ZPhisher is an advanced phishing tool-kit it is an upgraded version of Shellphish. It has the main source code from Shellphish but ZPhisher has some upgrade and has removed some unnecessary codes from Shellphish. It is developed by HTR-Tech . ZPhisher can be run from Kali Linux and also can be run from Android devices using Termux. It is the all-in-one phishing framework in 2020.
ZPhisher has lots of phishing pages like:
1) Facebook
$ Facebook Normal Login Page
$ Fake Security Login Method (DarkSecDevelopers)
$ Facebook Voting Poll Method (DarkSecDevelopers)
$ Messenger Login Page (New)
2) Instagram$ Fake Security Login Method (DarkSecDevelopers)
$ nstagram Auto Follower Phishing Page (the Linux choice)
$ Instagram Badge Verify Method (DarkSecDevelopers)
3) Google
$ Google Old Login Page
$ Google New Login Page
$ Google Voting Poll Method (DarkSecDevelopers)
4) Adobe Login Page
5) Badoo Login Page
6) CryptoCoinSniper Login Page
7) Deviantart Login Page
8) Dropbox Login Page
9) eBay Login Page
10) Github Login Pagee
11) Linkedin Login Page
12) Microsoft Login Page
13) Netflix Login Page
14) Origin Login Page
15) Paypal Login Page
16) Pinterest Login Page
17) Playstation Login Page
19) Reddit Login Page
20) Snapchat Login Page
21) Spotify Login Page
22) Stackoverflow Login Page
23) Steam Login Page
24) Twitch Login Page
25) Twitter Login Page
26) Vk Login Page
27) Vk Poll Method (Hiddeneye)
28) WordPress Login Page
29) Yahoo Login Page
30) Yandex Login Page
Zphisher also has 4 port forwarding options
$ localhost (For local network/LAN)
$ Ngrok (For World-Wide WAN)
$ Serveo.Net (For WAN)
$ Localhost.run (For WAN)
Installing on Kali Linux
First, we need to clone ZPhisher from it’s GitHub repository by using the following command:
Command:
$ git clone https://github.com/htr-tech/zphisher
The screenshot of the preceding command if following:
.png )
Then we need to go inside the zphisher directory using cd command:
Command:
$ cd zphisher
Here we need to give executable permission to the bash script by using the following command:
Command:
$ sudo chmod +x zphisher.sh
The screenshot is following.
Now we are ready to run it. We can run it by using the following command:
Command:
$ ./zphisher.sh
Then this bash script leads us to the main menu of the ZPhisher tool as shown in the following screenshot:
.png )
Here everything is very clear. For example we choose 1 for Facebook and press enter.
_.png )
Here we can choose whatever we think easy to trick our victim. For example we choose 3 for a “Fake Security Login Page”.
.png )
Now we can choose our port forwarding option. Here If we choose 1 then it will be for our local network (same WiFi or LAN) only, but we can choose the other options like ngrok server or localhost.run. (These are all free port forwarding services so sometimes some services may be down for overloading. In that case, we need to choose other.) Here we choose 2 for ngrok.io. Then we wait for some seconds until our link generated.
.png )
In the above screenshot, we can see our link created on ngrok. Now we can send this link to our victim by SMS or mail or by any other way With some catchy social engineering technique. If our victim opens it then he/she will see something like the following screenshots:
This following pictures might be slight blurred for the privacy policy
.jpg )
.jpg )
If our victim inputs the username and password then,
We got the credentials of our victim. Now it can be used to log in the victim’s Facebook account.