Search the Community

Combination of evilginx2 and GoPhish. Disclaimer I shall not be responsible or liable for any misuse or illegitimate use of this software. This software is only to be used in authorized penetration testing or red team engagements where the operator(s) has(ve) been given explicit written permission to carry out social engineering. [hide][Hidden Content]]

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of the nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. The present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use. Changelog v2.4 Feature: Create and set up pre-phish HTML templates for your campaigns. Create your HTML file and place {lure_url_html} or {lure_url_js} in code to manage redirection to the phishing page with any form of user interaction. Command: lures edit <id> template <template> Feature: Create customized hostnames for every phishing lure. Command: lures edit <id> hostname <hostname>. Feature: Support for routing connection via SOCKS5 and HTTP(S) proxies. Command: proxy. Feature: IP blacklist with automated IP address blacklisting and blocking on all or unauthorized requests. Command: blacklist Feature: Custom parameters can now be embedded encrypted in the phishing url. Command: lures get-url <id> param1=value1 param2="value2 with spaces". Feature: Requests to phishing urls can now be rejected if User-Agent of the visitor doesn’t match the whitelist regular expression filter for given lure. Command: lures edit <id> ua_filter <regexp> List of custom parameters can now be imported directly from file (text, csv, json). Command: lures get-url <id> import <params_file>. Generated phishing urls can now be exported to file (text, csv, json). Command: lures get-url <id> import <params_file> export <export_file> <text|csv|json>. Fixed: Requesting LetsEncrypt certificates multiple times without restarting. Subsequent requests would result in “No embedded JWK in JWS header” error. Removed setting custom parameters in lures options. Parameters will now only be sent encoded with the phishing url. Added with_params option to sub_filter allowing to enable the sub_filter only when specific parameter was set with the phishing url. Made command help screen easier to read. Improved autofill for lures edit commands and switched positions of <id> and the variable name. Increased the duration of whitelisting authorized connections for whole IP address from 15 seconds to 10 minutes. [hide][Hidden Content]]