Shellphish -- Simple Phishing Toolkit | Phishing Page Creator

Shellphish is an easy and automated phishing toolkit or phishing page creator written in bash language. This tool is made by thelinuxchoice.

There is Advanced Modified version of Shellphish is available in 2020. Click Here to know more about Zphisher.


 Shellphish can perform phishing in WAN (Wide Area Network). Shellphish can create phishing page of most popular social networking sites like,
Shellphish also have an option that we can create custom phishing page. This tool is very easy to setup and use.

To install shellphish we need to open our terminal window and apply the following command :

git clone https://github.com/thelinuxchoice/shellphish

This command will clone this tool from Github repository. The screenshot is following:


 After download is complete we need to go in the folder/directory of shellphish by using cd command and check the files using ls command as following:

cd shellphish && ls
The screenshot is following:



Now we need to give access permission to the main bash script called shellphish.sh . We are going to use the following command to do this :

chmod +x shellphish.sh
Then we can run shellphish by using following command:

./shellphish.sh
The main menu will appear after running this tool. Screenshot of the command is following:


Here we need to choose a website for phishing by using number, we choose number 2 that is Facebook.
The screenshot is following:


Then we need to choose the port forwarding option. This tool recommend to choose option 1 the SSH tunneling method by Servo.net. We gonna use Servo, so we choose 1.
The screenshot is following:


Then we need to choose the port by default it's 3333, we are going to use the default configuration so we gonna leave this field blank and type enter.
The screenshot is following:


Shellphish will do the rest, it will start the server and make a SSH tunnel. At last shellphish give us the phishing link.
One url will be direct and long url and other will be short url. We recommend to use the direct link because sometimes url shortener banned shorted phishing urls.

Okey now we can send this to victims using some social engineering.
The social engineering part is very crucial for phishing. we need little bit information about about victim. For an example if we know that victim is PUBG lover then we can send this link as a message
Claim your free 80000 UC in PUBG by login your Facebook from this link  https://www.bit.ly/3rcG6
This is is just an example of easy social engineering, and we need to wait for the credentials without closing the terminal.
The advantage of this tool that is this is very very easy to setup.
Now the question comes how to be safe from this kind of attacks ?
First we should not click urls from 3rd party, and we need to active two factor authentication. This tool can't bypass 2FA.
But some advanced phishing tool really can bypass two factor authentication. Read our post Bypass Two Factor Authentication.
Shellphish -- Simple Phishing Toolkit | Phishing Page Creator Shellphish -- Simple Phishing Toolkit | Phishing Page Creator Reviewed by Kali Linux on April 24, 2019 Rating: 5

21 comments:

  1. Help! every time i attempt to run shellphish this message pops up "I require php. install it" but i did install it. Im on windows 10.

    ReplyDelete
    Replies
    1. Sorry, Haven't use Windows for a while. But you can try this tutorial

      https://www.jeffgeerling.com/blog/2018/installing-php-7-and-composer-on-windows-10

      Delete
    2. it runs on linux first of all

      Delete
  2. It’s very informative and you are obviously very knowledgeable in this area. You have opened my eyes to varying views on this topic with interesting and solid content. ISO 9001 toolkit

    ReplyDelete
    Replies
    1. Thanks a lot AB. Hope you have learned something. That is our success.

      Delete
  3. I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful. Auto Followers IG

    ReplyDelete
  4. I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. ISO 27001 toolkit

    ReplyDelete

  5. [*] Send the direct link to target:

    [*] Or using tinyurl: Error


    [*] Waiting IPs and Credentials, Press Ctrl + C to exit...

    this what i got????

    ReplyDelete
    Replies
    1. Thanks Hackathon for valuable comment. Shellphish uses serveo.net ssh services to make connection. serveo.net is a free service and lots of user use this may be the server is busy and goes down. This problems happens sometime. Admin's of serveo usually fix it in 72 hours. Stay touched with us

      Delete
  6. how do you mkae sure the program is run using tor?

    ReplyDelete
    Replies
    1. This program is not using Tor. You need to torify your system manually. But we should send the generated URL from anonymous mail or anonymous sms services. There are tons of services available in internet.

      Delete
  7. You can order for youtube services on https://www.ytbuyviews.com and get fast youtube views ,subscribers ,likes and comments

    ReplyDelete
  8. What an awesome article.. If you want to get this and your other creations promoted then go through https://www.ytviews.in and you will be amazed to see how quickly your work gets advertised with full support and assistance

    ReplyDelete
  9. Do you want to grow your audience and views on your youtube channel ?
    you can easily place order on https://www.tubeviews.in

    ReplyDelete
  10. Creatorshala is india's largest community of content creators, if you u are a blogger,influencer and youtuber, you can create your creators account on https://www.creatorshala.com/

    ReplyDelete
  11. the url just work in my own pc which installed kali but in other pc and phone do not work. why just it work in their own pc and the link dosent work in other pc and phone?

    ReplyDelete
    Replies
    1. It is working on local Network. You need to forward your port from router settings or try our new article on it https://www.kalilinux.in/2020/03/port-forwarding-without-router-2020.html

      Delete
  12. Setup is a significant advance and the guidelines ought to be followed intently. The last advance is transfer any records that you need to be gotten to on the wiki page Wikipedia page creation

    ReplyDelete
  13. Can you provide tutorial on creating your own custom phishing page? Thank you

    ReplyDelete
    Replies
    1. Hello thanks for your valuable comment. We can use weeman it can make any webpage into a phishing page. Follow this tutorial

      Delete

Please do not spam here. It is comment box not a spambox. Promotional links are not allowed.

Powered by Blogger.