Scaler
Academy
Data Science
Neovarsity
New
Skill Test
Free Masterclass
Search for Articles, Topics
Zphisher - Automated Phishing Tool in Kali Linux

Zphisher - Automated Phishing Tool in Kali Linux

By Himanshu Gaikwad
3 mins read
Last updated: 14 Sep 2023
170 views
Learn via video courses
Topics Covered

Overview

Phishing is a malicious activity where personal information from unsuspecting victims is stolen by malicious actors. It is a type of social engineering attack where harmful agents pretend to represent a well-known organization and try to obtain a victim's personal information like login credentials.

There are several tools available for phishing like Social Engineering Toolkit, and Zphisher among others. These contain templates designed like popular websites, for example, Gmail, Facebook, Instagram, etc.

Using these templates, hackers and malicious actors can create genuine-looking website pages and steal information and credentials from victims.

What is Zphisher?

Zphisher is a powerful open-source phishing tool. Zphisher contains phishing templates for popular websites like Facebook, Gmail, Instagram, and Snapchat. We can also use custom templates provided by third parties.

The Zphisher tool is an upgraded version of an existing tool called Shellphish. This upgraded version carries over the older source code of the Shellphish tool but also has some upgrades and optimizations over the older tool.

The developer behind the Zphisher tool is Tahmid Rayat, from Bangladesh. They are known as 'htr-tech' on GitHub. The Zphisher GitHub is https://github.com/htr-tech/zphisher. The tool is written in PHP while the templates are written in HTML and CSS.

zphisher tool

Zphisher can be run on unix-like systems like Linux and even Android using platforms like Termux.

Uses and Features of Zphisher

  • Zphisher is an open-source phishing tool
  • It is pre-packaged in Kali Linux, a Linux distribution designed for pen-testing.
  • Zphisher is a simple tool written using PHP with its templates written in HTML and CSS.
  • Zphisher provides templates for popular websites like Gmail, Facebook, Instagram, Snapchat, WordPress, and Spotify.
  • Zphisher also supports using custom third-party templates.

Installation

The Zphisher tool can be installed from the bash script in the git repository of the Zphisher tool. Zphisher is available out of the box in Kali Linux.

Install Zphisher on a Linux distribution

Zphisher GitHub has all the instructions required to install Zphisher.

First, we clone the repository by running the command:

Then we move into this cloned directory by running the command: cd zphisher

cloning the zphisher repository

Once inside this directory, we run the Zphisher bash script that installs all the dependencies required by the Zphisher tool and installs them. The script then installs and sets up Zphisher.

We can run the bash script by running the command:

installing zphisher and its dependencies

This installs the Zphisher tool on the Linux system.

Install Zphisher on Termux

Termux is an Android application that provides a Linux-like terminal interface on an Android device.

Let's see how to install Zphisher in Termux:

  • Start by adding the tur-repo on Termux by running the command:

  • Then install the zphisher package using pkg by running:

  • Once done, the Zphisher tool is installed on Termux. To run Zphisher, we call the executable by running: zphisher

Using Zphisher Tool

The Zphisher tool is operated from the command line, i.e., from the terminal of a Linux distribution.

To start the tool, run the phisher command from the terminal after installing it. We can also use the shell script used to install from zphisher github to run it.

running zphisher

Now select a template. This template is a clone of the login page of the website selected and is used for phishing purposes. We can select any template entering its index number in Zphisher, for example: 02 for Instagram.

running zphisher with a template

The zphisher tool then asks the method for generating a URL. We need to select the URL generation method that suits us. This depends on various factors like service availability, the time required for the generated URL to stay up, etc.

Once selected, zphisher generates a URL shared with the victim. Once the victim opens the URL, their IP address is saved in a file.

If the victim enters their credentials, they are saved inside a text file as well and they are redirected to the original site from the fake phishing page.

The same process can be used with templates for some other sites as well to retrieve an individual's credentials.

Conclusion

  • Zphisher is an open-source phishing tool that can be used to retrieve personal information from unsuspecting individuals like their login credentials.
  • The Zphisher tool has templates for popular websites like Gmail, Instagram, Snapchat, etc., and these templates are used to phish victims.
  • Zphisher also allows the use of custom templates.
  • The Zphisher GitHub lists the installation instructions for installing the tool but it comes installed out of the box on the Kali Linux distribution.
  • It can also be installed on Termux.
  • It is illegal to use such tools on unsuspecting individuals without their prior consent. This article is only written for educational purposes.

See More

Best Linux Distros