. The script leverages an allowlist of words within the script to automatically find the username, password, and submit inputs. If the script cannot detect these fields then it will require light updates and troubleshooting to the script.

Troubleshooting the NodeZero Phishing Script

This section provides tips for troubleshooting problems with the NodeZero Phishing Script. If you have additional issues or questions please reach out to Horizon3.ai support.

The red test banner is not going away

Open the landing page source code and ensure it contains the following line.

const testModeEnabled = false

If the value is set to true, change it to false.

If you cannot find the line on the page, regenerate and replace the phishing script into the login page. Then, find the line and change the value from true to false.

After updating the source code, be sure to press the Refresh button on your browser to reload the page.

Credentials are not showing up on the red banner in test mode

If you notice that the script is not reflecting credentials as you type, then the script is not detecting the form inputs on the landing page. Try the following approach.

The way the script finds the username, password and submit inputs is with the following wordlists within the script.

const lowercaseUsernameTerms = ['email', 'username', 'uname']
const lowercasePasswordTerms = ['password']
const lowercaseSubmitTerms = ['submit', 'sign in', 'log in']

Let's imagine that the username field is not being correctly captured. In order to troubleshoot you can open the developer tools in your browser and inspect the input element. In this case the HTML attributes on the input are user and our wordlist for lowercaseUsernameTerms does not include user we can add this item to the wordlist and refresh the page and test again.

const lowercaseUsernameTerms = ['email', 'username', 'uname', 'user']

Horizon3 Troubleshooting Inputs

Type into the username field and see if the credential reflects back. If so, you're good to proceed on to the next steps.

Horizon3 Troubleshooting Inputs Success

The banner does not turn green when submitting credentials

If you notice the test mode banner does not turn green and indicate success after submitting credentials, there may be an issue with the API Key used by the script. The generated phishing script is specific to a single phishing test and cannot be reused.

Try regenerating and replacing the phishing script in the login page.

I don't want to show the Incorrect Login Credentials message

Open the landing page source code and ensure it contains the following line.

const showIncorrectCredentialsError = false

If the value is set to true, change it to false.

If you cannot find the line on the page, regenerate and replace the phishing script into the login page. Then, find the line and change the value from true to false.

After updating the source code, be sure to press the Refresh button on your browser to reload the page.