 |
| Maxphisher Tool for Phishing attack ***Only for educational purpose*** |
What is Phising Attack
Phishing attacks are a type of cyber attack that has been around for many years, but they continue to be a significant threat to individuals and organizations alike. These attacks typically involve the use of fraudulent emails, messages, or websites that are designed to trick people into providing sensitive information. The attackers often impersonate a legitimate source, such as a bank or social media platform, in order to gain the victim's trust and convince them to divulge their personal information.
Phishing attacks can take many different forms, but they all share the same goal: to steal sensitive information from unsuspecting victims. Some phishing emails may ask the recipient to click on a link or download an attachment, which can then infect their device with malware or ransomware. Others may ask for login credentials or credit card details, which can be used for identity theft or financial fraud. In some cases, phishing attacks may also be used as a way to gain access to a company's network or systems, allowing the attackers to steal sensitive data or launch further attacks.
To protect against phishing attacks, it is important to be vigilant and cautious when receiving emails or messages from unknown sources. It is also important to verify the authenticity of any requests for sensitive information before providing it. This can be done by contacting the organization directly through a trusted channel, such as their official website or customer service hotline. Additionally, using strong passwords and keeping software up-to-date can help prevent malware infections and other types of cyber attacks.
How to protect yourself from phishing attacks
Phishing attacks are attempts by malicious actors to trick individuals into giving away their sensitive information such as passwords, credit card numbers, or personal details. Here are some steps you can take to protect yourself from phishing attacks:
- Be cautious of emails and messages from unknown senders: Don't click on links or download attachments from emails or messages sent by unknown senders. Be especially wary of emails that ask you to provide personal information or to update your account details.
- Verify the source: Check the sender's email address or the domain of the website that the email is directing you to. If it looks suspicious or unfamiliar, do not open it. You can also hover over the link to see the URL before clicking on it.
- Keep your software updated: Ensure that your computer, browser, and antivirus software are all up-to-date. This will help protect you against the latest threats and vulnerabilities.
- Use two-factor authentication (2FA): Two-factor authentication is an extra layer of security that requires you to provide a second piece of information (e.g., a code sent to your phone) in addition to your password. This can help prevent unauthorized access even if your password is compromised.
- Educate yourself: Stay informed about the latest phishing tactics and common scams. Be wary of any unsolicited requests for personal information, and learn to recognize the signs of phishing attacks.
Remember, the best defense against phishing attacks is to be vigilant and cautious. If you suspect that you have fallen victim to a phishing scam, take immediate action to protect your accounts and personal information.
Support :-
| OS | Support Level |
|---|---|
| Linux | Excellent |
| Android | Excellent |
| iPhone | Alpha (Recommended docker) |
| MacOS | Alpha (Recommended docker) |
| Windows | Unsupported (Use docker/virtual-box/vmware) |
| BSD | Never tested |
Features:-
- Multi platform (Supports most linux)
- 100+ templates
- Concurrent 3 tunneling (Cloudflared and LocalXpose, LocalHostRun)
- OTP Support
- Credentials mailing
- Easy to use
- Possible error diagnoser
- Built-in masking of URL
- Custom masking of URL
- URL Shadowing
- Portable file (Can be run from any directory)
- Get IP Address and many other details along with login credentials
Requirements
Python(3)requestsbs4rich
PHPSSH- 900MB storage
If not found, php, ssh and python modoules will be installed on first run
Tested on
TermuxUbuntuKali-LinuxArchFedoraManjaro
Usage
- Run the script
- Choose a Website
- Wait sometimes for setting up all
- Send the generated link to victim
- Wait for victim login. As soon as he/she logs in, credentials will be captured
How to Use Maxphiser
Install primary dependencies (git, python)
- For Debian (Ubuntu, Kali-Linux, Parrot)
sudo apt update && apt upgrade -ysudo apt install git python3 php openssh-client -y
- For Arch (Manjaro)
sudo pacman -S git python3 php openssh --noconfirm
- For Redhat(Fedora)
sudo dnf install git python3 php openssh -y
- For Termux
apt update && apt upgrade -ypkg install git python3 php openssh -y
Run the command
git clone https://github.com/KasRoudra/MaxPhisher
cd MaxPhisher
pip3 install -r files/requirements.txt
python3 maxphisher.py
Direct run cmd(auto)
wget https://raw.githubusercontent.com/KasRoudra/MaxPhisher/main/maxphisher.py && python3 maxphisher.py
Solution of common issues
- Some secured browsers like Firefox can warn for '@' prefixed links. You should use pure links or custom link to avoid it.
- Termux from play store in not supported. Download termux from fdroid or github
- VPN or proxy prevents tunneling and even proper internet access. Turn them off you have issues.
- Some android requires hotspot to start Cloudflared and Loclx. If you face 'tunneling failed' in android, most probably your hotspot is turned off. Turn it on and keep it on untill you close MaxPhisher.
- If you want mailing credentials then you need to use app password. Visit here and generate an app password, put that in
files/email.json. You may need to enable 2FA before it.
%20(2).jpg)
