Home Page / ZPhisher In Termux
Zphisher is a powerful phishing tool that allows users to create phishing pages for various websites. This guide will walk you through the process of installing and using Zphisher on Termux, a terminal emulator for Android.
Note: This article is for educational purposes only. We have written this article to instruct you about such kinds of phishing attacks that are done by attackers. We are not responsible for any misuse of this article or tool.
Prerequisites
Before we begin, ensure you have the following:
- An Android device with Termux installed.
- A stable internet connection.
How To Install ZPhisher in Termux
Follow the below steps one by one carefully to avoid any error while installing ZPhisher to your Termux.
1. First, open Termux and update your package lists to ensure you have the latest versions of all packages. Run the following commands:
pkg update && apt pkg -y
2. Install all the dependencies that are required to function ZPhisher properly. ZPhisher needs PHP, wget, curl, OpenSSH, and git to work correctly. So let’s install these dependencies by using the below command.
apt install git php openssh curl wget -y
3. Now, clone the Zphisher repository from GitHub. This will download all the files needed to run Zphisher:
git clone https://github.com/htr-tech/zphisher
4. Change your directory to the Zphisher folder:
cd zphisher
5. Give shell script file permission to read, write, and execute.
chmod +x zphisher.sh
6. Run the shell script file to begin the installation of the Zphisher.
bash zphisher.sh
7. That’s it Zphisher has been installed. Now you can run Zphisher every time by executing the above command.
For Linux (Ubuntu/Debian):
- Update and Install Packages:
sudo apt update && sudo apt upgrade sudo apt install git php curl wget unzip -y- Clone Zphisher:
git clone https://github.com/htr-tech/zphisher- Navigate and Run:
cd zphisher bash zphisher.sh2. Using Pre-built Templates
Zphisher comes with pre-designed templates for popular platforms like:
- Social Media: Facebook, Instagram, Twitter.
- Email Services: Gmail, Outlook, Yahoo.
- E-commerce: Amazon, eBay.
- Entertainment: Netflix, Spotify.
Steps:
- Launch Zphisher:
bash zphisher.sh3. Port Forwarding Setup
Using Ngrok:
- Install Ngrok:
pkg install wget wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip unzip ngrok-stable-linux-arm.zipConfigure Ngrok:
Get an authentication token by signing up at ngrok.com.
./ngrok authtoken <your_auth_token>Run Zphisher:
Ngrok will automatically start, generating a sharable link.
Using Cloudflared:
- Install Cloudflared:
pkg install cloudflared- Run Zphisher with Cloudflared:
Select the Cloudflared option from the port forwarding menu.
- Share the Link:
Cloudflared will generate a secure link for you to share.
4. Adding Custom Templates
You can create your own phishing pages to target custom platforms.
Steps:
- Navigate to the
sites/Directory:
cd zphisher/sites- Create a New Folder:
mkdir custom_site cd custom_site- Add HTML and PHP Files:
- HTML: Design your phishing page (login forms, etc.).
- PHP: Write a script to capture credentials and store them.
- Update Zphisher Script:
- Edit the
zphisher.shfile to include your new site in the menu.
5. Ethical Use Examples
Security Awareness Training:
- Create phishing simulations for employees.
- Share generated links via email or message to test their responses.
- Use results to identify training gaps and educate employees.
Testing Website Security:
- Simulate attacks on your own website to check its vulnerability.
- Identify weak points in login forms or anti-phishing measures.
Cybersecurity Workshops:
- Demonstrate phishing attacks during ethical hacking courses.
- Teach students how to detect phishing attempts.
6. Troubleshooting Common Errors
Command Not Found:
- Ensure required packages are installed:
pkg install php curl git -yPort Forwarding Not Working:
- Verify your internet connection.
- Reconfigure Ngrok:
./ngrok authtoken <your_auth_token>Generated Link Not Opening:
- Test the link in an incognito browser to ensure it’s accessible.
How to use Zphisher in Termux
Once Zphisher is running, you will see a menu with various phishing page options. Select the one you want to use by typing the corresponding number and pressing Enter.
Set Up the Phishing Link – Zphisher will generate a phishing link using a tunneling service like Ngrok. Copy this link and send it to your target.
Collect Credentials – When the target enters their credentials on the phishing page, Zphisher will capture and display them in the Termux window.
Using Zphisher on Termux is straightforward if you follow these steps.
Important Features of Zphisher
- Pre-built Templates:
- Comes with over 30 templates for platforms like Facebook, Instagram, Twitter, and more.
- New templates can be added for other websites.
- Automated Port Forwarding:
- Includes support for Ngrok, Cloudflared, and LocalhostRun for sharing phishing links over the internet.
- Ease of Use:
- Simple, command-line-based interface with detailed instructions for beginners.
- No need for advanced configurations.
- Multiple Platform Support:
- Works on Termux, Linux, and other Unix-based systems.
How to Use Zphisher Safely and Ethically
- Obtain Permission: Always get consent from the target or organization before conducting any phishing simulations.
- Use in a Secure Environment: Perform tests in a lab or sandbox environment to avoid unintended consequences.
- Comply with Laws: Ensure you adhere to cybersecurity laws and ethical guidelines in your region.
- Educate, Not Exploit: Use Zphisher to educate users and improve security—not for malicious purposes.
Alternatives to Zphisher
If you’re looking for similar ethical tools, consider the following:
- SocialFish: Another phishing simulation tool for ethical hacking.
- HiddenEye: An advanced phishing tool with more social engineering templates.
- PhishSim: A commercial platform for phishing awareness training and simulations.
Discover more from MNS.Code.Blog
Subscribe to get the latest posts sent to your email.
MNS.Code.Blog 