AdvPhishing tool is the latest phishing technique in which you can easily access social media accounts of users . there are many type of tools like this but in this tool you can access social media accounts of user even if if two-factor authentication is activated. with the help of this tool not only you can access social media accounts, but you can access many more important accounts like :
Popular Payments Sites :
Popular Food Webpages :
Declarations : This article is posted only for educational purpose to spread awareness among people from being trapped in Phishing attack.
Social engineering is one of basic attack in which we can execute our plan with minimum efforts. social engineering as one of the simplest methods to gather information about a target through the process of exploiting human weakness that is inherit to every organization. with the help of social engineering you can collect sensitive information.
For example, most of the people are active on social media accounts these days, there is a lot of attentions in which fake emails are sent to take access to your accounts, some of them open those fake emails and follow their instructions. So that their accounts get compromised
- User can use AdvPhishing to obtain the target’s IP address.
- Easy for user to use.
- 32 different types of templates are available.
- Available on both Andorid ( Termux ) and Linux.
Testing on Following :
- Kali Linux – 2020.1a (version)
- Parrot OS – Rolling Edition (version)
- Ubuntu – 20 (version)
- Arch Linux
- Termux App
- sudo – [ MUST ]
- ngrok Token
Advphishing tool available for both android and linux, but we will use kali linux for testing purposes and give you an small intro of this tool. lets open kali linux and use the terminal to install this tool. Remember you must have root access.
We need to clone the AdvPhishing tool from github whose download link is provided below. After that this makes a folder named “AdvPhishing” on our desktop, to whom we have to go and execute the last command to setup this tool successfully.
git clone https://github.com/Ignitetch/AdvPhishing.git
It will take some time and in this meantime we will go to the web page, signup and get our ngrok token.
We saved our time 🙂 !! as you can see, we have reached the right place where we need to enter our ngrok token.
This is a recently released feature with the help of which we can get upcoming credentials on our Gmail account and we can even send those credentials to someone else but it is up to you whether you want to do it or not. If yes then follow our steps : first you have to open the following configuration file with your favorite file editor .
Here you have to add your gmail account username, password and the gmail account you want to send those credentials.
Now boot this tool using the following command and choose the template according to your requirement.
Nice 🙂 !! As you can see it gives us a phishing link that looks like a link to the actual domain. Just share the link to the victim and wait for the results.
Understand the Scenario : When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him. Thats it 🙂 !!
Now when the victim receives the actual OTP from Instagram, they will enter on the phishing page without any doubt.
Boom 🙂 !! As you can see, we have successfully obtained credentials as well as two factor authentication.
Amazing 🙂 !! The most awaited feature that you can see is that credentials have started coming to our gmail account as well.
Two Factor Authentication also here.
In the same way you can use different templates to perform phishing attacks.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.