PyPhisher: Easy-to-use phishing tool with 65 available sites

PyPhisher is an ultimate phishing tool in python. Includes popular sites like Facebook, Twitter, Instagram, Github, Reddit, Gmail and many more.

Disclaimer:

This tool is developed for educational purposes. It demonstrates how the scam works. If you want to gain unauthorized access to someone’s social media, you do so at your own risk. You are solely responsible and you must bear any damages or violations of law by this tool. The author is not responsible if you misuse PyPhisher for malicious purposes.

How to install PyPhisher

Install main dependencies (git and python):

• On Debian
  • sudo apt install git python -y
• On the Arch
  • sudo pacman -S git python --noconfirm
• On Fedora
  • sudo yum install git python -y
• On Termux
  • pkg install git python -y

Download the PyPhiser archive:

• git clone https://github.com/KasRoudra/PyPhisher

Access the just downloaded folder:

Run PyPhiser:

Or you can also directly with the command:

wget https://raw.githubusercontent.com/KasRoudra/PyPhisher/main/pyphisher.py && python3 pyphisher.py

Options:

Cách sử dụng: pyphisher.py [-h] [-p PORT] [-o OPTION]
                    [--update | --no-update]

Tuỳ chọn:
  -h, --help            hiển thị thông báo trợ giúp và thoát
  -p PORT, --port PORT  Cổng máy chủ của PyPhisher [ Mặc định : 8080 ]
  -o OPTION, --option OPTION
                        Chỉ mục mẫu của PyPhisher [ Mặc định : null ]
  --update, --no-update
                        Kiểm tra cập nhật (Mặc định : True)

PyPhiser Features

• Cross-platform (Supports most linux distributions)
• 65 website templates
• Dual tunnel (Ngrok and Cloudflared)
• Easy to use
• Possible error diagnostics
• Create url mask
• Customization of url
• Portable File (Can be run from any directory)
• Get IP Address and many other details along with login credentials

Request

• Python(3)
• PHP
• Curl
• Unzip
• Wget
• Capacity 100MB

If the above packages are not present, then all required packages will be installed on the first run.

How to use PyPhiser

I tested above WSL2 Ubuntu. Additionally, you can also test on a real Linux machine or use Termux on your phone.

Step 1: Install and run PyPhiser as I instructed above.

Step 2: Select the sample website you want to phish. I will choose number 1.

Step 3: After selecting, the tool will provide you with 4 fake website urls. You just need to give 1 of these 4 urls for the victim to click on.

Step 4: If you want to customize the url, press y. The first requirement is to enter the domain you want, I entered facebook.com. The second request is to enter the keyword you want to appear in the url, I enter login. And the tool will provide the url as below.

The website the victim visits will have the same interface as real Facebook. But if you pay close attention, the url will not be the same as real Facebook.

When I log in to the fake Facebook page, it will redirect me to the real Facebook password reset page.

And here is the result. This tool not only records the account and password that the victim enters, but it also provides the victim’s IP and some other information. But please note that the coordinate location will not be accurate.