Skip to main content

Ultimate phishing tool in python with dual tunneling, 77 templates and many more!

Project description

PyPhisher



[√] Description :

Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and many others.

[*]Announcement

This project is now a part of MaxPhisher. Further bug fixes and feature addition will be available in that

[+] Installation

Install dependencies (git, python, php ssh)
  • For Debian (Ubuntu, Kali-Linux, Parrot)
    • sudo apt install git python3 python3-pip php openssh-client -y
  • For Arch (Manjaro)
    • sudo pacman -S git python3 python-pip php openssh --noconfirm
  • For Redhat(Fedora)
    • sudo dnf install git python3 php openssh -y
  • For Termux
    • pkg install git python3 python-pip php openssh -y
Clone this repository
  • git clone https://github.com/KasRoudra/PyPhisher
Enter the directory
  • cd PyPhisher
Install all modules
  • pip3 install -r files/requirements.txt --break-system-packages
Run the tool
  • python3 pyphisher.py

Or, directly run

wget https://raw.githubusercontent.com/KasRoudra/PyPhisher/main/pyphisher.py && python3 pyphisher.py

Pip

  • pip3 install pyphisher [For Termux]
  • sudo pip3 install pyphisher --break-system-packages [For Linux]
  • pyphisher

Docker

  • sudo docker pull kasroudra/pyphisher
  • sudo docker run --rm -it kasroudra/pyphisher

Support

OS Support Level
Linux Excellent
Android Excellent
iPhone Alpha (Recommended docker)
MacOS Alpha (Recommended docker)
Windows Unsupported (Use docker/virtual-box/vmware)
BSD Never tested

Options

usage: pyphisher.py [-h] [-p PORT] [-o OPTION] [-t TUNNELER]
                    [-r REGION] [-s SUBDOMAIN] [-u URL] [-m MODE]
                    [-e TROUBLESHOOT] [--nokey] [--noupdate]

options:
  -h, --help            show this help message and exit
  -p PORT, --port PORT  PyPhisher's server port [Default : 8080]
  -o OPTION, --option OPTION
                        PyPhisher's template index [Default : null]
  -t TUNNELER, --tunneler TUNNELER
                        Tunneler to be chosen while url shortening
                        [Default : Cloudflared]
  -r REGION, --region REGION
                        Region for loclx [Default: auto]
  -s SUBDOMAIN, --subdomain SUBDOMAIN
                        Subdomain for loclx [Pro Account]
                        (Default: null)
  -u URL, --url URL     Redirection url after data capture [Default :
                        null]
  -m MODE, --mode MODE  Mode of PyPhisher [Default: normal]
  -e TROUBLESHOOT, --troubleshoot TROUBLESHOOT
                        Troubleshoot a tunneler [Default: null]
  --nokey               Use localtunnel without ssh key [Default:
                        False]
  --noupdate            Skip update checking [Default : False]

Features:

  • Multi platform (Supports most linux)
  • Easy to use
  • Possible error diagnoser
  • 77 Website templates
  • Concurrent 4 tunneling (Cloudflared, Loclx and LocalHostRun, Serveo)
  • Upto 8 links for phishing
  • OTP Support
  • Argument support
  • Credentials mailing
  • Built-in masking of URL
  • Custom masking of URL
  • URL Shadowing
  • Redirection URL settings
  • Portable file (Can be run from any directory)
  • Get IP Address and many other details along with login credentials

Relevant Tools by Me

Requirements

  • Python(3)
    • requests
    • rich
    • beautifulsoup4
  • PHP
  • SSH
  • 900MB storage

If not found, php and python modoules will be installed on first run

Tested on

  • Termux
  • Ubuntu
  • Kali-Linux
  • Arch
  • Fedora
  • Manjaro

Usage

  1. Run the script
  2. Choose a Website
  3. Wait sometimes for setting up all
  4. Send the generated link to victim
  5. Wait for victim login. As soon as he/she logs in, credentials will be captured

Example

PyPhisher

Video Tutorial

PyPhisher in Termux
PyPhisher in Kali Linux by InfoSecPat
PyPhisher in Kali Linux by Sathvik

Whats new in 1.8?

  • Mailing
    • Now you can send credentials to any email. You just need a gmail and app password to use this feature. Edit the data in files/email.json
  • Custom Preview
    • Now you can set a custom social media preview of your link. Enter a website url when asked in shadow url. Your link will have same appearence as that website in whatsapp/messenger/telegram etc. Note this only works with Cloudflared urls
  • OTP Support
    • 20 templates will show an option to enable otp pages
  • Saved
    • An option to view all saved credentials just from PyPhisher. This credentials won't get deleted in PyPhisher update

Whats new in 1.9?

  • Loclx
    • Introducing a new port forwarding/tunneling service named localxpose or loclx. It is quite slower but still usable
  • Docker image
    • A docker image is published which can be pulled and run
  • PIP
    • This project is now also available in PIP

Whats new in 2.0?

  • LocalHostRun
    • Introducing a new port forwarding/tunneling service named localhost.run. It works over ssh without binaries
  • Redirection url
    • Users can decide where the victim will be redirected after data is captured

Solution of common issues

  • Some secured browsers like Firefox can warn for '@' prefixed links. You should use pure links or custom link to avoid it.
  • Termux from play store in not supported. Download termux from fdroid or github
  • VPN or proxy prevents tunneling and even proper internet access. Turn them off you have issues.
  • Some android requires hotspot to start Cloudflared and Loclx. If you face 'tunneling failed' in android, most probably your hotspot is turned off. Turn it on and keep it on untill you close PyPhisher.
  • If you want mailing credentials then you need to use app password. Visit here and generate an app password, put that in files/email.json. You may need to enable 2FA before it.

[!] Disclaimer

This tool is developed for educational purposes. Here it demonstrates how phishing works. If anybody wants to gain unauthorized access to someones social media, he/she may try out this at his/her own risk. You have your own responsibilities and you are liable to any damage or violation of laws by this tool. The author is not responsible for any misuse of PyPhisher!

This repository is open source to help others. So if you wish to copy, consider giving credit!

Credits:

Some base codes and templates are from htr-tech, otp templates are from ignitech and url masking is inspired from jaykali

[*] Support

Want to show support? Just spread the word and smash the star button

Donate BTC: 3Lx8ikQQgZZpmFJzHDBuQHXzLXMeWMcZF3

[~] Find Me on :

  • Github

  • Gmail

  • Facebook

  • Messenger

  • Telegram

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyphisher-2.1.7.tar.gz (22.3 kB view details)

Uploaded Source

Built Distribution

pyphisher-2.1.7-py3-none-any.whl (25.3 kB view details)

Uploaded Python 3

File details

Details for the file pyphisher-2.1.7.tar.gz.

File metadata

  • Download URL: pyphisher-2.1.7.tar.gz
  • Upload date:
  • Size: 22.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.7.1 CPython/3.11.6 Linux/6.2.0-1015-azure

File hashes

Hashes for pyphisher-2.1.7.tar.gz
Algorithm Hash digest
SHA256 71e78518ac10a9d266cdf46f41ce57e556ca9eb27d7b2d78c0b1221ed7c18d2b
MD5 be1a289aec88dcff6a9b925a55907a99
BLAKE2b-256 5bd3e4743e73b799b141470b5f05cfea226bacf0e7eef37d08c440a1fb91beda

See more details on using hashes here.

File details

Details for the file pyphisher-2.1.7-py3-none-any.whl.

File metadata

  • Download URL: pyphisher-2.1.7-py3-none-any.whl
  • Upload date:
  • Size: 25.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.7.1 CPython/3.11.6 Linux/6.2.0-1015-azure

File hashes

Hashes for pyphisher-2.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 b2b65c2f6dc4e8c9c1b5486fc633d99cca5d4dee06bb4a3c5d6d03ffd1ca12e6
MD5 fbf6de011491aacae2b6f9202a53cf0e
BLAKE2b-256 b62ecf8b1701a79a9718ffdc0e035ffd70ab339ecc345cdfc0af28486810ba0c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page