A modern, modular camera phishing framework capable of silently capturing
high-quality images from a target's webcam using social engineering templates
and a Cloudflare encrypted tunnel.
Developed by RGSecurityTeam — For educational & authorized penetration testing only.
This tool is developed strictly for educational purposes and authorized penetration testing only.
The developer of Evil-Eye is not responsible for any misuse or damage caused by this program.
Using this tool against any individual or system without explicit written permission is illegal.
By using this tool, you agree that you are solely responsible for your actions.
| Feature | Description |
|---|---|
| 📷 Silent Camera Capture | Captures images from the target's front camera via browser's getUserMedia API |
| 🌐 Cloudflare Tunnel | Instantly generates a public HTTPS link — no port forwarding needed |
| 🎭 5 Lure Templates | YouTube Live, Birthday Wish, Secret Message, Fake Instagram, AI Chatbot |
| 📍 IP & UA Logging | Logs victim's IP address and browser user-agent on link open |
| 🔧 Auto Dependency Install | Detects and installs missing tools automatically on first run |
| 🖥️ Cross-Distro Support | Kali Linux, Parrot OS, Ubuntu, macOS — auto-detects OS and architecture |
- Kali Linux
- Parrot OS
- Ubuntu / Debian
- macOS (with Homebrew)
Termux(Comeing soon...)
| Tool | Purpose | Install |
|---|---|---|
php |
Built-in web server | sudo apt install php |
php-cgi |
Fallback CGI server (Parrot OS) | sudo apt install php-cgi |
curl |
Network requests & health checks | sudo apt install curl |
wget |
Download cloudflared binary | sudo apt install wget |
jq |
JSON processing for templates | sudo apt install jq |
cloudflared |
Public HTTPS tunnel | Auto-downloaded on first run |
lolcat |
Colorful terminal banners | Auto-installed on first run |
git clone https://github.com/rgsecteam/evil-eye.gitcd evil-eyechmod +x evel.sh./evel.sh
cloudflaredandlolcatwill be installed automatically if not found.
[01] YouTube Live TV
Presents a fake YouTube Live stream page. Prompts the victim to allow camera access to "verify their age" or "enable interactive mode". You provide any YouTube video link which plays embedded on the page.
[02] Birthday Wish
A personalized birthday celebration page with animations, balloons, cake, and music. The victim's name is embedded in the page. Camera permission is requested to "take a birthday selfie".
[03] Secret Message
A mysterious page that claims to have a secret message for the target. You provide a .txt file with the message content which is loaded as a JSON data source. Camera access is triggered in the background.
[04] Fake Instagram Followers
A convincing fake page promising free Instagram followers. Victim is told camera verification is required to "prove they are human".
[05] AI Chatbot (Fake AI)
A fake AI assistant chat interface. Camera access is requested in the background while the victim interacts with the chat.
| Data | Location |
|---|---|
| Camera images | captured_imgs/cam<timestamp>.jpg |
| IP addresses | captured_ip.txt |
| OS | Version | Status |
|---|---|---|
| Kali Linux | 2024.x | ✅ Working |
| Parrot OS | 6.x | ✅ Working (with php-cgi) |
| Ubuntu | 22.04 / 24.04 | ✅ Working |
| macOS | Ventura / Sonoma | ✅ Working |
- Inspired by techchip's champhish project
- Camera capture engine adapted from wybiral's tiny-mirror
- Tunnel powered by Cloudflare Tunnel
Made with ❤️ by RGSecurityTeam
Use responsibly. Hack ethically.