Skip to content

Cyber-Anonymous/Dark-Phish

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

core

core

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

dark-phish.py

dark-phish.py

 
 

version.txt

version.txt

 
 

Repository files navigation

Dark-Phish

Empowering Ethical Phishing for Security Assessment.

Dark-Phish Logo

Dark-Phish v2.2

Dark-Phish is a specialized phishing tool created for educational and security testing purposes. It provides users with the capability to simulate phishing attacks, enabling the assessment of system vulnerabilities and user awareness.

Features

  • Multiple Tunneling Options: Choose from various methods for flexible phishing simulation.

  • Auto-saved Credentials: Victim credentials are stored automatically.

  • Credential Management: Easily access and manage saved credentials.

  • Custom Phishing Templates: Create customized and convincing phishing scenarios.

  • OTP Capture: Efficiently collect one-time passwords for improved assessment capabilities.

  • URL Obfuscation: Dark-Phish conceals phishing URLs, making them appear trustworthy and less suspicious.

Tested on

  • Kali Linux
  • Termux

Installation

apt install python3 curl php git openssh nodejs npm -y
pip3 install requests wget pyshorteners
git clone https://github.com/Cyber-Anonymous/Dark-Phish.git
cd Dark-Phish

Usage

Before using Dark-Phish, ensure you have the necessary packages installed as mentioned in the installation section.

  • Run Dark-Phish
python3 dark-phish.py
  • For help and usage information
python3 dark-phish.py -h
  • To access saved credentials
python3 dark-phish.py -r

Help

python3 dark-phish.py -h

Name:
    Dark-Phish
    
Usage:
    python3 dark-phish.py [-h] [-p PORT] [-u] [-v] [-r]

Version:
    2.2

Options:
    -h,  --help                     Show this help massage.
    -p PORT,  --port PORT           Web server port [Default : 8080] .
    -u,  --update                   Check for updates.
    -v,  --version                  Show version number and exit.
    -r,  --retrieve                 Retrieve saved credentials.

OTP Capture Technique

  1. When a victim enters their credentials on the phishing page, the attacker immediately receives this information.
  2. The attacker, using the victim's credentials, logs into the legitimate website.
  3. The genuine website sends an actual OTP to the victim.
  4. Believing it's legitimate, the victim enters the OTP on the phishing page.
  5. The attacker intercepts the OTP, gaining access to the victim's credentials and logging in first.

Available tunnels

  1. Localhost
  2. Ngrok
  3. Cloudflared
  4. LocalXpose
  5. Serveo
  6. Localtunnel

Dark-Phish

Thanks to TheLinuxChoice

Disclaimer

Dark-Phish is intended for educational and testing purposes only. Any use of this tool for illegal or unethical activities is strictly prohibited. The authors and contributors are not responsible for any misuse or damage caused by Dark-Phish. Use it responsibly and ensure compliance with all applicable laws and regulations in your jurisdiction.

About

A Powerful Phishing Tool with 50+ phishing templates. For more about Dark-Phish tool please visit the website.

cyberanonymousofficial.blogspot.com/2023/11/dark-phish.html

Topics

toolkit phishing python3 penetration-testing phish social-engineering otp-phishing automated-phishing-tool cyber-anonymous advance-phishing dark-phish phishing-tool an-automated-phishing-tool powerful-phishing-tool a-complete-phishing-tool otp-phish

Resources

Readme

License

GPL-3.0 license
Activity

Stars

149 stars

Watchers

3 watching

Forks

33 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages