Tool

phishEye - An ultimate phishing tool.

Akash Kumar 2021. 11. 23. 10:06

phishEye is an ultimate phishing tool, written in python3. It is created with Flask (A micro web framework in python) and tunneled with ngrok. In phishEye, I used latest login page.

 

Disclaimer

Any actions and or activities related to phishEye is solely your responsibility. The misuse of this toolkit can result in criminal charges brought against the persons in question. The contributors will not be held responsible in the event any criminal charges be brought against any individuals misusing this toolkit to break the law.

This toolkit contains materials that can be potentially damaging or dangerous for social media

. Refer to the laws in your province/country before accessing, using, or in any other way utilizing this in a wrong way.

This tool is made for educational purposes only

. Do not attempt to violate the law with anything contained here. If this is your intention, then Get the hell out of here !

It only demonstrates "how phishing works". You shall not misuse the information to gain unauthorized access to someone's social media . However, you may try out this at your own risk. 

Features of fishEye:

  • phishEye is an open-source tool .
  • You can use phishEye in Advance phishing attacks .  
  • phishEye tool is a very simple and easy tool . phishEye is written in python3 language . 
  • phishEye tool is a  lightweight tool . This does not take extra space. 
  • phishEye creates phishing pages of popular sites such as Facebook, Instagram, Google, Github, GitLab, DeviantArt, Dropbox, eBay, Messenger, PayPal, Twitter, Linkedin, more uploading soon... 
  • It installs all required modules automatically.
  • It gives you a short URL masked with the original link  ( ie: https://m.facebook.com@is.gd/dyoOj9 ).
  • One time generated link can be used for multiple victims.
  • Various information about victim like,
    • IP
    • User-Agent
    • continent
    • country
    • region-name
    • city
    • district
    • zip code
    • latitude-longitude
    • ISP

Requirements:

phishEye 

requires the following programs to run properly -

  • python3
  • pip3

Installation:

Step 1.) Clone the repository using this command -

git clone https://github.com/sky9262/phishEye.git

git clone https://github.com/sky9262/phishEye.git

Step 2.) Change to the cloned directory -

cd phishEye

cd phishEye

Step 3.) Now run phishEye.py -

python3 phishEye.py

python3 phishEye.py

Step 4.) Now, you will be provided to choose device PC or Mobile - 

Note:- If you'll just press ENTER button it'll select default value (PC).

1 (for pc)

Step 5.) Choose any website - 

Note:- If you'll just press ENTER button it'll select the default value (Facebook).

7 (for GitHub)

Step 6.) Enter any port number - 

Note:- If you'll just press ENTER button it'll select the default value (4444).

1234

Step 7.) Wait for some seconds while it generates phishing URLs -

Note:- Please ignore if it's showing some ngrok warn msg.

Step 8.) Now, you can share any link 1 or 2 to the victim -

  • I shared this link to my friend through WhatsApp -
  • Whatsapp

He visited the link

Step 9.) When he'll visit the phishing link, you'll get all information about your victim -

Victim information

Step 10.) You'll get the credentials when your victim will log-in to the phishing website -

phishing login page
Victim credentials

At the end victim will be redirected to the original page (here it's Github official page).

GitHub official page

Run in one line: python3 phishEye.py -d pc -s github -p 1234

Flags:

Flag Uses Value
-d Device  pc/mob
-s Site  facebook/github/linkedin....
-p Port  port number

 

 

 

Wanna go more advanced?

Let's go for more advanced phishing:-

 

I gonna use "Repl.it" for the advanced attack.

 

Step 1.) Create an account on " Repl.it" with any username which relates to any top-level domain.

Example: I created an account with a "com-" username.

Note:- If you have already an account, you can change your username

click here

to know how to change your username.

 

Step 2.) Create a repl with a python template and give it a title with the phishing website name.

Example: I am creating an amazon phishing page so :

Step 3.) Enter the following commands in your repl shell -

git clone https://github.com/sky9262/phishEye.git
mv ./phishEye/* ./
rm -r ./phishEye ./main.py
python3 phishEye.py -s amazon

 

Step 4.) After running these all commands, you'll get a webpage link -

Step 5.) If you will open this link it'll say that "This site can't provide a secure connection", because replit doesn't' provide you SSL certification. To make it working open it with HTTP instead of HTTPS .

Example: In my case, it's http://amazon.com-.repl.co/

Congratulations!! You got a phishing webpage with a phishing link ( http://amazon.com-.repl.co/ ). Now you can proceed with the further process in the repl shell.

 

 

Thanks for reading :-)

plz leave a comment and like.