HiddenEye : Modern Phishing Tool With Advanced Functionality

HiddenEye is a modern phishing tool with advanced functionality and it also currently have Android support. Now you will have live information about the victims such as : IP ADDRESS, Geolocation, ISP, Country, & many more.

TESTED ON FOLLOWING

  • Kali Linux – Rolling Edition
  • Parrot OS – Rolling Edition
  • Linux Mint – 18.3 Sylvia
  • Ubuntu – 16.04.3 LTS
  • MacOS High Sierra
  • Arch Linux
  • Manjaro XFCE Edition 17.1.12
  • Black Arch
  • Userland app (For Android Users)

PREREQUISITES

  • Python 3
  • Wget from Python
  • PHP
  • sudo

Also Read – Blisqy : Exploit Time-based Blind-SQL Injection In HTTP-Headers

WHAT’S NEW FEATURES

COMPATIBILITY

  • All the sites are mobile compatible.

KEYLOGGER

  • Now you will also have the ability to capture all the keystokes of victim.
  • You can now Deploy Keyloggers With (Y/N) option.
  • Major issues fixed.

ANDROID SUPPORT

  • We care about Android Users, So now we have came with two ways to run the tool in Android Devices.
    • UserLand App
      • You Have to Download UserLand App. Click Here To Download it.
      • To read more how to set up userland app Read HERE
    • Termux App
      • You Have to Download Termux App. Click Here To Download it.
      • For Further instruction Check Instructions
      • Termux Users Clone With This Command , Unless Errors may occur during Running.

git clone -b Termux-Support-Branch https://github.com/DarkSecDevelopers/HiddenEye.git

NEW LOOK PROVIDED

  • NOW FOCUS EASILY ON TASKS…
  • CUSTOMIZE APP WITH YOUR OWN THEMES

SERVEO URL TYPE SELECTION AVAILABLE NOW

  • Major issues with serveo is fixed.
  • Now You can choose out of CUSTOM URL and RANDOM URL.

LARGE COLLECTION OF PHISHING PAGES ADDED

  • Pages are taken from various tool including ShellPhish , Blackeye , SocialFish .

HOW TO INSTALL

  • BlackArch official repository

sudo pacman -S hidden-eye

to run just use

sudo hidden-eye

  • CLONE

git clone https://github.com/DarkSecDevelopers/HiddenEye.git

RUNNING (In Linux)

cd HiddenEye
sudo apt install python3-pip
sudo pip3 install -r requirements.txt
chmod 777 HiddenEye.py
python3 HiddenEye.py

OR

./HiddenEye.py

RUNNING (Arch Linux or Manjaro)

cd HiddenEye
sudo pacman -Syu
sudo pacman -S python-pip
sudo pip3 install -r requirements.txt
chmod 777 HiddenEye.py
sudo python3 HiddenEye.py

OR

sudo ./HiddenEye.py

FOR ANDROID USERS

  • INSTALLING IN (USERLAND APP)
    • Install userland app from playstore.
    • Set up app and install kali from app.Set ssh username(anyname) and password.
    • When kali will run it’ll ask for password type the ssh password.Then do su.After that kali will run on your device wothout root and do apt update For more info read here (https://null-byte.wonderhowto.com/how-to/android-for-hackers-turn-android-phone-into-hacking-device-without-root-0189649/)

apt install python3 && python3-pip && unzip && php && git
git clone https://github.com/DarkSecDevelopers/HiddenEye.git
cd HiddenEye
chmod 777 HiddenEye.py
pip3 install -r requirements.txt
python3 HiddenEye.py

  • INSTALLING IN (TERMUX APP)
    • First install { Termux } from Playstore.
    • After opening Follow below commands One by one

pkg install git python php curl openssh grep
pip3 install wget
git clone -b Termux-Support-Branch https://github.com/DarkSecDevelopers/HiddenEye.git
cd HiddenEye
chmod 777 HiddenEye.py
python HiddenEye.py
or
./HiddenEye.py

ONE LINE COMMAND TO INSTALL IN TERMUX(ANDROID)

  • First install { Termux } from Playstore.
  • After opening Copy and run this Single Command.

pkg install git python php curl openssh grep && pip3 install wget && git clone -b Termux-Support-Branch https://github.com/DarkSecDevelopers/HiddenEye.git && cd HiddenEye && chmod 777 HiddenEye.py && python HiddenEye.py

AVAILABLE PAGES

  • Facebook:
    • Traditional Facebook login page.
    • Advanced Poll Method.
    • Fake Security login with Facebook Page.
    • Facebook messenger login page.
  • Google:
    • Traditional Google login page.
    • Advanced Poll Method.
    • New Google Page.
  • LinkedIn:
    • Traditional LinkedIn login page.
  • Github:
    • Traditional Github login page.
  • Stackoverflow:
    • Traditional Stackoverflow login page.
  • WordPress:
    • Similar WordPress login page.
  • Twitter:
    • Traditional Twitter login page.
  • Instagram:
    • Traditional Instagram login page.
    • Instagram Autoliker Phishing Page.
    • Instagram Profile Scenario Advanced attack.
    • Instagram Badge Verify Attack [New]
    • Instagram AutoFollower Phishing Page by (https://github.com/thelinuxchoice)
  • SNAPCHAT PHISHING:
    • Traditional Snapchat Login Page
  • YAHOO PHISHING:
    • Traditional Yahoo Login Page
  • TWITCH PHISHING:
    • Traditional Twitch Login Page [ Login With Facebook Also Available ]
  • MICROSOFT PHISHING:
    • Traditional Microsoft-Live Web Login Page
  • STEAM PHISHING:
    • Traditional Steam Web Login Page
  • VK PHISHING:
    • Traditional VK Web Login Page
    • Advanced Poll Method
  • ICLOUD PHISHING:
    • Traditional iCloud Web Login Page
  • GitLab PHISHING:
    • Traditional GitLab Login Page
  • NetFlix PHISHING:
    • Traditional Netflix Login Page
  • Origin PHISHING:
    • Traditional Origin Login Page
  • Pinterest PHISHING:
    • Traditional Pinterest Login Page
  • Protonmail PHISHING:
    • Traditional Protonmail Login Page
  • Spotify PHISHING:
    • Traditional Spotify Login Page
  • Quora PHISHING:
    • Traditional Quora Login Page
  • PornHub PHISHING:
    • Traditional PornHub Login Page
  • Adobe PHISHING:
    • Traditional Adobe Login Page
  • Badoo PHISHING:
    • Traditional Badoo Login Page
  • CryptoCurrency PHISHING:
    • Traditional CryptoCurrency Login Page
  • DevianArt PHISHING:
    • Traditional DevianArt Login Page
  • DropBox PHISHING:
    • Traditional DropBox Login Page
  • eBay PHISHING:
    • Traditional eBay Login Page
  • MySpace PHISHING:
    • Traditional Myspace Login Page
  • PayPal PHISHING:
    • Traditional PayPal Login Page
  • Shopify PHISHING:
    • Traditional Shopify Login Page
  • Verizon PHISHING:
    • Traditional Verizon Login Page
  • Yandex PHISHING:
    • Traditional Yandex Login Page

Ascii error fix

  • dpkg-reconfigure locales
  • Then select: “All locales” Then select “en_US.UTF-8”
  • After that reboot your machine. Then open terminal and run the command: “locale”
  • There you will see “en_US.UTF-8” which is the default language. Instead of POSIX.

DISCLAIMER

TO BE USED FOR EDUCATIONAL PURPOSES ONLY

The use of the this tool is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. Please read LICENSE.

CREDIT

  • Anonud4y
  • Usama
  • sTiKyt
  • UNDEADSEC
  • TheLinuxChoice
R K

Recent Posts

Bomber : Navigating Security Vulnerabilities In SBOMs

bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…

15 hours ago

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In PNG Files

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…

15 hours ago

Exploit Street – Navigating The New Terrain Of Windows LPEs

Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…

3 days ago

ShadowDumper – Advanced Techniques For LSASS Memory Extraction

Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…

4 days ago

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago