Scribd
Upload
11 views

PHISHING TOOLS

The document provides an overview of various open-source phishing tools including Blackphish, Blackman, Shellphish, Socialphish, and HiddenEye, detailing their installation processes and functionalities. Each tool is designed for creating phishing pages targeting popular websites, capturing user credentials, and offering various templates for attacks. Instructions for installation and usage are provided for each tool, emphasizing their ease of use and effectiveness in phishing attacks.

Uploaded by

rallapallivishwas38
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views

PHISHING TOOLS

The document provides an overview of various open-source phishing tools including Blackphish, Blackman, Shellphish, Socialphish, and HiddenEye, detailing their installation processes and functionalities. Each tool is designed for creating phishing pages targeting popular websites, capturing user credentials, and offering various templates for attacks. Instructions for installation and usage are provided for each tool, emphasizing their ease of use and effectiveness in phishing attacks.

Uploaded by

rallapallivishwas38
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

2110030060

RISHANTH

PHISHING TOOLS

BLACKPHISH
Blackphish is a powerful open-source Phishing Tool. Blackphish is
becoming very popular nowadays, that is used to do phishing
attacks on Target. Blackphish is easier than Social Engineering
Toolkit. Blackphish contains some templates generated by another
tool. Blackphish offers phishing templates web pages for 6 popular
sites such as Facebook, Instagram, Google, Snapchat etc. This tool
is very helpful for performing phishing attacks.

Step 1: To install the tool first move to desktop and then install the
tool using the following commands.

cd Desktop
git clone https://github.com/iinc0gnit0/BlackPhish

Step 2: Now move to the directory of the tool using the following
command. Then install the tool using the following command.

cd Blackphish
sudo bash install.sh

Step 3: The tool has been installed in your system. Now to run the
tool use the following command.

sudo python3 blackphish.py

Step 4: Now you can see various options here. Suppose you want to
create a phishing page for Instagram so type 1 and press enter.
Step 5: Now it will list 4 tunnelling option. You can choose an
option according to your requirement. Let’s choose option 3.

Step 6: Copy the IP address and past it in the browser. When the
victim will enter the credential, it will be reflected in the terminal of
the attacker.
BLACKMAN

Step 1: On Terminal itself download and install blackman in the


above directory by the following command
git clone https://github.com/BlackArch/blackman.git
Step 2: Finally to execute blackman tool-type following command
bash blackman.sh
Step 3: Finally to execute blackman tool-type following command
./blackman.sh
Step 4: You can see various options of various websites like
Instagram, facebook etc.
Step 5: Select 01 for accessing the instagram account and press
enter.
Step 6: Then it shows the various options for interface for the user
choose the required option.
Step 7: Then it shows for different host options select any of them ,
then the link is displayed which need to be shared to capture the
login details.
Step 8: As the user enters the login details, those details will be
visible on our screen which can be accessed later without their
notice.
SHELLPHISH
Shellphish is a powerful open-source tool Phishing Tool. It became
very popular nowadays that is used to do phishing attacks on Target.
Shellphish is easier than Social Engineering Toolkit. It contains
some templates generated by another tool called SocialFish and
offers phishing templates webpages for 18 popular sites such as
Facebook, Instagram, Google, Snapchat, Github, Yahoo,
Protonmail, Spotify, Netflix, LinkedIn, WordPress, Origin, Steam,
Microsoft, etc. It also provides an option to use a custom template if
someone wants. This tool makes it easy to perform a phishing
attack. Using this tool you can perform phishing in (wide area
network). This tool can be used to get credentials such as id,
password.
Step 1: On Terminal itself download and install shellphish in the
above directory by the following command
git clone https://github.com/suljot/shellphish.git
Step 2: Finally to execute shellphish tool-type following command
bash shellphish.sh
Step 3: Finally to execute shellphish tool-type following command
./shellphish.sh
Step 4: You can see various options of various websites like
Instagram, facebook etc.
Step 5: Select 02 for accessing the instagram account and press
enter.
Step 6: Then it shows the various options for interface for the user
choose the required option.
Step 7: Then it shows for different host options select any of them ,
then the link is displayed which need to be shared to capture the
login details.
Step 8: As the user enters the login details, those details will be
visible on our screen which can be accessed later without their
notice.
SOCIALPHISH
Socialphish is a powerful open-source Phishing Tool. Socialphish is
becoming very popular nowadays which is used to do phishing
attacks on Target. Socialphish is more user-friendly Social
Engineering Toolkit. Socialphish contains some templates
generated by another tool called Socialphish. Socialphish offers
phishing templates and web pages for 33 popular sites such
as Facebook, Instagram, Google, Snapchat, Github, Yahoo,
Protonmail, Spotify, Netflix, Linkedin, WordPress, Origin, Steam,
Microsoft, etc. Socialphish also provides the option to use a custom
template if someone wants. This tool makes it easy to perform a
phishing attack.
Features of Socialphish:
 Socialphish is an open source tool.
 Socialphish is used in Phishing attacks.
 Socialphish tool is a very simple and easy tool. Socialphish is
written in bash language.
 Socialphish tool is a lightweight tool. This does not take extra
space.
 Socialphish creates phishing pages on more than 30 websites.
 Socialphish creates phishing pages of popular sites such
as Facebook, Instagram, Google, Snapchat, Github, Yahoo,
Protonmail, Spotify, Netflix, Linkedin, WordPress, Origin,
Steam, Microsoft, etc.

Step 1: Open your Kali Linux operating system. Move to desktop.


Here you have to create a directory called Socialphish. In this
directory, you have to install the tool.
cd Desktop
Step 2: Now you are on the desktop. Here you have to create a
directory called Socialphish. To create the Maskphish directory use
the following command.
mkdir Socialphish
Step 3: You have created a directory. Now use the following
command to move into that directory.
cd Socialphish
Step 4: Now you are in the Socialphish directory. In this directory
you have to download the tool means you have to clone the tool
from GitHub. Use the following command to clone the tool from
GitHub.
git clone https://github.com/xHak9x/SocialPhish.git
Step 5: The tool has been downloaded in the directory Socialphish.
Now to list out the contents of the tool that has been downloaded
use the following command.
ls
Step 6: When you listed out the contents of the tool you can see that
a new directory has been generated by the tool that is SocialPhish.
You have to move to this directory to view the contents of the tool.
To move in this directory using the following command.
cd SocialPhish
Step 7: To list out the contents of this directory use following
command.
ls
Step 8. Now you have to give permission to the tool using the
following command.
chmod +x socialphish.sh

Step 9: Now you can run the tool using the following command.
This command will open the help menu of the tool.
./socialphish.sh
The tool is running successfully. Now you have to give the option
number to the tool for which you have to create the phishing page.
Suppose you want to create a phishing page for Instagram then you
have to choose option 1. If you want a phishing page on Facebook
choose option 2. Similarly, you can choose from all 33 websites in
the tool.
You can see the link has been generated by the tool that is the
snapchat phishing webpage. Send this link to the victim. Once
he/she opens the link he/she will get an original look-alike web
page of Instagram and once he/she fills in the details on the
webpage. It will be highlighted in the Socialphish terminal.
Hidden Eye
HiddenEye is an advanced phishing tool with features such as
keylogging and location tracking. The tool supports most social
media, e-commerce, and business pages to be used as an attack
vector against online targets. HiddenEye is a Python tool that
requires Python3, PHP, and SUDO. This tool is supported by all
major Linux distributions and Kali also.
Features of Hidden Eye
The following are the features of Hidden Eye:
 Captures victim's keystrokes (using keylogger function).
 It can perform live attacks (IP, geolocation, country, etc.)
 Server URL type selection (selects between RANDOM URL
and CUSTOM URL).
 Various phishing pages (Facebook, Instagram, Reddit,
WordPress, Yahoo, Twitter, and Dropbox).

Installation of HiddenEye Tool on Kali Linux OS


Step 1: Use the following command to install the tool in your Kali
Linux operating system.
git clone https://github.com/DarkSecDevelopers/HiddenEye-
Legacy.git

Step 2: Now use the following command to move into the directory
of the tool. You have to move in the directory in order to run the
tool.
cd HiddenEye-Legacy
Step 3: You are in the directory of the Brutespray. Now you have to
install a dependency of the Brutespray using the following
command.
sudo pip3 install -r requirements.txt
Step 4: All the dependencies have been installed in your Kali Linux
operating system. Now use the following command to run the tool
and check the help section.
python3 HiddenEye.py -h
Working with HiddenEye Tool on Kali Linux OS
Example: Creating Facebook Phishing Page
In this example, we will be creating a Facebook Phishing page. We
have selected Option 1 for Facebook.
In the below screenshot, we have selected the standard page which
will be the homepage of Facebook.com
We have selected the Server on which the Phishing page will be
hosted.
We will be vising the highlighted link, which is the Phishing page
for Facebook.
In the below screenshot, we have created a phishing page, now if
any victim enters the credentials, we will get the credentials on the
terminal itself.

You might also like