It is the most important and well known attack in the field of hacking. In this attack the hacker makes a fake login page, link and package fake service page for its victims. It is usually a login page. As the victim sign in to that particular page hacker gets details like username, password and other important details of victim.
The fake login page may be the page of Facebook, twitter, G-mail, etc. Hackers make these pages and upload on any websites and who use it he is hacked. Mostly hackers send these pages on email, or they send it to victim during messaging or chat etc.
But here is the question that why hackers perform the phishing attack? Many persons may have different answers of this question and yes there are many answers of this question.
1) A hacker perform the phishing attack to use the real Facebook, G-mail, twitter etc. of the victim.
2) One can do this to black mail his victim
3) One can do cyber crimes by using Facebook, email, twitter of its victim
4) And many more answers are available for this question and all are correct.
But according to my view phishing attack is mainly performed by black hat hackers. These hackers are in danger of capturing by police and govt. And a hacker never wants to be arrest. So to save themselves from such a danger they get the account details of other persons by phishing attack and sign in with these accounts and use the accounts of other persons for different purposes. Black hat hackers also blackmail to others by their accounts and get money from victims.
There are many tools that are used for the phishing attack in kali Linux, here we will learn the use of important software that are used for phishing attack in kali Linux.
a) ZPHISHER:
It is too of kali Linux that is used to make the fake (login pages) for Facebook, G-mail, yahoo etc. for phishing attack. It is very easy tool to make a fake for login page for Facebook, G-mail etc. so, a hacker must learn it phishing attack.
Now to install zphisher on your kali Linux run the following commands;
(git clone https://GitHub.com/htr-tech/zphisher)
Then open the (zphisher) folder and here you will see a file (zphisher.sh). To run this file run the following commands;
(chmod +777 zphisher.sh)
(./ zphisher.sh)
Interface of zphisher
When you will run this file first time then some important packages like (Ngrok), (Cloudflare) etc. will install and second time you can use it directly. Now to make a fake login page select some option on zphisher and it will generate a (login link). Let’s consider that you want to hack the (Facebook account) of any person by phishing attack. So, to a generate (fake legion page) of Facebook select option (1) and press (Enter), then close the type of legion page as select (1) to make (traditional legion page) and press (Enter).
Then select your server select (3) for ngrok.io without hotspot and press (enter).
Server setting in zphisher
After this in a few time (link of Facebook fake legion page) will generate copy. The link and send to your victim by email, WhatsApp etc.
Now as victim will open this link and (legion) to it. Then his/her (username or email) and (password) for Facebook will capture and you can use it for your own benefits or black mailing. You can hack Gmail, PayPal, Ebay accounts etc. by zphisher using fishing attack. Phishing attack is not allowed but you must use it for ethical purpose only. So best of luck for phishing attack by zphisher.
Details captured in zphisher
b) PHISHX:
It is also a very powerful tool of kali Linux that is used for phishing attack. We can generate (fake login page) by Phishx for Facebook, Gmail, twitter, Instagram etc. it provide few login pages but it is very powerful and we can use it for phishing attack.
Interface of phishx
To install in it your kali Linux run the following commands;
(git clone https://GitHub.com/weebsec/phishx.git)
Then open the (phishx) folder, and (open terminal here) and run the command;
(chmod +x installer.sh)
(./installer.sh)
(python3 phishx.py)
After running python script phishx will start and you can use it your kali Linux for phishing attacks.
Now let consider that you want to generate a fake (login page) of (Twitter) for your victim so select (1) and press (Enter) then (Enter) the (username), (email) of your victim. Then type (y) and press (Enter) to confirm your setting.
Setting target in phishx
A new black window open and link will generate. Press (ctrl+c) to close the new black window.
Link generated in phishx
Then copy to link the send it to your victim by email, message or WhatsApp and he/she will enter his/her details in this fake page his/her city/ country location and login page will capture that we can use for our own benefit.
Phishx is limited and powerful than other phishing tools. Phishing is not allowed so and ethical purpose.
Details captured in phishx
c) HIDDENEYE:
It is also a very powerful tool of kali Linux that is used for phishing attack. It is used to generate the fake (login pages) for Facebook, google, yahoo etc. It works same as zphisher but its bit advance so, according to my opinion a hacker must it learn for phishing attacks.
To install it your kali Linux run the following commands;
(git clone https://GitHub.com/morsmalleo/hiddeneye)
Then open the (hideneye) folder. (Open terminal here) and run the following commands;
(pip3 install -r requirments.txt)
(python3 hiddeneye.py)
The type a dialogue as (I accept EULA) and press (Enter) to continue. Then hiddeneye will start and you can use it.
Now let consider that you want to create a fake (login page) of (google or Gmail) for victim to hack his/her Gmail account to select(2) an press (Enter) then select (1) and press (Enter) for standard page phishing then select (A) and press (Enter) for (KEYLOGGER) attack. The (Enter) the link of redirect you victim, as (gmail.com) and press (Enter). Then enter your port number between (1024-65535) as (5555) and press (Enter). Select your server as (01) for (ngrok) server and press (Enter) but for this you must have ngrok registered server. After this link will generate. Send this link of fake login page to your victim by email or WhatsApp etc. as your victim will his/her detail in your fake (login page) his/her detail will capture and you can use them for your own benefits or for black mailing.
Hiddeneye is powerful tool and phishing is not allowed but you must use it for ethical purpose. So best of luck for hiddeneye.
d) NPHISHER:
It is also a tool of kali Linux that is used for phishing attack. It is used to generate the (fake login pages) for Facebook, Gmail, PayPal, Ebay, WhatsApp etc. it is powerful tool of phishing attack, so a hacker should use it for phishing attack.
Now to install it your kali Linux run the following commands;
(git clone https://GitHub.com/alygnt/nphisher)
Then open the (Nhisher) folder. (Open terminal here) and run the following commands to run Nphisher;
(chmod+x nphisher.sh)
(./nphisher.sh)
After running this script Nphisher will open in your terminal and you can use it. Now let consider that you want to create fake login page of (linked in) for your victim to hack his/her (LinkedIn) account details. So, select (25) and press (Enter). Then select in (2) and press (Enter) for OTP.
Nphisher interface
Then select you server (02) (Enter) for (ngrok.io) but you must have ngrok registered account for this purpose. Then select (y) and press (Enter) to install ngrok if not installed.
Servers in nphisher
Then press (Enter) again, also can enter your (auth token). Then type (n) and press (Enter) for default port (4444). Then again type (n) and press (Enter). And again type (n) and press (Enter). A link of (fake login page) will generate.
Links for fake login page
Send this link to your victim by email, WhatsApp, message etc. As he/she will enter his/her
detail, the detail will capture and you can use them. So best of luck for NPHISHER.
Details of victim found in nphisher
e) PYPHISHER:
It is also a very powerful tool of kali Linux that is used for phishing attack. It is written in python language and used to generate the (fake login pages) for Facebook, Gmail, twitter etc. We can use it easily for phishing attacks.
Now to install it in your kali Linux run the following command;
(git clone https://GitHub.com/KasRoudra/PyPhisher)
Then open the (pyphisher) folder. Here you will see a file (pyphisher.py). (Open terminal here) and run the following command to use pyphisher;
(python3 pyphisher.py)
Interface of pyphisher
After running this command tool will open and you can use it.
Now let’s consider that you want to generate a fake (login page) of (GitHub) for your victim to hack his/her GitHub account. So select (54) and press (Enter). Then fake (login links) will generate for different servers like cloud flare, Ngrok.io etc. you can use any link depending upon your server you are using. But you must have registered (cloud flare or Ngrok.io) server for this purpose.
Links for different servers in pyphiser
Send link to your victim by email WhatsApp etc. As victim will enter his/her details then these details will capture in your terminal and you can use them. Press (Enter) in your terminal to see details.
Details captured in pyphisher
Pyphisher is easy and the powerful tool that can be used for phishing.