hash3liZer/phishlets hash3liZer/phishlets

  • Stars
    star
    142
  • Rank 258,495 (Top 6 %)
  • Language
  • License
    GNU General Publi...
  • Created over 5 years ago
  • Updated over 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
hash3liZer/phishlets
github

hash3liZer

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Phishlets for Evilginx2 (MITM proxy Framework)

Phishlets

Phishlets are the configuration files in YAML syntax for proxying a legitimate website into a phishing website. They are the building blocks of the tool named evilginx2. https://github.com/kgretzky/evilginx2.

Usage

These phishlets are added in support of some issues in evilginx2 which needs some consideration. All the phishlets here are tested and built on the modified version of evilginx2: https://github.com/hash3liZer/evilginx2. If you find any problem regarding the current version or with any phishlet, make sure to report the issue on github.

Google

These are some precautions you need to take while setting up google phishlet.

  • Make sure Your Server is located in United States (US)
  • Make sure you are using this version of evilginx: https://github.com/hash3liZer/evilginx2
  • If you server is in a country other than United States, manually add the `accounts.gooogle.[country code]` entry in proxy_hosts section, like this: 
{phish_sub: 'accounts-pk', orig_sub: 'accounts', domain: 'google.pk', session: true, is_landing: false, auto_filter: false}

Buggy Phishlets

The following sites have built-in support and protections against MITM frameworks. Hence, there phishlets will prove to be buggy at some point.

  • Google
  • ICloud
If you beleive you have a solution, open a pull request.

Contribution

  • Report Bugs.
  • Use the phishlets in your projects.
  • Give new ideas of the phishlets.
  • Fork it!

More Repositories

1

WiFiBroot

A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also, supports a deauthentication/jammer mode for stress testing
Python
944
star
2

SillyRAT

A Python based RAT 🐀 (Remote Access Trojan) for getting reverse shell 🖥️
Python
687
star
3

Subrake

🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).
CSS
283
star
4

wifijammer

Wireless Jammer to Disconnect Nearby Access-Points and Stations.
Python
196
star
5

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Go
96
star
6

airpydump

Analyze Wireless Packets on the fly. Currently supporting three working Modes (Reader, Live, Stealth)
Python
51
star
7

Proxverter

Cross platform system wide proxy server & TLS Interception library for Python
Python
23
star
8

CVE-2019-9978

CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)
Python
20
star
9

Blunder

A Simple Keylogger with the ability of FTP Transfer and Local Storage
C++
19
star
10

BruteList

Combined Worldlist from various projects Including Seclists, fuzzdb and other Database Management Tools
PHP
16
star
11

locohunt

Search for Secrets and Other Confidential Information Through Directories and Files Based on Regex and Search Strings.
Python
10
star
12

Syntax-Checker

A Simple Syntax Checker to check for basic errors in a file. Written in C++
C++
6
star
13

hash3liZer

Hey, Its ME
6
star
14

profileo

🫠 A portfolio that i literally worked on for you 👉🏻👈🏻 CI/CD Integrated.
JavaScript
4
star
15

SubTap

Subdomain Takeover
Python
2
star
16

kysyandbox

Sandbox for KYPO Cyber Range (Testing)
1
star
17

tag

TAG is django powered something platform.
Python
1
star
18

netsand

A Simple network topology designed for KYPO Cyber Range (Scenario)
PHP
1
star
19

khatta

📔 A Khatta (urdu for ledger). Based on Urara 🌸 (A sweet Svelte based theme)
Svelte
1
star