This toolkit incorporates supplies that may be probably damaging or harmful for social media. Confer with the legal guidelines in your province/nation earlier than accessing, utilizing,or in another method using this in a incorrect method.
This Software is made for academic functions solely. Don’t try and violate the regulation with something contained right here. If that is your intention, then Get the hell out of right here!
It solely demonstrates “how phishing works”. You shall not misuse the data to achieve unauthorized entry to someones social media. Nevertheless it’s possible you’ll check out this at your individual danger.
It is a plugin the place you possibly can see in actual time the victims of your phishing marketing campaign, you simply have to alter the Zphisher recordsdata for these. Simple!
This software creates a graphical again workplace for the zphish software (though it’s not 100% essential to make use of this software, you should utilize these recordsdata by internet hosting it on a localhost).
If you do not have Zphisher put in in your pc: https://github.com/htr-tech/zphisher
Video
Directions
- It’s essential to deploy the server with a template, establish within the “login.html” file the identify of the 2 publish parameters.
- Modify the publish parameters of the “login.php” file of the plugin with the unique identifier of Zphisher (line 7 and eight).
- Change all deployed http server recordsdata with plugin recordsdata (besides login.html).
If in case you have an api key from haveibeenpwned.com it’s a must to insert it within the file “api_key.txt” within the listing “programa interprete”, on this method the back-office will inform you which accounts are uncovered on the web.
No want 100% Zphisher
It’s also possible to use this plugin by arduous sharing the venture by Ngrok out of your LocalHost with out utilizing Zphisher.
This plugin comes with a pattern login web page, on this case from Workplace 365, you should utilize any Zphisher template for this plugin, utilizing Ngrok to share your localhost.
The place are the outcomes saved?
The outcomes will likely be saved in /programa_interprete/user_data.csv
Again workplace properties
-You’ll be able to see if the inserted account is uncovered on the web:
-Complete variety of accounts and “Pwned” accounts:
-Analysis of safety within the passwords of all of the inserted accounts: