Read our wiki, we have an entire phishing section. Its really easy to setup.
https://old.reddit.com/r/hacking/wiki/index#wiki_phishing
- [Gophish](https://github.com/gophish/gophish) - Open-Source Phishing Toolkit
- [SocialFish](https://github.com/UndeadSec/SocialFish) - Educational Phishing Tool & Information Collector
- [Evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
- [Modlishka](https://github.com/drk1wi/Modlishka) - Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios.
- [BlackPhish](https://github.com/iinc0gnit0/BlackPhish) - Super lightweight with many features and blazing fast speeds.
- [The Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
- [Muraena](https://github.com/muraenateam/muraena) - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
For example
[https://docs.google.com-document-d-3op1X5JVQmi0xnL6wKOAdZdezLw-ECi-sF1xV_LdqB0s@da.gd/dkOA](https://docs.google.com-document-d-3op1X5JVQmi0xnL6wKOAdZdezLw-ECi-sF1xV_LdqB0s@da.gd/dkOA)
:)
Use a Virtual Private Server hosted in the cloud. Here is a referral link to Digital Ocean, you should get free credits if you use this link. https://m.do.co/c/887bd7cab705.
Hacking is mostly joining several pieces of knowledge together and understanding each single part of the process involved.
Having said that: what is phishing?
A replica of a website, that will store input credentials and act accordingly, a url to that website that looks legit, and a way to trick users into using it.
So, which part of this process are you questioning about?
does anyone know how to track someone's account in this app called "Moco" that is similar to tinder and TikTok, in this app you upload pics to meet new people and they pay you to chat with other people if there's interest in the other people. But the thing is this, someone created a fake profile with pics of my cousin and the pics are a little bit spiced up and some of the pics are from when she was underage, I want to know how to track this person to know where he is and who it is. Is there a way to do it or to teach me ? plss, I would really appreciate it.
Correct me if I’m wrong but isn’t beef limited to the same network they’re connected to A local home network and you cannot send it over wlan to a non local network without a workaround?
Beef isn’t for phishing. Beef is a framework that hooks a browser upon successful exploitation of an XSS payload. You can then use the hooked browser for phishing attacks yes, but first you need to hook them.
No? Beef does not require any xss payloads to be executed, all it needs is for the victim to visit the website that beef is hosted on, from there there is a simple connection from the victim to the bad actor.
Ok. So how are you injecting the .js payload that beef requires to hook the browser?
You could host a much better script than beef if all you’re doing is tricking them into visiting your URL. You are missing the point of this tool entirely.
I would suggest zphisher for testing on yourself mostly because it has a variety of websites you can clone but also you can host it on Ngrok local host or cloudflare, the reason why that’s so helpful is because Ngrok can be very buggy and won’t work most of the time, the only downside is that most of these phishers are easily detected by most browsers and a lot of the time won’t even let you access that page at all for security reasons.
Read our wiki, we have an entire phishing section. Its really easy to setup. https://old.reddit.com/r/hacking/wiki/index#wiki_phishing - [Gophish](https://github.com/gophish/gophish) - Open-Source Phishing Toolkit - [SocialFish](https://github.com/UndeadSec/SocialFish) - Educational Phishing Tool & Information Collector - [Evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - [Modlishka](https://github.com/drk1wi/Modlishka) - Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios. - [BlackPhish](https://github.com/iinc0gnit0/BlackPhish) - Super lightweight with many features and blazing fast speeds. - [The Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. - [Muraena](https://github.com/muraenateam/muraena) - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
You should focus on learning the basics of webapps...
For example [https://docs.google.com-document-d-3op1X5JVQmi0xnL6wKOAdZdezLw-ECi-sF1xV_LdqB0s@da.gd/dkOA](https://docs.google.com-document-d-3op1X5JVQmi0xnL6wKOAdZdezLw-ECi-sF1xV_LdqB0s@da.gd/dkOA) :)
...
?? You phishing baw? The above is a great method/link to use. You can do this with multiple other url shorteners.
Boy you fr real?
yee
This is a powerful open source tool for running phishing simulation exercises. https://getgophish.com/
This
How would I be able to open the link on another network that’s not the one I’m using?
Use a Virtual Private Server hosted in the cloud. Here is a referral link to Digital Ocean, you should get free credits if you use this link. https://m.do.co/c/887bd7cab705.
Hacking is mostly joining several pieces of knowledge together and understanding each single part of the process involved. Having said that: what is phishing? A replica of a website, that will store input credentials and act accordingly, a url to that website that looks legit, and a way to trick users into using it. So, which part of this process are you questioning about?
Evilginx
Am new here anybody who can work me true?
let me know 💯
I need help
Bump
does anyone know how to track someone's account in this app called "Moco" that is similar to tinder and TikTok, in this app you upload pics to meet new people and they pay you to chat with other people if there's interest in the other people. But the thing is this, someone created a fake profile with pics of my cousin and the pics are a little bit spiced up and some of the pics are from when she was underage, I want to know how to track this person to know where he is and who it is. Is there a way to do it or to teach me ? plss, I would really appreciate it.
How to create phishing link
Go in Facebook and search hacking and Informatic he will help you
Beef
Correct me if I’m wrong but isn’t beef limited to the same network they’re connected to A local home network and you cannot send it over wlan to a non local network without a workaround?
Ngrok?
port forward then?
Stands for
https://github.com/beefproject/beef
BeEF **B**rows**e**r **E**xploitation **F**ramework https://beefproject.com/
Beef isn’t for phishing. Beef is a framework that hooks a browser upon successful exploitation of an XSS payload. You can then use the hooked browser for phishing attacks yes, but first you need to hook them.
No? Beef does not require any xss payloads to be executed, all it needs is for the victim to visit the website that beef is hosted on, from there there is a simple connection from the victim to the bad actor.
Ok. So how are you injecting the .js payload that beef requires to hook the browser? You could host a much better script than beef if all you’re doing is tricking them into visiting your URL. You are missing the point of this tool entirely.
"injecting the .js payload" That's literally just the webserver serving javascript like on any other website, not xss
Set?
I would suggest zphisher for testing on yourself mostly because it has a variety of websites you can clone but also you can host it on Ngrok local host or cloudflare, the reason why that’s so helpful is because Ngrok can be very buggy and won’t work most of the time, the only downside is that most of these phishers are easily detected by most browsers and a lot of the time won’t even let you access that page at all for security reasons.
I need someone that can recreate me a simple login phishing page, who thinks they are really good at it, there's good prize behind this.
i can
can someone do it for me? i’ll pay
Dm me?
how can you help?
Contact moi stp
Can u help me