zphisher

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

11,081

3,674

11,081

190

View on GitHub

Top Related Projects

sherlock

57,727

Hunt down social media accounts by username across social networks

social-engineer-toolkit

10,692

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Osintgram

9,456

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

theHarvester

11,058

E-mails, subdomains and names Harvester - OSINT

phoneinfoga

12,767

Information gathering framework for phone numbers

Quick Overview

Zphisher is an automated phishing tool designed for educational and ethical testing purposes. It provides a collection of phishing page templates and automates the process of setting up phishing sites. The tool is intended for security professionals and researchers to assess vulnerabilities and raise awareness about phishing attacks.

Pros

Easy to use with a simple command-line interface
Includes a wide variety of pre-built phishing templates
Supports multiple tunneling options for hosting phishing pages
Regularly updated with new templates and features

Cons

Can be misused for malicious purposes if not handled responsibly
Requires careful handling of sensitive information during testing
May be detected by antivirus software as a potentially harmful tool
Legal and ethical considerations must be strictly observed when using

Getting Started

To get started with Zphisher:

Clone the repository:

git clone https://github.com/htr-tech/zphisher.git

Navigate to the Zphisher directory:
```
cd zphisher
```
Run the script:
```
bash zphisher.sh
```
Follow the on-screen prompts to select a phishing template and tunneling option.
Use the generated link for your authorized testing purposes only.

Remember to always obtain proper authorization and follow legal and ethical guidelines when using this tool.

Competitor Comparisons

sherlock

57,727

Hunt down social media accounts by username across social networks

Pros of Sherlock

Broader scope: Searches for usernames across 300+ websites, not limited to phishing
More ethical usage: Designed for OSINT and legitimate investigations
Active development: Frequent updates and contributions from the community

Cons of Sherlock

More complex setup: Requires Python and additional dependencies
Limited to username searches: Doesn't provide phishing or social engineering tools
Higher resource usage: Can be slower and more resource-intensive for large-scale searches

Code Comparison

Zphisher (Bash script):

banner() {
    clear
    echo -e "\e[93m    ______      _     _     _               "
    echo -e "\e[93m   |___  /     | |   (_)   | |              "
    echo -e "\e[93m      / / _ __ | |__  _ ___| |__   ___ _ __ "
    echo -e "\e[93m     / / | '_ \| '_ \| / __| '_ \ / _ \ '__|"
}

Sherlock (Python):

def print_error(err, errstr, var, debug=False):
    if debug:
        print(f"\033[37;1m[\033[91;1m-\033[37;1m]\033[91;1m {errstr}\033[93;1m {err}")
    else:
        print(f"\033[37;1m[\033[91;1m-\033[37;1m]\033[91;1m {errstr}\033[93;1m {var}")

The code snippets show that Zphisher is primarily a Bash script focused on creating a user interface for phishing attacks, while Sherlock is a Python-based tool with more sophisticated error handling and output formatting for username searches across multiple platforms.

social-engineer-toolkit

10,692

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Pros of social-engineer-toolkit

More comprehensive toolkit with a wider range of social engineering attacks
Actively maintained with regular updates and contributions
Includes advanced features like website cloning and spear-phishing attacks

Cons of social-engineer-toolkit

Steeper learning curve due to more complex features
Requires more setup and dependencies
May be overkill for simple phishing scenarios

Code comparison

social-engineer-toolkit:

# Import necessary modules
from src.core.setcore import *
from src.core.menu import text

# Display the main menu
show_main_menu = create_menu(text.main_text, text.main_menu)

zphisher:

# Check for dependencies
dependencies() {
    echo -e "\n${GREEN}[${WHITE}+${GREEN}]${CYAN} Checking required packages..."
    if [[ -z $(command -v php) ]]; then
        echo -e "\n${RED}[${WHITE}!${RED}]${RED} PHP is not installed."
        exit 1
    fi
}

The code snippets show different approaches: social-engineer-toolkit uses Python with a modular structure, while zphisher is primarily written in Bash, focusing on simpler phishing setups.

Osintgram

9,456

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Pros of Osintgram

Focused on Instagram OSINT, providing detailed user information
Offers multiple analysis options like followers, followings, and hashtags
Generates visual reports and exports data in various formats

Cons of Osintgram

Limited to Instagram platform only
Requires Instagram credentials to function
More complex setup process with additional dependencies

Code Comparison

Osintgram (Python):

def printUsers(data, username, maxdata):
    if len(data) > 0:
        count = 0
        for user in data:
            if count == maxdata:
                break
            print(str(count) + ") " + user['username'] + " | " + user['full_name'])
            count += 1

Zphisher (Bash):

banner() {
    cat <<- EOF
		${RED}
		${RED} ______      _     _     _               
		${RED} |___  /     | |   (_)   | |              
		${RED}    / / _ __ | |__  _ ___| |__   ___ _ __ 
		${RED}   / / | '_ \| '_ \| / __| '_ \ / _ \ '__|
		${RED}  / /__| |_) | | | | \__ \ | | |  __/ |   
		${RED} /_____|  __/|_| |_|_|___/_| |_|\___|_|   
		${RED}       | |                                
		${RED}       |_|                ${WHITE}Version : 2.2
	EOF
}

While Osintgram focuses on data extraction and analysis from Instagram, Zphisher is a phishing tool with a broader scope across multiple platforms. Osintgram's code demonstrates its data handling capabilities, while Zphisher's code showcases its user interface elements.

theHarvester

11,058

E-mails, subdomains and names Harvester - OSINT

Pros of theHarvester

Focuses on information gathering and reconnaissance, providing valuable data for security assessments
Supports multiple search engines and data sources for comprehensive results
Actively maintained with regular updates and contributions

Cons of theHarvester

More complex to use, requiring some technical knowledge
Limited to information gathering, lacking phishing simulation capabilities
May require additional tools for a complete security assessment workflow

Code Comparison

theHarvester:

from theHarvester.discovery import *
from theHarvester.discovery.constants import *
search = googlesearch.search_google(word, limit, start)
search.process()

Zphisher:

#!/bin/bash
banner() {
    echo -e "\e[1;31m"
    cat <<- EOF
    ______      _     _     _
    |___  /     | |   (_)   | |
       / / _ __ | |__  _ ___| |__   ___ _ __
      / / | '_ \| '_ \| / __| '_ \ / _ \ '__|
    EOF
}

While both tools are used in cybersecurity, they serve different purposes. theHarvester is primarily for information gathering and reconnaissance, while Zphisher focuses on creating phishing pages for social engineering tests. theHarvester uses Python and integrates with various search engines, whereas Zphisher is a Bash script that sets up phishing templates. The choice between them depends on the specific security testing requirements.

phoneinfoga

12,767

Information gathering framework for phone numbers

Pros of phoneinfoga

More focused and specialized tool for phone number information gathering
Provides detailed OSINT data on phone numbers, including carrier and location info
Actively maintained with regular updates and improvements

Cons of phoneinfoga

Limited to phone number reconnaissance, less versatile than Zphisher
Requires more technical knowledge to set up and use effectively
May have legal implications depending on usage and jurisdiction

Code comparison

phoneinfoga:

func (s *Scanner) ScanNumber(number string) (*Number, error) {
    n, err := NewNumber(number)
    if err != nil {
        return nil, err
    }
    s.Number = n
    return s.Number, nil
}

Zphisher:

tunnel_menu() {
    if [[ -e ".server/ngrok" ]]; then
        echo -e "\n${GREEN}[${WHITE}1${GREEN}]${CYAN} Ngrok"
    else
        echo -e "\n${GREEN}[${WHITE}1${GREEN}]${RED} Ngrok ${YELLOW}[Not Installed]${WHITE}"
    fi
}

Both repositories serve different purposes. phoneinfoga is a Go-based tool for gathering information about phone numbers, while Zphisher is a bash-based phishing tool. The code snippets reflect their respective focuses, with phoneinfoga handling phone number scanning and Zphisher managing tunneling options for phishing campaigns.

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

A beginners friendly, Automated phishing tool with 30+ templates.

Disclaimer

Any actions and or activities related to Zphisher is solely your responsibility. The misuse of this toolkit can result in criminal charges brought against the persons in question. The contributors will not be held responsible in the event any criminal charges be brought against any individuals misusing this toolkit to break the law.

This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way.

This Tool is made for educational purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then Get the hell out of here!

It only demonstrates "how phishing works". You shall not misuse the information to gain unauthorized access to someones social media. However you may try out this at your own risk.

Features

Latest and updated login pages.
Beginners friendly
Multiple tunneling options
- Localhost
- Cloudflared
- LocalXpose
Mask URL support
Docker support

Installation

Just, Clone this repository -

git clone --depth=1 https://github.com/htr-tech/zphisher.git

Now go to cloned directory and run zphisher.sh -
```
$ cd zphisher
$ bash zphisher.sh
```
On first launch, It'll install the dependencies and that's it. Zphisher is installed.

Installation (Termux)

You can easily install zphisher in Termux by using tur-repo

$ pkg install tur-repo
$ pkg install zphisher
$ zphisher

A Note :

Termux discourages hacking .. So never discuss anything related to zphisher in any of the termux discussion groups. For more check : wiki

Installation via ".deb" file

Download .deb files from the Latest Release
If you are using termux then download the *_termux.deb

Install the .deb file by executing

apt install <your path to deb file>

$ dpkg -i <your path to deb file>
$ apt install -f

Run on Docker

Docker Image Mirror:

DockerHub :
```
docker pull htrtech/zphisher
```

GHCR :

docker pull ghcr.io/htr-tech/zphisher:latest

By using the wrapper script run-docker.sh

$ curl -LO https://raw.githubusercontent.com/htr-tech/zphisher/master/run-docker.sh
$ bash run-docker.sh

Temporary Container
```
docker run --rm -ti htrtech/zphisher
```
- Remember to mount the auth directory.

Dependencies

Zphisher requires following programs to run properly -

git
curl
php

All the dependencies will be installed automatically when you run Zphisher for the first time.

Tested on

Ubuntu
Debian
Arch
Manjaro
Fedora
Termux

:: Workflow ::

Find Me on:

Thanks to all contributors:

_1RaY-1	_{Aditya Shakya}	_{Ali Milani}	_AmnesiA	_KasRoudra	_{Moises Tapia}
_Mr.Derek	_{Mustakim Ahmed}	_sepp0	_TripleHat	_Yisus7u7

Top Related Projects

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot