Skip to content

Latest commit

 

History

History
162 lines (123 loc) · 5.8 KB

README.md

File metadata and controls

162 lines (123 loc) · 5.8 KB

APhisher



[√] Description :

A python phishing script for login phishing, image phishing, video phishing and many more

[+] Installation

Install primary dependencies (git, python)
  • For Debian (Ubuntu, Kali-Linux, Parrot)
    • sudo apt install git && apt install python3
  • For Termux
    • sudo apt install git && apt install python3
Clone this repository
  • git clone https://github.com/Ap1311/APhisher.git
Enter the directory
  • cd APhisher
Install all modules(optional)
  • apt install python3-rich
Run the tool
  • python3 APhisher.py

Or, directly run

git clone https://github.com/Ap1311/APhisher.git && cd APhisher && python3 APhisher.py

Support

OS Support Level
Linux Excellent
Android Excellent
Windows Unsupported (Use docker/virtual-box/vmware)
BSD Never tested

Options

usage: APhisher.py [-h] [-p PORT] [-t TYPE] [-o OPTION]
                     [-T TUNNELER] [-r REGION] [-S SUBDOMAIN]
                     [-d DIRECTORY] [-f FEST] [-i YTID] [-u URL]
                     [-s DURATION] [-m MODE] [-e TROUBLESHOOT]
                     [--nokey] [--noupdate]

options:
  -h, --help            show this help message and exit
  -p PORT, --port PORT  MaxPhisher's server port [Default : 8080]
  -t TYPE, --type TYPE  MaxPhisher's phishing type index [Default :
                        null]
  -o OPTION, --option OPTION
                        MaxPhisher's template index [ Default : null ]
  -T TUNNELER, --tunneler TUNNELER
                        Tunneler to be chosen while url shortening
                        [Default : Cloudflared]
  -r REGION, --region REGION
                        Region for loclx [Default: auto]
  -S SUBDOMAIN, --subdomain SUBDOMAIN
                        Subdomain for loclx [Pro Account]
                        (Default: null)
  -d DIRECTORY, --directory DIRECTORY
                        Directory where media files will be saved
                        [Default : /sdcard/Media]
  -f FEST, --fest FEST  Festival name for fest template [Default:
                        Birthday]
  -i YTID, --ytid YTID  Youtube video ID for yttv template [Default :
                        6hHmkInZkMQ (NASA Video)]
  -u URL, --url URL     Redirection url for ip-tracking or login
                        phishing [Default : null]
  -s DURATION, --duration DURATION
                        Media duration while capturing [Default :
                        5000(ms)]
  -m MODE, --mode MODE  Mode of MaxPhisher [Default: normal]
  -e TROUBLESHOOT, --troubleshoot TROUBLESHOOT
                        Troubleshoot a tunneler [Default: null]
  --nokey               Use localtunnel without ssh key [Default:
                        False]
  --noupdate            Skip update checking [Default : False]

Features:

  • Multi platform (Supports most linux)
  • 100+ templates
  • Concurrent 4 tunneling (Cloudflared and LocalXpose, LocalHostRun, Serveo)
  • OTP Support
  • Credentials mailing
  • Easy to use
  • Possible error diagnoser
  • Built-in masking of URL
  • Custom masking of URL
  • URL Shadowing
  • Portable file (Can be run from any directory)
  • Get IP Address and many other details along with login credentials

Requirements

  • Python(3)
    • requests
    • rich
    • beautifulsoup4
  • PHP
  • SSH
  • 900MB storage

If not found, php, ssh and python modoules will be installed on first run

Tested on

  • Termux
  • Ubuntu
  • Kali-Linux
  • Parrot

Usage

  1. Run the script
  2. Choose a Website
  3. Wait sometimes for setting up all
  4. Send the generated link to victim
  5. Wait for victim login. As soon as he/she logs in, credentials will be captured

Solution of common issues

  • Some secured browsers like Firefox can warn for '@' prefixed links. You should use pure links or custom link to avoid it.
  • Termux from play store in not supported. Download termux from fdroid or github
  • VPN or proxy prevents tunneling and even proper internet access. Turn them off you have issues.
  • Some android requires hotspot to start Cloudflared and Loclx. If you face 'tunneling failed' in android, most probably your hotspot is turned off. Turn it on and keep it on untill you close MaxPhisher.
  • If you want mailing credentials then you need to use app password. Visit here and generate an app password, put that in mail_email.json. You may need to enable 2FA before it.

[!] Disclaimer

This tool is developed for educational purposes. Here it demonstrates how phishing works. If anybody wants to gain unauthorized access to someones social media, he/she may try out this at his/her own risk. You have your own responsibilities and you are liable to any damage or violation of laws by this tool. The author is not responsible for any misuse of APhisher!

[~] Find Me on :

  • Github

  • Gmail

  • Telegram

  • WhatsApp