Tangled is a phishing platform designed from an offensive security perspective.
It automates many of the aspects of social engineering campaigns delivery and weaponizes iCalendar rendering features in Microsoft Outlook & Gmail (Google Workspace) to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction.

Read the technical breakdown: Abusing automatic calendar processing for initial access and lateral movement.

A complete documentation reference can be found in Gitbook.

Tangled runs as docker containers so installing it is very easy. First of all, clone the repository:

git clone https://github.com/ineesdv/Tangled.git

Then, configure the environment variables

cd tangled
cp .env.example .env
nano .env # edit them!

Start it by running ./start.sh or simply by executing:

docker-compose up -d

This will start three containers and set up Tangled frontend on port 8080, where you can log in with your admin credentials.

• RenderBender - Nate Subra's research
• Internet Calendaring and Scheduling Core Object Specification
• GoPhish

Contributions and suggestions are always welcome! If you encounter a bug or have a feature request, feel free to send me a DM, open an issue, or submit a pull request.

I will be working on expanding the platform and fixing bugs as my free time permits, so I’d love to hear new ideas.

This platform is intended for red team professionals and offensive security researchers. Use it ethically, responsibly, and in accordance with all applicable laws and regulations.

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.