Zphisher is an upgrade of Shellphish. Because this tool is made from Shellphish source code. The author of this tool, HTR-TECH, has made sure not to completely copy Shellphish. He just upgraded it and deleted unnecessary files. Zphisher has 37 sample websites for phishing: including Facebook, Twitter & Paypal. And it also has 4 tools for port forwarding.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
If you have seen the article Hack Phone Password with LockPhish will not be far from Zphisher. The tool will automatically generate Phishing source code for you to Hack Password of social network accounts.
Note! This article is for educational and research purposes only. Do not use the tool for illegal purposes.
The special feature of Zphisher is that you can create 4 different domain servers yourself. More than lockphish has only ngrok.io. With 29 rich phishing source codes for you to hack passwords of famous websites such as facebook, instagram, google, paypal…
You can refer to Zphisher’s github page here.
How to install
Open terminal and type the following commands:
sudo apt update
sudo apt install git php openssh-server curl -y
git clone https://github.com/htr-tech/zphisher
cd zphisher
chmod +x zphisher.sh
bash zphisher.sh
Feature
– Updated interface of phishing web!
– New auto-follower Instagram page!
– All Bugs have been fixed!
– Easy to use for newbies!
How to use Zphisher to create a Phishing site
This tool interface is very easy to use, so if you play around with it, you will understand it. I just demo the tool lightly.
I’m not very interested in facebook so I will create a google phishing page. On the Menu select the Website where you want to create a fake page.
Normally, a website will have 3.4 interfaces. For example, Google will have 3 interfaces such as old login interface, new login interface, voting page …
Next, select the Server used to host your phishing site. I will choose ngrok for stability.
Wait a moment for Zphisher to create a link to send to Victim. Send the link to victim: That’s the phishing link you have to give to the victim.
After the victim clicks, the interface will look like this. I test on my phone.
When the victim presses the button Sign In then the data will return to your terminal.
You can refer to other phishing tools here.