Disclaimer: This guide is for educational purposes only. Phishing is illegal and unethical. Use this knowledge responsibly to understand and protect against phishing attacks.
Zphisher is a powerful phishing tool which is used to build fake login pages to get credentials. I will explain you a step by step guide to install and use Zphisher in order to create a fake login page.
Step 1: Install Zphisher
1. Update Your System:
Before installing Zphisher, please check if your system is up to date.
“`
sudo apt-get update
sudo apt-get upgrade
“`
2. Install Git:
Zphisher is on GitHub, so you’ll need Git to clone the repository.
“`
sudo apt-get install git
“`
3. Clone the Zphisher Repository:
Put the repository to your local machine from GitHub.
“`
git clone https://github.com/htr-tech/zphisher
“`
4. Navigate to the Zphisher Directory:
Change your directory to the newly cloned Zphisher folder.
“`
cd zphisher
“`
5. Run the Installation Script:
Install all neccesary dependencies with a run of the installation script.
“`
bash zphisher.sh
“`
Step 2: Using Zphisher
1. Start Zphisher:
Run Zphisher using the following command:
“`
bash zphisher.sh
“`
2. Select a Phishing Attack:
Zphisher has templates for various services. Your options will be flashed. Choose number of which service you want to Spoof (e.g Facebook, Google, etc).
3. Choose the Attack Method:
When you select the service, pick the attack method. Zphisher gives us many ways to run such as `LocalHost`, `Ngrok`, `Serveo`, etc… Ngrok is good for remote access.
“`
1) LocalHost
2) Ngrok
3) Serveo
“`
4. Start the Phishing Server:
After selecting the attack method, Zphisher will set up the server, and generate a URL. This fake login page is the one on this URL, and you can use it to capture credentials.
5. Send the URL to the Target:
Generate the URL and share with target. If they go and put their credentials on the fake login page, it’s gonna store that information into your terminal when they enter the credential there.
Example Commands:
Here’s a quick example using Facebook and Ngrok:
“`
git clone https://github.com/htr-tech/zphisher
cd zphisher
bash zphisher.sh
“`
Select `1` for Facebook:
“`
1
“`
Select `2` for Ngrok:
“`
2
“`
The tool will then generate a URL like `http://123456.ngrok.io`. But you can send your target this URL instead.
Never forget to obey legal and ethical guidelines while using Zphisher like. The first thing to learn from any phishing attack is how these attacks work, and how to prevent them.
This will help you to know that how phishing works and you can safe yourself or others from these types of attacks. Use this always responsibly and for cybersecurity awareness.
Discover more from Cyber Samir
Subscribe to get the latest posts sent to your email.