Phishing is one of the oldest methods used for hacking social media and bank accounts. Today we are going to review the phishx tool. An easy to use the script for all the complicated tasks of making a phishing page and setting it up to social engineer a victim.
Before phishing, use to be a pain, especially for beginners who do not know website designing and web programming languages. Now with scripts like the Phishx tool, any regular non-coder can also make phishing websites for hacking people. It is also an excellent tool for pentesters which was the original intention of making the tool.
What is Phishx?
Phishx is an automated phishing script made in python. It has ready-made templates for hacking many of the famous sites. It is an excellent alternative for people who do not know how to make their phishing pages. Those people can use this tool to make intelligent phishing attacks. Do note this tool was meant for pentesting and do use it for the same intent.
It also supports mobile versions of the sites, which makes it useful in phishing attacks. This tool is perfect for spear phishing attacks in which the victims are targeted individually, and social engineering is used along with the victim’s information to track the victim into believing that it is a legitimate page.
So without further ado, let’s start phishing with phishx.
PhishX Phishing Tool
1) Installation of Phishx
To install phishx phishing script on your Linux system. Do the following steps:
Step 1: Open Linux terminal:
Step 2: Clone the phishx tool with the following commands:
git clone https://github.com/WeebSec/PhishX.git
Step 3: Install all the requirements and dependencies for phishx phishing tool.
After cloning, Use the following commands on Kali Linux to install and setup Phishx:
Chmod +x installation.sh
2)Running the Phishing tool
Use the following command to start the PhishX tool:
Once the tool is run, you will be greeted with the following page. As you can see. There are ready-made templates to phishing and hack many of the popular websites like Twitter, Facebook, Instagram, Google, steam, Github, LinkedIn, Pinterest, and quora.
Step 5) Phishing with Phishx
The PhishX interface is easy to use and can be easily mastered with a couple of tries.
The on-screen options are default templates available for hacking the respective websites with spear-phishing attacks. So let’s say we wanted to hack a Gmail(Google) account by using a phishing attack. We can select number 4 which will start prepping the phishing page for hacking the target. You need to provide the following info to make sure that the attack is accurate and more convincing for a phishing attack.
The spear-phishing attack needs the following target information: the Email address, username, phone number(optional), and the location(if known) is required to make the phishing attack more convincing. Also, you need to provide a spoofed email to the tool which will act as the sender to the victim.
Once the required information is provided, the tool generates a phishing link which is to be shared to the target victim. The page looks exactly like the original page, but only the URL will be different.
If the target victim enters his username and credentials on that fake phishing page data in that page, the sensitive information along with location and IP address is captured and sent to the attacker machine as shown below:
Thus we have completed a the phishing attack without any coding or technical expertise. Phishing is this easy nowadays.
How to protect yourself from phishing attacks?
- Do not click on links from unknown sources, especially emails and download links from unknown or untrusted sources.
- Make sure you check the URL of the website you are logging into. Sensitive information should not be used on untrusted websites
- Do not use public wifi as they are most prone to phishing attacks and man in the middle attacks.
- Always use websites with https. Do not use websites which do not provide https (say no to http)encryption and protection.
- Always use a good antivirus and a browser plugin for the same antivirus. Many antivirus software like Norton, quick heal, McAfee, and avast provide browsing and phishing protection. Use it.
- Do not install apps from unknown sources as they have spyware and trojans embedded into them which can be used for backdoors and social engineering.
- Do not give out your email ids and mobile numbers to websites unless you absolutely need it.
- Use two-factor authentication and authenticator apps to ensure a high level of security. Googles authenticator app is a great example.
Commonly Asked Questions about Phishx tool
Q1. Is hacking any account with phishing legal to use on anyone?
No, It is not legal and is considered unethical. Phishing and impersonating official websites is a crime according to many countries and might be a felony with serious charges. So beware.
Q2. Can I use Phishx tool with my android smartphone?
Yes, you can use your android device to use the phishing tool. Use an app such as termux or you can also use kali Linux nethunter for hacking.
Q3. What is the difference between a regular phishing attack and spear-phishing attack?
In spear phishing, the victim’s personal info is used to make the phishing attack more convincing. You show the target their email and mobile number and trick them into believing that the email is legit.
In regular phishing, you target many people with the same template. So there is no particular target.
I hope you liked this article, do share it. Help the community grow. Donate and support the site if you love our work.