ZPhisher -- Advanced Lazy Automated Phishing Script

ZPhisher is an advanced phishing tool-kit it is an upgraded version of Shellphish. It have the main source code from Shellphish but ZPhisher have some upgrade and have removed some unnecessary codes from Shellphish. It is devloped by HTR-Tech . ZPhisher can be run from Kali Linux and also can be run from Android devices using Termux. It is the all-in-one phishing framework in 2020.
ZPhisher -- Advanced Lazy Automated Phishing Script Kali Linux


ZPhisher have lots of phishing pages like:

1) Facebook
  • Facebook Normal Login Page
  • Fake Security Login Method (DarkSecDevelopers)
  • Facebook Voting Poll Method (DarkSecDevelopers)
  • Messenger Login Page (New)
2) Instagram
  • Normal Login Page
  • Instagram Auto Follower Phishing Page (thelinuxchoice)
  • Instagram Badge Verify Method (DarkSecDevelopers)
3) Google
  • Google Old Login Page
  • Google New Login Page
  • Google Voting Poll Method (DarkSecDevelopers)
4) Adobe Login Page

5) Badoo Login Page

6) CryptoCoinSniper Login Page

7) Deviantart Login Page

8) Dropbox Login Page

9) Ebay Login Page

10) Github Login Page

11) Linkedin Login Page

12) Microsoft Login Page

13) Netflix Login Page

14) Origin Login Page

15) Paypal Login Page

16) Pinterest Login Page

17) Playstation Login Page

18) Protonmail Login Page

19) Reddit Login Page

20) Snapchat Login Page

21) Spotify Login Page

22) Stackoverflow Login Page

23) Steam Login Page

24) Twitch Login Page

25) Twitter Login Page

26) Vk Login Page

27) Vk Poll Method (Hiddeneye)

28) Wordpress Login Page

29) Yahoo Login Page

30) Yandex Login Page


 Zphisher also have 4 port forwarding options
  • localhost         (For local network/LAN)
  • Ngrok             (For World-Wide WAN)
  • Serveo.Net      (For WAN)
  • Localhost.run  (For WAN)

Installing on Kali Linux

First we need to clone ZPhisher from it's GitHub repository by using following command:

git clone https://github.com/htr-tech/zphisher
The screenshot of the preceding command if following:

clonning zphisher

Then we need to go inside the zphisher directory using cd command:
cd zphisher
Here we need to give executable permission to the bash script by using following command:
sudo chmod +x zphisher.sh
The screenshot is following.

zphisher permissions

Now we are ready to run it. We can run it by using following command:

./zphisher.sh
Then this bash script lead us to the main menu of the ZPhisher tool as shown in following screenshot:

zphisher main page

Here everything is very clear. For an example we choose 1 for Facebook and press enter.

facebook in this tool

Here we can choose whatever we think easy to trick our victim. For an example we choose 3 for a "Fake Security Login Page".

fake security login page


Now we can choose our port forwarding option. Here If we choose 1 then it will be for our local network (same WiFi or LAN) only, but we can choose the other options like ngrok serveo or localhost.run. (These are all free port forwarding services so sometimes some services may be down for overloading. In that case we need to choose other.)

Here  we choose 2 for ngrok.io. Then we wait for some seconds untill our link generated.


In the above screenshot we can see our link created on ngrok. Now we can send this link to our victim by SMS or mail or by any other way With some catchy social engineering technique.

If our victim opens it then he/she will see something like following screenshots:
phishing 2020
On Desktop

phishing mobile 2020
On Mobile Device


If our victim inputs the username and password then,

we got the password
BINGO!
 We got the credentials of our victim. Now it can be used to login victim's Facebook account.

Installing on Android (Termux)


We also can use it on Android through Termux application. First we need to install Termux from Google Play Store. Then we can open it and run a single command to update download and run the ZPhisher. The single command is following:

apt update && apt install git php curl openssh -y && git clone https://github.com/htr-tech/zphisher && cd zphisher && chmod +x zphisher.sh && bash zphisher.sh

How to be safe from this Attack

  • We should not click on any link through sms/email/website/chatroom or text messages etc.
  • we need to check the link is driving to original Facebook, mean to say check the links is https://www.facebook.com/ or not. If not and the page is looking like Facebook, then this might be a phishing page.
  • Windows user should use anti-virus and web-security software , like norton or McAfee . Linux user should take care before clicking unknown links.
This this tutorial is for educational purpose only. Phishing is a crime. If anyone do any illegal activity then we are not responsible for that.

If you like our tutorial or got an issue regarding this post please comment down, we always be happy to respond. If you liked our tutorials then visit our website regularly and for the quick updates follow us on Twitter and Medium.
author-img
Kali Linux

Comments

65 comments
Post a Comment
  • Unknown photo
    UnknownApril 7, 2020 at 8:48 AM

    Why is my Kali Linux looking different? I enter the first line of code and it says it's not a command. I'm on windows 10, please help.

    Delete Comment
    • Kali Linux photo
      Kali LinuxApril 7, 2020 at 10:32 AM

      you should install your Kali in proper way.. Uninstall it and read our installation guide.

      A total Guide to install Kali Linux

      Delete Comment
      • Unknown photo
        UnknownOctober 26, 2021 at 5:30 PM

        hi
        i have been trying to use this software it works perfectly on my device but when I try it on another device on another network it says that the website is not found
        is there any solution to this plz inform me if there is any solution to this

        Delete Comment
        • Kali Linux photo
          Kali LinuxOctober 28, 2021 at 6:12 PM

          Did you got the ngrok URL? Sometimes Ngrok closes the tunnel, of course free services don't give the stability when they have a premium one.

          Delete Comment
        • AnonymousApril 7, 2020 at 11:47 PM

          Hi, generated links by zphisher is working of course, but... It's working only for me. Even if i try connect to generated link on another ip it is not working, can't connect. For what i need phishing if it is working only for me? :D

          Delete Comment
        • shanewarner photo
          shanewarnerApril 22, 2020 at 5:41 PM


          The post is written in very a good manner and it contains many useful information for me.


          gexton security app

          Delete Comment
          • AnonymousAugust 11, 2021 at 12:11 PM

            For how much time the phishing link is valid? Like zshadow was having a time of 6 hours within this Timeperiod the victim has to login otherwise the link will be invalid.

            Delete Comment
            • Kali Linux photo
              Kali LinuxAugust 11, 2021 at 5:43 PM

              This creates a tunnel for port forwarding jobs. No defined time for this. With a super strong network we can use it for longer without closing the connection.

              Delete Comment
            • Programming kits photo
              Programming kitsMay 9, 2020 at 2:32 AM

              Please, I'm done with the command, everything is done but it's not showing any url

              Delete Comment
              • Kali Linux photo
                Kali LinuxMay 9, 2020 at 10:40 AM

                you should try it on localhost. If the localhost is working on your own network then it is because of port forwarding services. The services are free so the servers goes down sometimes.. Wait for some hours and try again. nogrok is good you should try ngrok.

                Delete Comment
              • Pankaj Rawat photo
                Pankaj RawatMay 11, 2020 at 9:24 PM

                How to uninstall zphisher in termux

                Delete Comment
                • ^Blank^ photo
                  ^Blank^June 28, 2020 at 3:28 PM

                  It is giving an error respiratory not found

                  Delete Comment
                  • Kali Linux photo
                    Kali LinuxJune 29, 2020 at 10:34 AM

                    We think you have typing mistakes please check the command and try again.

                    Delete Comment
                    • AnonymousJune 30, 2020 at 10:57 PM

                      I am using ngrok port but it is taking too much time to intialize and not giving me the link and others port is also not working

                      Delete Comment
                      • Kali Linux photo
                        Kali LinuxJuly 1, 2020 at 8:36 AM

                        These ngrok and other services are free to use so they are over-loaded many times. Try after some times or buy a paid service from ngrok. We usually use portmap for our own uses.

                        Delete Comment
                      • Unknown photo
                        UnknownJuly 17, 2020 at 9:54 PM

                        it says that i dont have the php installed how can i fix that i am new to this

                        Delete Comment
                        • Unknown photo
                          UnknownJuly 17, 2020 at 10:23 PM

                          I fixed that problem and the only problem i have now is that the link is not appearing

                          Delete Comment
                          • Kali Linux photo
                            Kali LinuxJuly 18, 2020 at 7:25 AM

                            Which port forwarding services you have tried? Serveo ? Serveo may be down you can try others? Or you can host them on localhost and run port forwarding services manually.

                            Delete Comment
                          • AnonymousAugust 11, 2020 at 12:04 PM

                            i downloaded kalilinux from microsoft store i tried ngork local host and servo.net but link remains blank sometimes it shows cannot read realtime clock invalid argument can u find a fix for this

                            Delete Comment
                            • Kali Linux photo
                              Kali LinuxAugust 11, 2020 at 6:48 PM

                              Yes it happens. The problem comes from Microsoft. You installation uses WSL (Windows Subsystem for Linux)method. Check the solution here.

                              Delete Comment
                            • AnonymousAugust 28, 2020 at 8:57 AM

                              i install te program but send a error

                              [~] Initializing...(localhost:5555)
                              [!] Error [!] Please Install All Packges.

                              the only error when i try to install is with the OPENSSH

                              Delete Comment
                            • Unknown photo
                              UnknownSeptember 3, 2020 at 8:21 AM

                              yes error h

                              Delete Comment
                              • Unknown photo
                                UnknownSeptember 14, 2020 at 10:04 PM

                                Is root necessary for android users?

                                Delete Comment
                              • AnonymousSeptember 20, 2020 at 12:58 PM

                                I'm on 2020.3 with zsh, it seems i'm stuck on initializing

                                Delete Comment
                              • PHYTON BEGNER photo
                                PHYTON BEGNERNovember 2, 2020 at 5:26 AM

                                and where the victim's password and name go

                                Delete Comment
                              • AnonymousFebruary 1, 2021 at 10:23 AM

                                How do I re-run zphisher, after sending link and it's opened, it doesn't show login details,

                                Delete Comment
                              • Unknown photo
                                UnknownFebruary 1, 2021 at 10:25 AM

                                How long does the link take to expire, or it doesn't and can be opened after days. If termux is closed, how do I retrieve the password if it was entered

                                Delete Comment
                                • Kali Linux photo
                                  Kali LinuxFebruary 1, 2021 at 5:27 PM

                                  The time depends on the tunnel connection. Saying it very tough how much time connection will stay. Usually we have checked the connection stays for some hours didn't tried for a day. If you trying for it, then please give us your valuable feedback.
                                  And if termux closed then you will not get the password. You can minimize it.
                                  Thanks.

                                  Delete Comment
                                • Erwin Rommel photo
                                  Erwin RommelMarch 7, 2021 at 10:01 PM

                                  For most of the phishing links I see three options -
                                  1. serveo.net
                                  2. ngrok.io
                                  3. localhost.run

                                  which among this is the best and reliable ?

                                  Also what is the difference between them and NoIP ?

                                  Delete Comment
                                  • Kali Linux photo
                                    Kali LinuxMarch 9, 2021 at 7:49 AM

                                    It depends, when serveo is busy we choose localhostrun or ngrok. We suggest to use portmap.io, it is good.

                                    Serveo/ngrok/localhost just creates tunnel to our localhost that we can access our localhost on the internet, with a port forwarded. no-ip is a different thing, no-ip makes dynamic ip to static ip. It can't help us on forwarding port.

                                    Delete Comment
                                  • AnonymousApril 21, 2021 at 8:13 AM

                                    Is there a way customize the url? I've heard that you can customize phishing links, but can't seem to figure it out.

                                    Delete Comment
                                  • Lfobia photo
                                    LfobiaApril 29, 2021 at 4:08 AM

                                    can u tell me how to change website from Zphishr? if i want binance.com
                                    can i change from sorce code?


                                    Delete Comment
                                    • Kali Linux photo
                                      Kali LinuxApril 30, 2021 at 11:17 AM

                                      Yah you can change the source code for personal use. It's an open-source project. But an easy option will be "weeman" ssearch for 'weeman' on our website you will get this Thanks.

                                      Delete Comment
                                    • Unknown photo
                                      UnknownMay 23, 2021 at 6:51 AM

                                      After entering the link of git I'm ..it was compressing objects bt after that while I execute cd zphisher .it's not working it remain same.

                                      Delete Comment
                                      • Mhfooz photo
                                        MhfoozAugust 14, 2021 at 4:53 AM

                                        Sir my insta is hacked how to open zphisher

                                        Delete Comment
                                        • Kali Linux photo
                                          Kali LinuxAugust 14, 2021 at 7:03 PM

                                          Please read the article carefully. It will guide you. You need any help? Will be happy to help you.

                                          Delete Comment
                                        • AnonymousAugust 29, 2021 at 8:41 PM

                                          hello im trying ./zphisher and it doenst run lol

                                          Delete Comment
                                        • Unknown photo
                                          UnknownSeptember 20, 2021 at 12:44 AM

                                          Hi sir I add all the commands after that it ask me for username and password kindly tell me what is the username and password?

                                          Delete Comment
                                          • Kali Linux photo
                                            Kali LinuxSeptember 27, 2021 at 10:01 AM

                                            Thanks for noticing this. This tool got updated. We will update this article, but we need some time. Currently are working on some awesome articles. Please stay tuned. Thanks.

                                            Delete Comment
                                          • Unknown photo
                                            UnknownOctober 21, 2021 at 7:01 PM

                                            Sir , Link Is Working Fine in My Andriod but when i send to my frnd it is not working . can you suggest me some methods or technique to overcome this ?

                                            Delete Comment
                                            • Kali Linux photo
                                              Kali LinuxOctober 22, 2021 at 12:18 PM

                                              You are using the ngrok url? The tunnel connection closes randomly. This is for educational things. Not to hack your friend. Please don't do any illegal activity. We don't support it.

                                              Delete Comment
                                            • Unknown photo
                                              UnknownNovember 29, 2021 at 4:11 AM

                                              Is zphisher a malware or virus of some sort? Because i am just testing it out with my own facebook login and stuff. And my dad allowed me to test his too. So i need to know if we will get a virus or malware, or just get hacked. :-)

                                              Delete Comment
                                              • Kali Linux photo
                                                Kali LinuxNovember 29, 2021 at 5:35 PM

                                                No. It creates a login page just like Facebook. When you (victim) put your username and password there it will show it to you (attacker). In your case you are the victim as well as attacker.

                                                We like you. Always take permissions before doing penetration testing.

                                                Hope you understand what is zphisher do. For any more help we are always here. Thanks

                                                Delete Comment
                                              • TrozZ Sabin photo
                                                TrozZ SabinDecember 1, 2021 at 1:38 PM

                                                can you help me out in zphisher? when i sent the zphisher made link to victim, the page didnot open. it opened only in the wifi that i am connected in. please help me

                                                Delete Comment
                                                • Kali Linux photo
                                                  Kali LinuxDecember 3, 2021 at 9:51 AM

                                                  That because you are hosting that page in our localhost. You need to forward your port on your router settings then your public IP with port will be your URL of the page. You can know more about port forwarding from YouTube. If you don't have an static IP then follow our this ssh article to make that page public.

                                                  You need to learn more about networking, to be a good cybersecurity expert. Thanks.

                                                  Delete Comment
                                                • tell me something photo
                                                  tell me somethingDecember 5, 2021 at 1:18 PM

                                                  I have generated the link but I can't send it in instagram. The instagram block the link if i try sending it to any of my friend who is in insta. How do I solve it.

                                                  Delete Comment
                                                  • Kali Linux photo
                                                    Kali LinuxDecember 5, 2021 at 3:27 PM

                                                    There is some solution.

                                                    But we will not help you in your case. You are suppose to do some illegal activity, we don't support it.

                                                    Delete Comment
                                                    • Unknown photo
                                                      UnknownDecember 8, 2021 at 4:17 AM

                                                      you can just use bit.ly or smth. Why is it difficult??

                                                      Delete Comment
                                                      • Kali Linux photo
                                                        Kali LinuxDecember 9, 2021 at 8:28 AM

                                                        Nice Idea. Please have a try. Social media sites definitely thinks it before you.

                                                        Delete Comment
                                                      • tell me something photo
                                                        tell me somethingDecember 5, 2021 at 10:55 PM

                                                        I assure you my intentions are pure. There is nothing illegal in this. I am myself a tech guy and I am exploring things in zphisher. It's just for educational purpose.

                                                        Delete Comment
                                                      google-playkhamsatmostaqltradent