/Red-Portals

An educational repository focused on Evil Portals—rogue captive portals designed to mimic legitimate login systems. This project provides insights into their functionality and potential exploitation techniques, helping security researchers, penetration testers, and ethical hackers identify and defend against network vulnerabilities.

Primary LanguageHTMLMIT LicenseMIT

Red Portals

A repository for educational and ethical exploration of 'Evil Portals,' demonstrating how rogue captive portals mimic legitimate login systems. Designed for security researchers, penetration testers, and ethical hackers to understand and mitigate network vulnerabilities.

Index

Previews

You may click on any preview below to view it live. All templates are designed to:

  1. Be as simple and accurate as possible.
  2. Work on both mobile and desktop devices.
  3. Send a query param payload on form submit as /login?username=example&password=example.
  4. Be developed as HTML/SCSS but compiled to a single HTML file with inline CSS.
  5. Be compressed. Take note some hardware only supports displaying up to 20 KB templates at a time.
  6. Not use any JavaScript, vanilla HTML and CSS only. You may optionally add JS code yourself. See the Development section for more information.

Info All previews are hosted on raw.githack.com, a great CDN for source code!

Portal Preview Size Inspired By
Alaska Airlines portals/alaska-airlines/index.html 2.74 KB @roshanravan - link
Amazon portals/amazon/index.html 3.95 KB @roshanravan - link
Apple portals/apple/index.html 5.28 KB @jules0835 - link
AT&T portals/att/index.html 3.83 KB @roshanravan - link
Delta Airlines portals/delta-airlines/index.html 2.54 KB @bigbrodude6119 - link
Discord portals/discord/index.html 6.48 KB @JMcrafter26 - link
Facebook portals/facebook/index.html 2.65 KB @roshanravan - link
Google portals/google/index.html 5.28 KB @breaching - link
Instagram portals/instagram/index.html 4.01 KB @JMcrafter26 - link
Microsoft portals/microsoft/index.html 4.71 KB @Awlexegrecki - link
Southwest Airline portals/southwest-airline/index.html 3.72 KB @bigbrodude6119 - link
Spectrum portals/spectrum/index.html 3.16 KB @roshanravan - link
Spirit Airlines portals/spirit-airlines/index.html 2.55 KB @roshanravan - link
Starbucks portals/starbucks/index.html 10.70 KB @kleo - link
Starlink portals/starlink/index.html 3.41 KB @roshanravan - link
T-Mobile portals/t-mobile/index.html 2.86 KB @bigbrodude6119 - link
Verizon portals/verizon/index.html 2.93 KB @bigbrodude6119 - link

[ Index ]

What Are "Evil Portals"?

Evil Portals are custom captive portal systems often used in penetration testing to demonstrate security risks. When connected to a rogue AP, users are directed to a fake login page, where attackers can attempt to capture credentials or inject payloads.

This repository provides:

  • Realistic examples of AP-powered login systems ("Evil Portals").
  • Configurable templates for use in controlled and authorized environments.
  • Documentation on how these systems work (this README).

[ Index ]

Purpose

The goal of this repository is to raise awareness about the vulnerabilities that attackers may exploit using "Evil Portals" — captive portals designed to mimic legitimate login systems on open access points (APs) or otherwise. By providing realistic examples of how these systems operate, this repository aims to:

  1. Educate network administrators and developers about potential risks.
  2. Demonstrate the importance of securing wireless networks against unauthorized access and data interception.
  3. Help organizations and individuals develop stronger defenses against phishing and other attacks facilitated by rogue APs.

[ Index ]

Getting Started

  1. Clone this repository to your machine.
  2. Set up supported hardware:
  • A Raspberry Pi Pico W or other supported hardware running Pico-Portal.
  • A Flipper Zero Wi-Fi module or similar ESP32-based devices.
  • A Wi-Fi Pineapple or similar device that supports captive portal testing.
  1. Use the provided templates from within the /portals folder to simulate captive portals in a controlled environment.
  2. Run, preview, and demonstrate with transparency the templates to educate users about the risks of rogue APs and phishing attacks.

[ Index ]

Development

This repository is open to contributions that improve the educational value of the provided examples. To get started with development:

  1. Fork this repository to your GitHub account.
  2. Clone your fork to your local machine.
  3. Create a new branch for your changes.
  4. Ensure node.js and npm are installed on your machine.
  5. Run npm install to install dependencies.
  6. Make your changes to the files in the src/ folder, and test them locally:
  7. Once you're happy with the changes, you can finalize your changes with npm run build.
  8. Commit your changes and push them to your fork.
  9. Open a pull request to the main repository here.

Info Templates should be designed to work on both mobile and desktop devices.

Info Templates should send a query param payload on form submit: /login?username=example&password=example.

Info Keep examples under 20 KB per template, as some hardware supports only up to this limit.

Warn Templates must include the notice "This is a simulated template for educational purposes only. Not affiliated with or endorsed by any brand."

[ Index ]

⚠️ Disclaimer, Legal Notice, Responsible Use

This repository is provided for educational purposes only and is intended for use by:

  • Security researchers
  • Ethical hackers
  • Penetration testers
  • Individuals seeking to understand network vulnerabilities to improve defenses
  • Web developers looking for examples on how to build login pages

Important Usage Guidelines:

  • Only use these tools with explicit authorization from the owner of the network or system being tested.
  • Unauthorized use may violate local, state, or international laws.
  • The repository maintainers are not liable for misuse of the provided code, templates, or examples.

About Logos and Designs:

  • The logos and designs in this repository are artistic representations or placeholders provided solely for educational purposes.
  • They do not imply endorsement, affiliation, or sponsorship by the respective brands.

Terms of Use:

  • The content in this repository is provided "as is," with no guarantees or warranties.
  • By using the tools and templates herein, you accept full responsibility for ensuring compliance with applicable laws and obtaining proper authorization.

This repository is designed to be a teaching tool for ethical purposes. Users are expected to:

  • Only use these tools in environments where explicit authorization has been granted (e.g., in penetration tests or lab environments).
  • Inform and educate stakeholders about the risks and solutions.
  • Never deploy these tools in a way that causes harm, theft, or deception without consent.

[ Index ]

Licensing

This project is licensed under the MIT License. See the LICENSE.md file for the pertaining license text.

SPDX-License-Identifier: MIT

[ Index ]

Wrapping Up

Thank you for all of your support. It's important to me that this project stays accessible to everyone, so please keep this software free and open source. If you have any questions, please let me know by opening an issue here.

Type Info
webmaster@codytolene.com
https://www.buymeacoffee.com/codytolene
bc1qfx3lvspkj0q077u3gnrnxqkqwyvcku2nml86wmudy7yf2u8edmqq0a5vnt

Fin. Happy programming friend!

Cody Tolene