Listen to this Post
Phisherman is an awareness application designed to demonstrate the impact of multi-factor authentication (MFA) bypasses. The tool allows users to simulate phishing attacks using Evilginx, a popular phishing framework. A demo app is hosted on https://sec565.rocks, where users can bring their own Evilginx instance, create the correct phishlet, and observe victim logins.
For self-hosting, instructions are provided in the repository’s README file. The entire setup, including Evilginx, can be run on a single host using Docker. Alternatively, users can deploy a production version from the hosted branch of the repository. More details can be found at https://lnkd.in/e4w5QZ7t.
You Should Know:
Here are some practical commands and codes to get started with Phisherman and Evilginx:
1. Install Docker (if not already installed):
sudo apt-get update sudo apt-get install docker.io
2. Clone the Phisherman Repository:
git clone https://github.com/your-repo/phisherman.git cd phisherman
3. Build and Run the Docker Container:
docker build -t phisherman . docker run -it --rm phisherman
4. Set Up Evilginx:
git clone https://github.com/kgretzky/evilginx2.git cd evilginx2 make ./evilginx -p ./phishlets/
5. Create a Phishlet:
Modify an existing phishlet or create a new one in the `phishlets` directory. Example:
name: "example_phishlet" description: "Example Phishlet for MFA Bypass"
6. Run Evilginx with the Phishlet:
./evilginx -p ./phishlets/ -l example_phishlet
7. Monitor Logs:
Use `docker logs` to monitor the Phisherman application:
docker logs <container_id>
8. Test the Setup:
Use a test email and password to simulate a victim login and observe the MFA bypass.
What Undercode Say:
Phisherman is a powerful tool for understanding the vulnerabilities in multi-factor authentication systems. By simulating real-world phishing attacks, it helps security professionals and organizations identify weaknesses in their MFA implementations. The integration with Evilginx makes it a versatile tool for red team exercises and security awareness training.
For further exploration, consider these additional Linux and Windows commands:
- Linux:
– `netstat -tuln` to check open ports.
– `tcpdump -i eth0` to capture network traffic.
– `iptables -L` to view firewall rules. Windows:
– `netstat -ano` to display active connections.
– `ipconfig /all` to view network configuration.
– `tasklist` to list running processes.
For more advanced techniques, refer to the official documentation of Evilginx and Docker. Stay vigilant and keep your systems secure!
References:
Reported By: Jean Francois – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
