ZPhisher -- Advanced Lazy Automated Phishing Script

ZPhisher is an advanced phishing tool-kit it is an upgraded version of Shellphish. It have the main source code from Shellphish but ZPhisher have some upgrade and have removed some unnecessary codes from Shellphish. It is devloped by HTR-Tech . ZPhisher can be run from Kali Linux and also can be run from Android devices using Termux. It is the all-in-one phishing framework in 2020.
ZPhisher -- Advanced Lazy Automated Phishing Script Kali Linux

ZPhisher have lots of phishing pages like:

1) Facebook
  • Facebook Normal Login Page
  • Fake Security Login Method (DarkSecDevelopers)
  • Facebook Voting Poll Method (DarkSecDevelopers)
  • Messenger Login Page (New)
2) Instagram
  • Normal Login Page
  • Instagram Auto Follower Phishing Page (thelinuxchoice)
  • Instagram Badge Verify Method (DarkSecDevelopers)
3) Google
  • Google Old Login Page
  • Google New Login Page
  • Google Voting Poll Method (DarkSecDevelopers)
4) Adobe Login Page

5) Badoo Login Page

6) CryptoCoinSniper Login Page

7) Deviantart Login Page

8) Dropbox Login Page

9) Ebay Login Page

10) Github Login Page

11) Linkedin Login Page

12) Microsoft Login Page

13) Netflix Login Page

14) Origin Login Page

15) Paypal Login Page

16) Pinterest Login Page

17) Playstation Login Page

18) Protonmail Login Page

19) Reddit Login Page

20) Snapchat Login Page

21) Spotify Login Page

22) Stackoverflow Login Page

23) Steam Login Page

24) Twitch Login Page

25) Twitter Login Page

26) Vk Login Page

27) Vk Poll Method (Hiddeneye)

28) Wordpress Login Page

29) Yahoo Login Page

30) Yandex Login Page

 Zphisher also have 4 port forwarding options
  • localhost         (For local network/LAN)
  • Ngrok             (For World-Wide WAN)
  • Serveo.Net      (For WAN)
  • Localhost.run  (For WAN)

Installing on Kali Linux

First we need to clone ZPhisher from it's GitHub repository by using following command:

git clone https://github.com/htr-tech/zphisher
The screenshot of the preceding command if following:

clonning zphisher

Then we need to go inside the zphisher directory using cd command:
cd zphisher
Here we need to give executable permission to the bash script by using following command:
sudo chmod +x zphisher.sh
The screenshot is following.

zphisher permissions

Now we are ready to run it. We can run it by using following command:

Then this bash script lead us to the main menu of the ZPhisher tool as shown in following screenshot:

zphisher main page

Here everything is very clear. For an example we choose 1 for Facebook and press enter.

facebook in this tool

Here we can choose whatever we think easy to trick our victim. For an example we choose 3 for a "Fake Security Login Page".

fake security login page

Now we can choose our port forwarding option. Here If we choose 1 then it will be for our local network (same WiFi or LAN) only, but we can choose the other options like ngrok serveo or localhost.run. (These are all free port forwarding services so sometimes some services may be down for overloading. In that case we need to choose other.)

Here  we choose 2 for ngrok.io. Then we wait for some seconds untill our link generated.

In the above screenshot we can see our link created on ngrok. Now we can send this link to our victim by SMS or mail or by any other way With some catchy social engineering technique.

If our victim opens it then he/she will see something like following screenshots:
phishing 2020
On Desktop

phishing mobile 2020
On Mobile Device

If our victim inputs the username and password then,

we got the password
 We got the credentials of our victim. Now it can be used to login victim's Facebook account.

Installing on Android (Termux)

We also can use it on Android through Termux application. First we need to install Termux from Google Play Store. Then we can open it and run a single command to update download and run the ZPhisher. The single command is following:

apt update && apt install git php curl openssh -y && git clone https://github.com/htr-tech/zphisher && cd zphisher && chmod +x zphisher.sh && bash zphisher.sh

How to be safe from this Attack

  • We should not click on any link through sms/email/website/chatroom or text messages etc.
  • we need to check the link is driving to original Facebook, mean to say check the links is https://www.facebook.com/ or not. If not and the page is looking like Facebook, then this might be a phishing page.
  • Windows user should use anti-virus and web-security software , like norton or McAfee . Linux user should take care before clicking unknown links.
This this tutorial is for educational purpose only. Phishing is a crime. If anyone do any illegal activity then we are not responsible for that.

If you like our tutorial or got an issue regarding this post please comment down, we always be happy to respond. If you liked our tutorials then visit our website regularly and for the quick updates follow us on Twitter and Medium.
Kali Linux


Post a Comment
  • Unknown photo
    UnknownApril 7, 2020 at 8:48 AM

    Why is my Kali Linux looking different? I enter the first line of code and it says it's not a command. I'm on windows 10, please help.

    Delete Comment
  • AnonymousApril 7, 2020 at 11:47 PM

    Hi, generated links by zphisher is working of course, but... It's working only for me. Even if i try connect to generated link on another ip it is not working, can't connect. For what i need phishing if it is working only for me? :D

    Delete Comment
  • shanewarner photo
    shanewarnerApril 22, 2020 at 5:41 PM

    The post is written in very a good manner and it contains many useful information for me.

    gexton security app

    Delete Comment
    • AnonymousAugust 11, 2021 at 12:11 PM

      For how much time the phishing link is valid? Like zshadow was having a time of 6 hours within this Timeperiod the victim has to login otherwise the link will be invalid.

      Delete Comment
      • Kali Linux photo
        Kali LinuxAugust 11, 2021 at 5:43 PM

        This creates a tunnel for port forwarding jobs. No defined time for this. With a super strong network we can use it for longer without closing the connection.

        Delete Comment
      • Programming kits photo
        Programming kitsMay 9, 2020 at 2:32 AM

        Please, I'm done with the command, everything is done but it's not showing any url

        Delete Comment
        • Kali Linux photo
          Kali LinuxMay 9, 2020 at 10:40 AM

          you should try it on localhost. If the localhost is working on your own network then it is because of port forwarding services. The services are free so the servers goes down sometimes.. Wait for some hours and try again. nogrok is good you should try ngrok.

          Delete Comment
        • Pankaj Rawat photo
          Pankaj RawatMay 11, 2020 at 9:24 PM

          How to uninstall zphisher in termux

          Delete Comment
          • ^Blank^ photo
            ^Blank^June 28, 2020 at 3:28 PM

            It is giving an error respiratory not found

            Delete Comment
            • Kali Linux photo
              Kali LinuxJune 29, 2020 at 10:34 AM

              We think you have typing mistakes please check the command and try again.

              Delete Comment
              • AnonymousJune 30, 2020 at 10:57 PM

                I am using ngrok port but it is taking too much time to intialize and not giving me the link and others port is also not working

                Delete Comment
                • Kali Linux photo
                  Kali LinuxJuly 1, 2020 at 8:36 AM

                  These ngrok and other services are free to use so they are over-loaded many times. Try after some times or buy a paid service from ngrok. We usually use portmap for our own uses.

                  Delete Comment
                • Unknown photo
                  UnknownJuly 17, 2020 at 9:54 PM

                  it says that i dont have the php installed how can i fix that i am new to this

                  Delete Comment
                  • Unknown photo
                    UnknownJuly 17, 2020 at 10:23 PM

                    I fixed that problem and the only problem i have now is that the link is not appearing

                    Delete Comment
                    • Kali Linux photo
                      Kali LinuxJuly 18, 2020 at 7:25 AM

                      Which port forwarding services you have tried? Serveo ? Serveo may be down you can try others? Or you can host them on localhost and run port forwarding services manually.

                      Delete Comment
                    • AnonymousAugust 11, 2020 at 12:04 PM

                      i downloaded kalilinux from microsoft store i tried ngork local host and servo.net but link remains blank sometimes it shows cannot read realtime clock invalid argument can u find a fix for this

                      Delete Comment
                      • Kali Linux photo
                        Kali LinuxAugust 11, 2020 at 6:48 PM

                        Yes it happens. The problem comes from Microsoft. You installation uses WSL (Windows Subsystem for Linux)method. Check the solution here.

                        Delete Comment
                      • AnonymousAugust 28, 2020 at 8:57 AM

                        i install te program but send a error

                        [~] Initializing...(localhost:5555)
                        [!] Error [!] Please Install All Packges.

                        the only error when i try to install is with the OPENSSH

                        Delete Comment
                      • Unknown photo
                        UnknownSeptember 3, 2020 at 8:21 AM

                        yes error h

                        Delete Comment
                        • Unknown photo
                          UnknownSeptember 14, 2020 at 10:04 PM

                          Is root necessary for android users?

                          Delete Comment
                        • AnonymousSeptember 20, 2020 at 12:58 PM

                          I'm on 2020.3 with zsh, it seems i'm stuck on initializing

                          Delete Comment
                        • PHYTON BEGNER photo
                          PHYTON BEGNERNovember 2, 2020 at 5:26 AM

                          and where the victim's password and name go

                          Delete Comment
                        • AnonymousFebruary 1, 2021 at 10:23 AM

                          How do I re-run zphisher, after sending link and it's opened, it doesn't show login details,

                          Delete Comment
                        • Unknown photo
                          UnknownFebruary 1, 2021 at 10:25 AM

                          How long does the link take to expire, or it doesn't and can be opened after days. If termux is closed, how do I retrieve the password if it was entered

                          Delete Comment
                          • Kali Linux photo
                            Kali LinuxFebruary 1, 2021 at 5:27 PM

                            The time depends on the tunnel connection. Saying it very tough how much time connection will stay. Usually we have checked the connection stays for some hours didn't tried for a day. If you trying for it, then please give us your valuable feedback.
                            And if termux closed then you will not get the password. You can minimize it.

                            Delete Comment
                          • Erwin Rommel photo
                            Erwin RommelMarch 7, 2021 at 10:01 PM

                            For most of the phishing links I see three options -
                            1. serveo.net
                            2. ngrok.io
                            3. localhost.run

                            which among this is the best and reliable ?

                            Also what is the difference between them and NoIP ?

                            Delete Comment
                            • Kali Linux photo
                              Kali LinuxMarch 9, 2021 at 7:49 AM

                              It depends, when serveo is busy we choose localhostrun or ngrok. We suggest to use portmap.io, it is good.

                              Serveo/ngrok/localhost just creates tunnel to our localhost that we can access our localhost on the internet, with a port forwarded. no-ip is a different thing, no-ip makes dynamic ip to static ip. It can't help us on forwarding port.

                              Delete Comment
                            • AnonymousApril 21, 2021 at 8:13 AM

                              Is there a way customize the url? I've heard that you can customize phishing links, but can't seem to figure it out.

                              Delete Comment
                            • Lfobia photo
                              LfobiaApril 29, 2021 at 4:08 AM

                              can u tell me how to change website from Zphishr? if i want binance.com
                              can i change from sorce code?

                              Delete Comment
                              • Kali Linux photo
                                Kali LinuxApril 30, 2021 at 11:17 AM

                                Yah you can change the source code for personal use. It's an open-source project. But an easy option will be "weeman" ssearch for 'weeman' on our website you will get this Thanks.

                                Delete Comment
                              • Unknown photo
                                UnknownMay 23, 2021 at 6:51 AM

                                After entering the link of git I'm ..it was compressing objects bt after that while I execute cd zphisher .it's not working it remain same.

                                Delete Comment
                                • Mhfooz photo
                                  MhfoozAugust 14, 2021 at 4:53 AM

                                  Sir my insta is hacked how to open zphisher

                                  Delete Comment
                                  • Kali Linux photo
                                    Kali LinuxAugust 14, 2021 at 7:03 PM

                                    Please read the article carefully. It will guide you. You need any help? Will be happy to help you.

                                    Delete Comment
                                  • AnonymousAugust 29, 2021 at 8:41 PM

                                    hello im trying ./zphisher and it doenst run lol

                                    Delete Comment
                                  • Unknown photo
                                    UnknownSeptember 20, 2021 at 12:44 AM

                                    Hi sir I add all the commands after that it ask me for username and password kindly tell me what is the username and password?

                                    Delete Comment