Pentest Networks from Your Browser

Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel.

Want to be part of our beta? Get free early access and a lifetime 20% discount when it's released.

Try the Beta Now »

Share

Target end-user workstations and see networks like attackers do. Simply send an e-mail or HTML to lure your targets in.

Pillage

Mine information from the target's browser, upstream network, and fingerprint all hosts around them.

Report

Everything is securely reported back and beautifully presented to you providing network insights and vulnerabilities.

Screenshot of e-mail crafting

Craft E-mails

Zero setup, instant insights

Design and send compelling spearphishing e-mails to your targets. Simply write your e-mail and send from one of our domains or add your own custom one.

All messages are uniquely tracked so you can see exactly who it was delivered to, opened, and clicked links. Save time by leaving your infrastructure to us, everything is instrumented to give insights into exactly where your messages are going.

Screenshot of results page

Pillage Information

Understand your target environment

For anyone who clicks we'll gather as much information as possible, you set how aggressive you want to be. Once they click the link they'll see a legitimate site, or be sent to your own server, whichever you choose. At the same time they're engaged in the innocuous website Black Squirrel will be collecting:

  • IP addresses for all their adapters
  • Browser plugins
  • Other host's IP addresses on their internal network
  • Fingerprinting other hosts in the network
  • Any custom actions you add

All done through the victims browser without any special privileges required.

Screenshot of e-mail report

Generate Reports

Robust reporting for you and your clients

Easily view reports on the success of your spearphishing and let your customer know which of their employees needs more training.

Every nugget pillaged information is available to give you a snapshot of the network and detailed information on every host around. Use this knowledge to identify different internal network segments, vulnerabilities in target's browsers, and other vulnerable hosts in the network.

Everything is updated in real time, as targets open your messages you'll see results instantly appear.

Screenshot of code for custom plugin

Custom Payloads

Extensible, for the true hacker

Build your own plugins for custom fingerprinting or exploits. You can write Javascript plugins which uses the Black Squirrel framework to do things like find all TP-Link routers, attempt credentials, and on success execute a command to send you a reverse shell.

Beyond spearphishing, you can also include BlackSquirrel as your payload for cross site scripting or any other client side attacks.

Plan pricing starting at $47/month. Join the beta to get early access and a lifetime 20% discount.

Try the Beta Now »