PhishX

PhishX is a phishing tool that allows you to generate an HTML file that looks exactly like your chosen website but with a PHP script that allows you to capture the victim's credential once they entered it. All you have to do is generate the HTML file, copy the index.html, login.php and the creds.txt file to a web server, send a link to your victim and wait for him or her to enter the credential and everything will be captured and write to the creds.txt file.

Follow the instruction below to learn how to install and use PhishX.

1. Turn on your Kali machine, open a terminal and type in the following command:

git clone https://github.com/WeeSec/PhishX.git

cd PhishX

chmod +x installer.sh

bash installer.sh

2. Press Enter to continue

3. This can take long so wait patiently until it is done.

4. Now type in chmod +x PhishX.py follow by the command python3 PhishX.py

5. Now your screen should look like the one I have below.

6. From here choose what kind of phishing page you would like to create and press Enter. I chose Twitter for this demonstration.

7. Now fill out the information it is asking. If you are following my example, then enter the victim's username and email, then type in y for yes and press Enter.

8. After you press Enter on step 7, wait for a bit and you will see a screen like the one I have below. This screen shows you where you can get your index.html, login.php and the creds.txt file. Once you have located the three files, just upload them to any web server that support PHP. Now you are ready to send the link to your victim and phish his/her password.

9. Once the victim logs in with his or her credential, login.php will capture the credential and write it into the creds.txt file. Now you can just open that file and you should see the username and password.