Phishing is one of many oldest methods used for hacking social media and bank accounts. Today we’re going to review the phishx tool. An easy to make use of the script for all of the complicated tasks of constructing a phishing page and setting it as much as social engineer a victim.
Before phishing, use to be a pain, especially for beginners who have no idea web site designing and web programming languages. Now with scripts just like the Phishx tool, any regular non-coder can even make phishing web sites for hacking people. It can be a superb tool for pentesters which was the original intention of constructing the tool.
What is Phishx?
Phishx is an automated phishing script made in python. It has ready-made templates for hacking most of the famous sites. It is a superb alternative for individuals who have no idea how to make their phishing pages. Those people can use this tool to make clever phishing attacks. Do note this tool was meant for pentesting and do use it for a similar intent.
It also supports mobile versions of the sites, which makes it helpful in phishing attacks. This tool is ideal for spear phishing attacks by which the victims are targeted individually, and social engineering is used together with the victim’s information to trace the victim into believing that it’s a legitimate page.
So with out further ado, let’s start phishing with phishx.
DISCLAIMER: This is an academic article meant to aware and educates readers concerning the hacks. Do not use this tool or web site on any web site. Do not apply or execute any method or use tools with out concern of the party. Use this text just for educational functions.
PhishX Phishing Tool
1) Installation of Phishx
PhishX works with Kali Linux OS and Parrot Sec OS. It also works with all of the Linux based systems available on the web.
To install phishx phishing script in your Linux system. Do the next steps:
Step 1: Open Linux terminal:
Step 2: Clone the phishx tool with the next commands:
git clone https://github.com/WeebSec/PhishX.git
Step 3: Install all of the requirements and dependencies for phishx phishing tool.
After cloning, Use the next commands on Kali Linux to install and setup Phishx:
Chmod +x installation.sh
2)Running the Phishing tool
Use the next command to start the PhishX tool:
Once the tool is run, you’ll be greeted with the next page. As you’ll be able to see. There are ready-made templates to phishing and hack most of the popular web sites like Twitter, Facebook, Instagram, Google, steam, Github, LinkedIn, Pinterest, and quora.
Step 5) Phishing with Phishx
The PhishX interface is simple to make use of and could be easily mastered with a few tries.
The on-screen options are default templates available for hacking the respective web sites with spear-phishing attacks. So let’s say we desired to hack a Gmail(Google) account by using a phishing attack. We can select number four which can start prepping the phishing page for hacking the target. You want to offer the next info to be sure that the attack is accurate and more convincing for a phishing attack.
The spear-phishing attack wants the next target information: the Email address, username, cellphone number(optional), and the location(if known) is required to make the phishing attack more convincing. Also, you must provide a spoofed email to the tool which can act because the sender to the victim.
Once the required information is provided, the tool generates a phishing link which is to be shared to the target victim. The page looks exactly just like the original page, however only the URL shall be different.
If the target victim enters his username and credentials on that fake phishing page data in that page, the sensitive information together with location and IP address is captured and sent to the attacker machine as shown below:
Thus we now have completed a the phishing attack with out any coding or technical expertise. Phishing is that this easy these days.
How to protect your self from phishing attacks?
- Do not click on links from unknown sources, especially emails and download links from unknown or untrusted sources.
- Make sure you check the URL of the web site you might be logging into. Sensitive information shouldn’t be used on untrusted web sites
- Do not use public wifi as they’re most susceptible to phishing attacks and man within the middle attacks.
- Always use web sites with https. Do not use web sites which don’t provide https (say no to http)encryption and protection.
- Always use a great antivirus and a browser plugin for a similar antivirus. Many antivirus software like Norton, quick heal, McAfee, and avast provide browsing and phishing protection. Use it.
- Do not install apps from unknown sources as they’ve spyware and trojans embedded into them which can be utilized for backdoors and social engineering.
- Do not give out your email ids and mobile numbers to web sites unless you completely want it.
- Use two-factor authentication and authenticator apps to make sure a high level of security. Googles authenticator app is a superb example.