Shellphish is an automated, open-source phishing toolkit designed primarily for Linux and Termux environments. It simplifies the process of creating "look-alike" login pages for popular social media and email platforms—including Instagram, Facebook, Gmail, and Twitter—to test security awareness and demonstrate how attackers steal credentials. How the Tool Works
: git clone https://github.com/[username]/shellphish (Note: The exact URL varies as different users maintain forks). Navigate and Execute : cd shellphish bash shellphish.sh Ethical and Legal Considerations Navigate and Execute : cd shellphish bash shellphish
: Ensure Git and PHP are installed. sudo apt install git php It typically uses port forwarding services (like Ngrok
If you are looking for modern, actively maintained alternatives for professional security assessments, consider tools like GoPhish or Zphisher . Shellphish is an automated
To use tools like Shellphish on a Linux distribution (such as Kali Linux) or Termux, users typically follow these steps:
The tool operates by hosting a local server that presents a fake login page to the target. It typically uses port forwarding services (like Ngrok or Localhost.run) to make the local site accessible via the public internet.