Do you ever get an interesting content on the web and when you try to view it, you gotta sign in into your social account? If so, you should be cautious. In the year 2018 alone, U$ 315+ billion was lost due to hacking or its effects. The fun fact here is that 91% of hacking begins with phishing. So now with numbers and stats, you know how phishing is still in play and can do severe damage. So without any due, let’s study a new phishing tool today.

PhishX is a phishing tool which can perform a spear phishing attack to the victim. Spear phishing is a targeted phishing attack done on a specific individual. For this attack, some information about the target individual is needed first. PhishX is used to capture user’s credentials, the tool generates fake pages and adds target information to those pages. These pages are shared with the target user.

The page appears as a normal page to the user, but that page is meant to capture users information as the user enters its important data into those pages. PhishX created pages then come back to attackers computer for retrieval of information. The pages that can be cloned for spear phishing attack include websites like Facebook, Google, Twitter, Instagram, LinkedIn, Pinterest, Quora, and Steam. Except for LinkedIn, all available pages are supported for mobile version websites too. This is how PhishX works.

1) Installation

PhishX works with Kali Linux OS and Parrot Sec OS. Below are the commands for installing PhishX

Git clone https://github.com/WeebSec/PhishX.git

After cloning, install the tools and its requirements using the commands below

cd PhishX

Chmod +x installation.sh 

Bash installer.sh

PhishX Installation

2) Running PhishX

Use the following command for running PhishX

python3 PhishX.py

PhishX Execution

The PhishX inteeface can be seen after entering the above commands which enables you to choose options for spear phishing. Check the image below for the exact idea of the interface.

The list of options are nothing but website names of which you have to create a page for a spear phishing attack. If we select 4 i.e Google option, it will open the Google page creating a setup for a phishing attack. As the spear phishing attack needs the target information. If Google page is considered, then the Email address, username, phone number and location is required as a prerequisite. Also, spoofed email is to be provided to the tool

Once the information is provided, the tool generates a link which is to be shared to the target user.

Once the page is shared to the target user, the machine detects user interaction on the shared link page.

If the user will enter data in that page, the information along with location and IP address is captured and sent to the attacker.

Credential Captures

Thus completing the perfect phishing attack without the user even realizing it.

Happy Hacking.

Liked our Article? Share it.

Also, Read- Websites to get Anyone’s Personal Information

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here