ShellPhish: A phishing toolkit

by - Anonymous on - March 26, 2020

ShellPhish: A phishing toolkit





Hello guys,
Welcome to MikeyToTech

Today, I will discuss about a phishing tool ShellPhish. This phishing tool could be helpful to capture victim’s username and password by using a bit of social engineering.
I also discussed an example to use this tools and capture victim’s details.

ShellPhish is a automated phishing tool for Instagram, Facebook, Twitter, Snapchat, Github, Yahoo, Protonmail, Google, Spotify, Netflix, Linkdin, Wordpress, Origin, Steam, Microsoft, Instafollowers, Pinterest +1 custom templete.

Legal disclaimer
Usage of Shellphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

You may alos like
 Phishing social account using Blackeye tool

installation

First, of all you need to clone or download ShellPhish tool on your system. You can do this by the following command

git clone https://github.com/thelinuxchoice/shellphish.git


Now, you need to change directory to shellphish and give the executable permission to shellphish.sh file so run these commands

Change directory
cd shellphish

Executable permission
chmod +x shellphish.sh

Now, you can run ShellPhish tool by running this command
./shellphish
It’s look like this






Example" usages of ShellPhish
Here, I am going to phish Twitter account with ShellPhish phishing tool. So follow the steps -

Phishing Twitter account using ShellPhish

After starting shellPhish tool, type number of Twitter account as mentioned in this tool so I typed 4 and hit enter. Then it will start php server on your system and it also download ngrok server and start and then provide a link. You have to send this link to the victim -




You can use url shortner to short this url.

When anyone opens this link, he will see Twitter’s official page on the browser. Now, if victim enters detail here it will be traced on you terminal and victim will be redirect twitter original site.
You will also trace more information about victim such as target IP, countary, ISP, currency, ISP location. As you can see in the following picture -





This detail also saved into sites/twitter/saved.usernames.txt file.

Thus, you can phish any social account using ShellPhish phishing tool.


Tags
Reactions

Post a Comment

0 Comments