Shellphish – A Phishing Page Creator

shellphish

Phishing is a cybercrime where an objective or targets are reached by email, phone or instant message by somebody acting like a genuine foundation to draw people into giving delicate information, for example, identifiable information, banking and credit card details, and passwords.

The data is then used to get to significant records and can bring about wholesale fraud and money related misfortune.

What is Shellphish?

ShellPhish is an intriguing tool that we went over that outlines exactly how simple and amazing phishing tools have become today. The device use a portion of the temlpates produced by another tool called SocialFish. The tool offers phishing layouts for 18 famous websites, the majority are centered around social media and email suppliers. There is likewise an alternative to utilize a custom layout if so wanted.

ShellPhish can create phishing page of most popular social networking sites, email providers and streaming site like:

  • Instagram
  • Facebook
  • Google
  • Snapchat
  • Twitter
  • Github
  • Spotify
  • Netflix
  • Origin
  • Steam
  • Yahoo
  • Linkedin
  • Protonmail
  • WordPress
  • Microsoft
  • InstaFollowers
  • Gitlab
  • Pinterest

Installation

  • To install ShellPhish we need to open our terminal window and apply the following command:
git clone https://github.com/thelinuxchoice/shellphish
  • Go to the cloned directory using cd command.
cd shellphish
  • Now we need to give execute permission to the main bash script called shellphish.sh.
sudo chmod +x shellphish.sh
  • Now, run the script using:
./shellphish.sh

Usage

  • To make a phishing page of the desired website, enter the number specified against it (Let’s take an example of instagram).
  • Now, ShellPhish will start ngrok server to get credentials from the victim.
This image has an empty alt attribute; its file name is phishingpageselect.png
  • Now, send the generated url to your target and wait for them to enter their credentials.
This image has an empty alt attribute; its file name is instaphishingpage-1024x717.png
  • Captured credentials will look something like this.
This image has an empty alt attribute; its file name is credsfound.png
  • Similarly, you can use other phishing templates.

Note:-

This article is posted only for educational purpose. Don’t use it for illegal purposes.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *