PyPhisher
[√] Description :
Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and many others.
[+] Installation
Install primary dependencies (git, python, php)
- For Debian (Ubuntu, Kali-Linux, Parrot)
sudo apt install git python php -y
- For Arch (Manjaro)
sudo pacman -S git python php
- For Redhat(Fedora)
sudo dnf install git python php -y
- For Termux
pkg install git python php -y
Clone this repository
git clone https://github.com/KasRoudra/PyPhisher
Enter the directory
cd PyPhisher
Install all modoules
pip3 install -r requirements.txt
Run the tool
python3 pyphisher.py
Or, directly run
wget https://raw.githubusercontent.com/KasRoudra/PyPhisher/main/pyphisher.py && python3 pyphisher.py
Pip
pip3 install pyphisher
[For Termux]sudo pip3 install pyphisher
[For Linux]pyphisher
Docker
sudo docker pull kasroudra/pyphisher
sudo docker run --rm -it kasroudra/pyphisher
Options
usage: pyphisher.py [-h] [-p PORT] [-o OPTION] [-t TUNNELER] [--noupdate]
options:
-h, --help show this help message and exit
-p PORT, --port PORT PyPhisher's server port [ Default : 8080 ]
-o OPTION, --option OPTION
PyPhisher's template index [ Default : null ]
-t TUNNELER, --tunneler TUNNELER
Tunneler to be chosen while url shortening
--noupdate Skip update checking
Features:
- Multi platform (Supports most linux)
- 77 Website templates
- Concurrent triple tunneling (Ngrok, Cloudflared and Loclx)
- OTP Support
- Credentials mailing
- Easy to use
- Possible error diagnoser
- Built-in masking of URL
- Custom masking of URL
- URL Shadowing
- Portable file (Can be run from any directory)
- Get IP Address and many other details along with login credentials
Relevant Tools by Me
- CamHacker for image phishing
- VidPhisher for video phishing
Requirements
Python(3)
requests
bs4
PHP
- 200MB storage
If not found, php and python modoules will be installed on first run
Tested on
Termux
Ubuntu
Kali-Linux
Arch
Fedora
Manjaro
Usage
- Run the script
- Choose a Website
- Wait sometimes for setting up all
- Send the generated link to victim
- Wait for victim login. As soon as he/she logs in, credentials will be captured
Example
Video Tutorial
Whats new in 1.8?
- Mailing
- Now you can send credentials to any email. You just need a gmail and app password to use this feature. Edit the data in
files/email.json
- Now you can send credentials to any email. You just need a gmail and app password to use this feature. Edit the data in
- Custom Preview
- Now you can set a custom social media preview of your link. Enter a website url when asked in
shadow url
. Your link will have same appearence as that website in whatsapp/messenger/telegram etc. Note this only works with Cloudflared urls
- Now you can set a custom social media preview of your link. Enter a website url when asked in
- OTP Support
- 20 templates will show an option to enable otp pages
- Saved
- An option to view all saved credentials just from PyPhisher. This credentials won't get deleted in PyPhisher update
Whats new in 1.9?
- Loclx
- Introducing a new port forwarding/tunneling service named localxpose or loclx. It is quite slower but still usable
- Docker image
- A docker image is published which can be pulled and run
- PIP
- This project is now also available in PIP
Solution of common issues
- Some secured browsers like Firefox can warn for '@' prefixed links. You should use pure links or custom link to avoid it
- Ngrok links require Ngrok token to work. Follow the instructions here to set up ngrok token
- Some android requires hotspot to start Ngrok or Cloudflared. If you face 'tunneling failed' in android, most probably your hotspot is turned off. Turn it on and keep it on untill you close PyPhisher
- If you want mailing credentials then you need to use app password. Visit here and generate an app password, put that in
files/email.json
. You may need to enable 2FA before it
[!] Disclaimer
This tool is developed for educational purposes. Here it demonstrates how phishing works. If anybody wants to gain unauthorized access to someones social media, he/she may try out this at his/her own risk. You have your own responsibilities and you are liable to any damage or violation of laws by this tool. The author is not responsible for any misuse of PyPhisher!
This repository is open source to help others. So if you wish to copy, consider giving credit!
Credits:
Some base codes and templates are from htr-tech, otp templates are from ignitech and url masking is inspired from jaykali