Project

moby.rb

0.0
The project is in a healthy, maintained state
moby.rbthoran/mobyHomepageDocumentationSource CodeBug TrackerWiki
Sometimes when they go fishing, they get a whale and it sinks their boat. Moby is a counter-phishing tool that floods phishing websites with fake login credentials, making harvested data useless.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
1,818
Stars
8
Forks
1
Watchers
1
 Releases
Current version
1.0.0
Total releases
1
First release
2026-01-08
Latest release
2026-01-08
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2024-07-02
Reverse Dependencies
0

 Dependencies

Development

minitest
>= 0
minitest-spec-context
>= 0
rake
>= 0
webmock
>= 0

Runtime

mechanize
~> 2
switches.rb
~> 0
 Project Readme

moby

Version Status

Description

"Sometimes when they go fishing, they get a whale and it sinks their boat."

Moby is a credentials poisoning tool which floods phishing forms with fake credentials. When phishing operations collect data, the overwhelming volume of fake credentials makes the collected data worthless.

Use responsibly. Only target confirmed phishing sites.

Installation

Prerequisites

  1. Some version of Ruby.
  2. *nix, so that it has access to /usr/share/dict/words.

1. via RubyGems

$ gem install moby.rb

2. via Bundler

Add to your Gemfile:

gem 'moby.rb'

Then run:

$ bundle install

3. via Homebrew

$ brew tap thoran/tap
$ brew install thoran/tap/moby

4. via git

$ git clone git@github.com:thoran/moby.git
$ cd moby
$ bundle install
$ rake test

Usage

From the command line

1. Specify form name and field names

$ moby --url https://phishing.site --form_name form-name --username_field_name login --password_field_name password

2. Specify form name and field names with short switches

This is the same as above, but using alternate switches:

$ moby --url https://phishing.site --f form-name --user_field login --pass_field password

3. Specify form number and field numbers

This selects the second form on the page (using zero-based indexing) and the first and second fields:

$ moby --url https://phishing.site --form_number 1 --username_field_number 0 --password_field_number 1

4. Specify form number and field numbers with short switches

This selects the second form on the page (using zero-based indexing) and the first and second fields:

$ moby --url https://phishing.site --form_number 1 --user_field_number 0 --pass_field_number 1

5. Specify nothing but the URL

$ moby --url https://phishing.site

This is equivalent to:

$ moby --url https://phishing.site --form_number 0 --username_field_number 0 --password_field_number 1

6. With other options

$ moby --url https://phishing.site --debug --user_agent 'Mozilla/5.0' --username_hostname mydomain.com --username_is_email_address  --verbose

Note that username_hostname is useful only if username_is_email_address is true.

From within Ruby

1. Specify form name and field names

require 'moby'

moby = Moby.new(
  url: 'https://phishing.site',
  form_name: 'form-name',
  username_field_name: 'login',
  password_field_name: 'password'
)
moby.counter_phish

2. Specify form number and field numbers

This selects the second form on the page (using zero-based indexing) and uses the first and second fields therein:

require 'moby'

moby = Moby.new(
  url: 'https://phishing.site',
  form_number: 1,
  username_field_number: 0,
  password_field_number: 1,
)
moby.counter_phish

3. Specify nothing but the URL

require 'moby'

moby = Moby.new(
  url: 'https://phishing.site',
)
moby.counter_phish

This is equivalent to:

require 'moby'

moby = Moby.new(
  url: 'https://phishing.site',
  form_number: 0,
  username_field_number: 0,
  password_field_number: 1,
)
moby.counter_phish

4. With other options

require 'moby'

moby = Moby.new(
  url: 'https://phishing.site',
  debug: true,
  user_agent: 'Mozilla/5.0',
  username_hostname: 'mydomain.com', # Only useful if username_is_email_address is true.
  username_is_email_address: true,
  verbose: true
)
moby.counter_phish

Note that there's no equivalent short names for constructor arguments.

Contributing

  1. Fork it: https://github.com/thoran/moby/fork
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Create a new pull request