Search the Community

Showing results for tags 'phishing'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 31 results

  1. The tool is under development. What this tool will explore upon a successful build: Reverse Proxying Sites. Bypassing many limitations during 2FA phishing Capturing POST and JSON request on the fly Forcing Elements in Requests Javascript Injection Cookies Capturing even those from javascript YAML Configuration files. Idea borrowed from evilginx2 Allowing Proxies to be used for each individual upcoming connection Direct DOM element values capturing before form submission or any other event 2FA Bypassed Auto-Cert generation. [hide][Hidden Content]]
  2. Give a Mask to Phishing URL like a PRO MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com). [hide][Hidden Content]]
  3. Light weight phishing framework with 18+ pages. LitePhish provides lite weight phishing pages with clean and minimal interface. It is modified and lite version of grayfish. What's new? Removed: Base64 encoded image, Embeded html in php. Reason : High filesize and low performance Removed: Admin Panel,MetaTags editor, extra things Reason : Unneccessary Re-coded: Webpages were recoded. Reason : To acheive fast loadup and low filesize Added: Sample.html. Reason : To show mechanism of LitePhish, Helpfull in contribution Added: Clicking on textarea will automatically copy URL. Reason : for ease Added: Redirection url as parameter to phishing page. Reason : for ease Added: Clean and colorfull panel. Reason : for good feelings Features Almost, all Templates are under 20KBs that helps in loading webpages fast. Images are encoded in base64 to avoid external + internal linking. Codes are highly compressed. Extra codes have been removed. Login form can't be bypass until all inputs have been filled by a victim. Link with custom preview(image + title + description) when shared on any website. Admin login panel has been created for absolute dummies. Available sites Dropbox Facebook_desktop_homepage Facebook_desktop_static Facebook_mobile + 2FA Facebook_mobile_fake_security Github Garena Free Fire Instagram Linkedin Microsoft Netflix Protonmail Sample (meant for developers) Snapchat Tumblr Messenger Twitter_desktop Wordpress Yahoo [hide][Hidden Content]]
  4. Requirements: Ngrok PHP [hide][Hidden Content]]
  5. ABOUT TOOL : mrphish is a bash based script which is officially made for phish*ng social media accounts with portforwarding and otp bypassing cntrole. This tool works on both rooted Android device and Non-rooted Android device. AVAILABLE ON : Termux TESTED ON : Termux REQUIREMENTS : internet php storage 400 MB ngrok Token FEATURES : [+] Instagram Login Page ! [+] Updated maintainence ! [+] 1 Port Forwarding Option ! [+] Easy for Beginners ! [hide][Hidden Content]]
  6. itsMe

    Advance Phishing Tool 2.1

    TECHNIQUE When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. Advance Phishing Tool 2.1 Bug Fixes Change Designed 01 Error Solved Advance Phishing Method Add Real Domain Phishing Link [hide][Hidden Content]]
  7. evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of the nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. The present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use. Changelog v2.4 Feature: Create and set up pre-phish HTML templates for your campaigns. Create your HTML file and place {lure_url_html} or {lure_url_js} in code to manage redirection to the phishing page with any form of user interaction. Command: lures edit <id> template <template> Feature: Create customized hostnames for every phishing lure. Command: lures edit <id> hostname <hostname>. Feature: Support for routing connection via SOCKS5 and HTTP(S) proxies. Command: proxy. Feature: IP blacklist with automated IP address blacklisting and blocking on all or unauthorized requests. Command: blacklist Feature: Custom parameters can now be embedded encrypted in the phishing url. Command: lures get-url <id> param1=value1 param2="value2 with spaces". Feature: Requests to phishing urls can now be rejected if User-Agent of the visitor doesn’t match the whitelist regular expression filter for given lure. Command: lures edit <id> ua_filter <regexp> List of custom parameters can now be imported directly from file (text, csv, json). Command: lures get-url <id> import <params_file>. Generated phishing urls can now be exported to file (text, csv, json). Command: lures get-url <id> import <params_file> export <export_file> <text|csv|json>. Fixed: Requesting LetsEncrypt certificates multiple times without restarting. Subsequent requests would result in “No embedded JWK in JWS header” error. Removed setting custom parameters in lures options. Parameters will now only be sent encoded with the phishing url. Added with_params option to sub_filter allowing to enable the sub_filter only when specific parameter was set with the phishing url. Made command help screen easier to read. Improved autofill for lures edit commands and switched positions of <id> and the variable name. Increased the duration of whitelisting authorized connections for whole IP address from 15 seconds to 10 minutes. [hide][Hidden Content]]
  8. Advanced Phishing Tool For Instagram, With Custom Templates Built According To Your Needs. Author:[Whit3H4tJr] Features: Port Forwarding with Ngrok Live Attack IP Grabber Location Capture [hide][Hidden Content]]
  9. Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page. Features: Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer: Usage of Formphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. [HIDE][Hidden Content]]
  10. itsMe

    DeepSea Phishing Gear

    DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on the inside of a perimeter. Goals Operate with a minimal footprint deep inside enterprises (Internal phish delivery). Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-prem mail servers) Quickly re-target connectivity parameters. Flexibly add headers, targets, attachments Correctly format and inline email templates, images and multipart messages. Use content templates for personalization Account for various secure email communication parameters Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. Help create content with minimal dependencies. Embedded tools to support Markdown->HTML->TXT workflow. | 45 config lines is all you need to consistently send a decent phish ... [HIDE][Hidden Content]]
  11. itsMe

    Advance Phishing Tool 2.0

    TECHNIQUE When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. AVAILABLE TUNNELLING OPTIONS LOCALHOST NGROK ([Hidden Content]) TESTED ON FOLLOWING:- Kali Linux - 2020.1a (version) Parrot OS - Rolling Edition (version) Ubuntu - 18.04 (version) Arch Linux Termux App Advance Phishing Tool 2.0 Add 16 New Phishing Pages with Latest Version Fix Ngrok Problem Add World First Tiktok Phishing Page [HIDE][Hidden Content]]
  12. Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ] Modern Phishing Tool With Advanced Functionality PHISHING | KEYLOGGER | INFORMATION_COLLECTOR | ALL_IN_ONE_TOOL | SOCIALENGINEERING TO BE USED FOR EDUCATIONAL PURPOSES ONLY The use of the HiddenEye & its resources/phishing-pages is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. Also we inform you that some of your your actions may be ILLEGAL and you CAN NOT use this software to test person or company without WRITTEN PERMISSION from them. AVAILABLE TUNNELLING OPTIONS** LOCALHOST LOCALXPOSE ([Hidden Content]) SERVEO ([Hidden Content]) NGROK ([Hidden Content]) LOCALTUNNEL (Package Version) ([Hidden Content]) OPENPORT ([Hidden Content]) PAGEKITE ([Hidden Content]) TESTED ON FOLLOWING:- Kali Linux - Rolling Edition Parrot OS - Rolling Edition Linux Mint - 18.3 Sylvia Ubuntu - 16.04.3 LTS MacOS High Sierra Arch Linux Manjaro XFCE Edition 17.1.12 Black Arch Userland App (For Android Users) Termux App (For Android Users) Complete code rewrite New structure New dependency More compatibility Easier to understand or modify Works much faster Should resolve some old/abandoned bugs Started integrating localization system Started integrating themes system Added EULA requirement [HIDE][Hidden Content]]
  13. Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is open-source software that is completely free for anyone to use. Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”! Changelog v0.10.1 Gophish Just Got Better. We’re excited to announce v0.10.1. This release significantly improves the performance of sending emails, adds some features and fixes bugs. Here’s just a couple of the exciting changes. [HIDE][Hidden Content]]
  14. EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA) Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions. [HIDE][Hidden Content]]
  15. Lockphish v1.0 Lockphish it's the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker [HIDE][Hidden Content]]
  16. Modern Phishing Tool With Advanced Functionality PHISHING | KEYLOGGER | INFORMATION_COLLECTOR | ALL_IN_ONE_TOOL | SOCIALENGINEERING DISCLAIMER TO BE USED FOR EDUCATIONAL PURPOSES ONLY The use of the HiddenEye & its resources/phishing-pages is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. Also we inform you that some of your your actions may be ILLEGAL and you CAN NOT use this software to test person or company without WRITTEN PERMISSION from them. AVAILABLE TUNNELLING OPTIONS** LOCALHOST LOCALXPOSE ([Hidden Content]) SERVEO ([Hidden Content]) NGROK ([Hidden Content]) LOCALTUNNEL (Package Version) ([Hidden Content]) OPENPORT ([Hidden Content]) PAGEKITE ([Hidden Content]) QUICK FIX [0.5.4] @An0nUD4Y An0nUD4Y released this 5 days ago This Release made to cover the issues Occured During/After the Github Mistakely Disable the Repo. QUICK CHANGES MADE Ngrok Fixed Few More Tunnels Got Fixed Installation Interface improved Few Phishing Pages Fixed Small issues Fixed Created A Backup Repo At GitLab (Check Readme) [HIDE][Hidden Content]]
  17. [+] Disclaimer : NexPhisher is an automated Phishing tool made for Termux & Linux .The phishing Pages are Taken from Zphisher under GNU General Public License v3.0 . This tool has 37 Phishing Page Templates of 30 Websites.There are 5 Port Forwarding Options including Localhost !! If you copy then give me the Credits ! [!] I am not Responsible for any Misuse of this tool . Use at your Own Risk [!] [+] Features : [+] Latest Login Pages ! [+] New Instagram Auto Follower Page ! [+] New Port Forwarding Options ! [+] Perfect for All Devices ! [HIDE][Hidden Content]]
  18. TECHNIQUE When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. [HIDE][Hidden Content]]
  19. itsMe

    Recreator Phishing

    PROFESSIONAL TOOL ORIENTED IN THE RECREATION OF PHISHING WEBSITE SCENARIOS [HIDE][Hidden Content]]
  20. [+] Disclaimer : Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish . But I have not fully copied it . I have upgraded it & cleared the Unnecessary Files . Zphisher has 37 Phishing Page Templates ; including Facebook , Twitter & Paypal . It also has 4 Port Forwarding Tools. [+] Features: [+] Latest Login Pages ! [+] New Instagram Auto Follower Page ! [+] All types of Bugs Fixed ! [+] Useful for Beginners ! [HIDE][Hidden Content]]
  21. REVOLTSHING v.2 - FRAMEWORK . IS A COMPLETE PHISHING SYSTEM. IT ALLOWS YOU TO CREATE WEBSITES WITH THE OBJECTIVE OF OBTAINING CREDENTIALS Mode Of Execution: apt-get install python3 apt-get install git git clone [HIDE][Hidden Content]] cd RevoltShing bash install.sh python3 Server.py python3 revoltshing.py TERMUX pkg install git git clone [HIDE] [Hidden Content]] cd RevoltShing pkg install python pkg install wget pip3 install wget pip3 install bs4 pip install bs4 python3 Server.py python3 revoltshing.py
  22. Gophish: Open-Source Phishing Toolkit Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. [HIDE][Hidden Content]]
  23. dEEpEst

    Clone Phishing

    [Hidden Content]
  24. Introduction Hidden Eye is an all in one tool that can be used to perform a variety of online attacks on user accounts. It’s well loaded, therefore it can be used as keylogger (keystroke logging), phishing tool, information collector, social engineering tool, etc. Hidden Eye Logo Disclaimer: Use this tool for educational purposes only. Hidden Eye: Advanced Phishing Tool [Android-Support-Available] As a modern phishing tool, Hidden Eye is very good at what it does. The perfect combination of all its functional components gives it an upper hand when attacking accounts. By using brute force attacks it can effectively access the user’s personal information. Hidden Eye can easily crack user passwords and can also collect other personal data belonging to the victim. Depending on the attack vector selected you can easily hack user accounts such as Facebook, Twitter, Instagram, Snapchat and many others. It can be used to carry out phishing on 30+ pages. The tool can also run on android devices through the UserLand app or Termux app. Features: Can perform live attacks (IP, geolocation, country, etc.) Captures victim’s keystrokes (using keylogger function) Serveo URL type selection (selects between RANDOM URL and CUSTOM URL) Numerous phishing pages (Facebook, Twitter, Instagram, Dropbox, Reddit, WordPress, Yahoo, and many more) Android support (Termux/UserLand) Supported Platforms: Linux (Tested on: Kali Linux, Parrot OS, Ubuntu, Arch Linux, Black Arch, OS X High Sierra, etc.) Android (Termux/UserLand) Prerequisites: This tool can’t be run effectively is some components are not in place, so make sure that you’ve installed the following: Python 3 sudo Wget from Python PHP [HIDE][Hidden Content]]
  25. Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is open-source software that is completely free for anyone to use. Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”! Changelog v0.8 This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come. RBAC Support This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information here. Users API Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API here. Added Docker Support We’ve added a Dockerfile so that you can build Gophish in a container. We’ll be uploading an official Docker image at gophish/gophish shortly. Code Refactoring While this isn’t a user-facing change, it’s a big one. We’ve refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly. Those are the big changes, but that’s certainly not everything! You can find a full changelog here. [HIDE][Hidden Content]]