5 Best Phishing Tools for Kali Linux

Phishing is the one of the best example for online scam, on a day to day basis every one is use internet, like email, social network , online merchandise, banking transaction where most of the situation you may use your login details or personal data, Phishing is kind of pretending like trusted source but it is not, It just look like original website or application that fake one steal your data for miss using, Here I sharing best 5 phishing tool for Kali Linux.

1. Shell Phish

Shellphish tool can create phishing pages of most popular social networking sites like. Facebook, Instagram etc. The tool offers phishing templates for 18 popular sites, the majority are focused on social media and email providers.

Shellphish tool can create phishing pages of most popular social networking sites like,

• Facebook
• Instagram
• Yahoo
• Twitter
• Netflix 

Step by step to install Shellphish in Kali Linux

Step 1: Open Terminal on Kali Linux and go to Desktop by entering 'cd Desktop'

Step 2: Create a directory i.e shellphish

              mkdir shellphish

Step 3: Download and install shellphish in the above directory

                 git clone https://github.com/suljot/shellphish.git

Step 4: Execute shellphish tool by type following command

                ./shellphish.sh

Step 5: Now you have successfully installed Shellphish

When you open Shellphish tool you can see multiple option to select particular site for phishing for example for Instagram [01], for Facebook you are getting[02] etc. Choose the site and you can see shellphish has created one URL, Which you can send to the target person, Once your target is open the link it look like original site and ask login credential. Once the target login you can see their login credential such as password and username, and victim will be redirected to the original Instagram page.

2. Hidden Eye

HiddenEye is an advanced phishing tool that has some additional features like keylogging and location tracking. The tool supports almost all major social media, e-commerce and business pages to be used as an attack vector against online targets.

 

Step by step to install Hide Eye in Kali Linux

HidenEye is a Python tool that requires Python3, PHP and SUDO as prerequisites. This tool supported by major all Linux distros as well as Kali too.

Step 1: You need to clone the tool from Github repository using the following command.

git clone https://github.com/DarkSecDevelopers/HiddenEye.git

Step 2: Go to the HiddenEye directory and run the requirement.txt file to install the requirement mentioned in the  file.

cd HiddenEye
sudo pip3 install -r requirements.txt

Step 3: Once the  installation is completed execute the tool,

Python3 HiddenEye.py

After completing all the installation you can see the list of option ,We can select any of the attack vectors by typing its sequence number in the command prompt.

3. Zphisher

Zphisher is an automated phishing tool for different types of phishing attacks. Zphisher also has multiple social engineering websites for different social media like you can use a basic Instagram phishing page or you can use get unlimited followers page.

 Features

• Latest and updated login pages.
• Mask URL support
• Beginners friendly
• Docker support.
• Multiple tunneling options-Localhost,Ngrok (With or without hotspot)

Step by step to install Zphisher in Kali Linux

Step 1: Clone the repository

$ git clone git://github.com/htr-tech/zphisher.git

Step 2: Change to cloned directory and run zphisher.sh -

$ cd zphisher
$ bash zphisher.sh

4. Ghost Phisher

Ghost Phisher is a wireless network audit and attack software that creates a fake access point of a network, which fools a victim to connect to it. It can used for credential phish and session hijacking.

Ghost Phisher Features :

• HTTP Server
• Inbuilt RFC 1035 DNS Server
• Inbuilt RFC 2131 DHCP Server
• Webpage Hosting and Credential Logger (Phishing)
• Wifi Access point Emulator
• Session Hijacking (Passive and Ethernet Modes)
• ARP Cache Poisoning (MITM and DOS Attacks)
• Penetration using Metasploit Bindings
• Automatic credential logging using SQlite Database
• Update Support

5. King Phisher

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It is n open source tool that can simulate real world phishing attacks.

Features:

• Run multiple phishing campaigns simultaneously
• Send email with embedded images for a more legitimate appearance
• Optional Two-Factor authentication
• Credential harvesting from landing pages
• SMS alerts regarding campaign status
• Web page cloning capabilities
• Integrated Sender Policy Framework (SPF) checks
• Geo location of phishing visitors
• Send email with calendar invitations