PyPhiser is an ultimate phishing tool in python. Includes popular websites like Facebook, Twitter, Instagram, Github, Reddit, Gmail, and many others.
Install primary dependencies (git and python)
- For Debian
sudo apt install git python -y
- For Arch
sudo pacman -S git python --noconfirm
- For Fedora
sudo yum install git python -y
- For Termux
pkg install git python -y
Clone this repository
git clone https://github.com/KasRoudra/PyPhisher
Enter the directory
Run the tool
Or, directly run
wget https://raw.githubusercontent.com/KasRoudra/PyPhisher/main/pyphisher.py && python3 pyphisher.py
usage: pyphisher.py [-h] [-p PORT] [-o OPTION] [--update | --no-update] options: -h, --help show this help message and exit -p PORT, --port PORT PyPhisher's server port [ Default : 8080 ] -o OPTION, --option OPTION PyPhisher's template index [ Default : null ] --update, --no-update Check for update (default: True)
- Multi-platform (Supports most Linux)
- 65 Website templates
- Dual Tunneling (Ngrok and Cloudflare)
- Easy to use
- Possible error diagnoser
- Built-in masking of URL
- Custom masking of URL
- Portable file (Can be run from any directory)
- Get IP Address and many other details along with login credentials
- 100MB storage
If not found, all of the required packages will be installed on the first run
- Run the script
- Choose a Website
- Wait sometimes for setting up all
- Send the generated link to the victim
- Wait for victim login. As soon as he/she logs in, credentials will be captured
This tool is developed for educational purposes. Here it demonstrates how phishing works. If anybody wants to gain unauthorized access to someone's social media, he/she may try out this at his/her own risk. You have your own responsibilities and you are liable to any damage or violation of laws by this tool. The author is not responsible for any misuse of PyPhisher!
This repository is open source to help others. So if you wish to copy, consider giving credit!
HTR-Tech and JayKaliCredits:
If this tool helped you, consider starting a repository. Your stars encourage me a lot!
Find Me on:
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky
When I attempt to git clone, Kali asks for github username and password…
There is a new version at https://github.com/KasRoudra/PyPhisher so you can check it out. If the problem will continue post an issue on the github page, and the developer will offer assistance.
Congratulation for your good job, but what about MFA?
Most of the services you added requires MFA. Only stealing username and password is not enough to demonstrate that hackers can gain access to your account.
Think about Modlishka. Very powerful tool, but unusable today, that could grab the MFA token as well.
If you can add this feature, your tool should become the first one to use do demonstrate to people how simple is to gain access to everyone’s account.