Shellphish is an interesting tool that we came across that illustrates just how easy and powerful phishing tools have become today. The tool leverages some of the templates generated by another tool called SocialFish. The tool offers phishing templates for 18 popular sites, the majority are focused on social media and email providers. There is also an option to use a custom template if so desired.
Declarations: This article is posted only for educational purpose to spread awareness among people from being trapped in Phishing attack.
Table of Content
Phishing and Social Engineering
Installation
Exploring Templates
InstagramNetflixTwitter
Weaponization
Phishing Attack
Phishing and Social Engineering
Phishing is probably one of the biggest issues for most organizations today, with network and endpoint defensive technology getting better and better, the bad guys aren’t trying to go after the though route and instead of going for the low hanging fruit. Phishing is one of those issues where training the employees is your best defence – try your best to make sure they can spot a malicious email and make sure that they can report it easily so that appropriate action can be taken as quickly as possible. The train of thought behind saying this is that – it’s beneficial to depend on multiple nodes of human intelligence to spot a potential threat, because even if one person spots and reports a phishing mail, it’s possible to run mass searches and find who all were targeted by a campaign.
Social engineering is a very interesting subject to think about, in this context, it is basically using the victim’s familiarity and habits against them. Human beings are creatures of habit, we are so used to certain things in our life that when faced with them, we don’t think twice before acting on them.
As an example; we are aware that there are a lot of attempts to by hackers to compromise social media accounts, so if one receives an email from your preferred social media site that there was an attempt to break into your account or an email to review your accounts security settings, most people will click on the link and log into their account to check what’s going on. A hacker will use this against a victim, all they need to do is swap a real link with a malicious one. Shellphish is probably one of the easiest ways to generate that malicious link. Let’s have a look.
Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
Installation :
$ apt update && apt upgrade
$ apt install git
$ git clone https://github.com/thelinuxchoice/shellphish
$ cd shellphish
Run :
$ bash shellphish.sh
> select your option
it will generates phishing url ..Now send this url to victem for phishing..
Post a Comment