Fish is a phishing tool that inhabits a collection of webpages. It tries to replicate webpages as closely as possible for a hard to distinguish phishing page.
- Up-to-date login phishing page.
- Easily configurable, with a startup script.
- Has a menu that can be used to select the different sites (with color!).
- Can use any domain including but not limited to
Ngrok,Freenom,GoDaddyetc. - Has built-in option to install and use ngrok for a free public domain.
- Uses flask. Has options in the start-up script to configure the host and port.
$ git clone https://github.com/aarav2you/Fish.git
$ cd Fish/
$ pip install -r requirements.txt
$ python fish.py
You can specify the values it asks for when executing the app.py. Leaving the settings on default is the best option (just press ⏎). Refer to the table below for all values:
Enter redirect URL |
The link it will redirect the victim to after credentials have been logged in credentials.log. Default: https://www.office.com/?auth=2 |
|---|---|
Flask server host |
The local IP your flask server will run on. Default: 127.0.0.1 |
Flask server port |
The port your flask server will run on. Default: 80 |
Use ngrok |
This uses nGrokto to forward the phishing page to a public domain. More on this here. Default: n |
Usage of Fish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes. White hat hackers, best of luck, make sure you have consent!
We have built this with our ❤️. If you would like to contribute, please read how to contribute/contributing guidelines. If you would like to suggest, please open an issue with the label Enhancement.
Made lovingly by aarav2you and Kritagyaispro and others who contributed!
