What is ShellPhish?
A deceptive tactic often used to acquire access to user credentials for various online platforms involves what's known as a phishing attack. ShellPhish, developed by thelinkchoice and accessible as an open-source project on GitHub, facilitates the creation of thes links. To explore ShellPhish further, you can visit its GitHub page for additional details.
How shellPhish tool works?
ShellPhish functions by allowing users to create deceptive links resembling genuine social media login pages. When individuals unknowingly log in using the provided link, Information entered by individuals is recorded and accessible to the user. ShellPhish primarily employs port forwarding through two methods: SSH, which is currently non-functional, and Ngrok, the latter of which may have a bug.
NOTE: This post is only for Educational Purpse. This site and I do not support any criminal activity. If you are doing any sort of misuse of this information This site is not responsible for that. THIS SITE ONLY SUPPORT ETHICAL HACKING.
How to install ShellPhish in termux:
Step 1:
Update and upgrade the termux to the current date.
apt update && apt upgradePress N if ask about the version.
Step 2:
Install dependencies for ShellPhish without installing these packages you will get errors.
apt install php wget git
During the installation process, if prompted with a prompt asking if you want to proceed with the installation, simply press 'y' to confirm. This will install Php, wget, and git in Termux, all of which are essential components for utilizing ShellPhish. If you already have any of these components installed, you can omit their names from the command during installation.
Step 3:
Cloning the shellPhish project from the git Hub repository. (I have updated the link)
git clone https://github.com/AbirHasan2005/ShellPhish
Step 4:
Change directory to shellPhish.
cd Shellphish
Step 5:
Setting executable permissions for the shellPhish script.
chmod +x shellphish.sh
How to Use ShellPhish in termux:
Step 1:
Use the below command to run shellPhish.sh file in termux.
bash shellphish.sh
Step 2:
Now you have 29 available options. every social media name have an assigned number Like Instagram has 02 Netflix have 05 and so on.Here I am selecting Instagram but you can choose any of the 29 options. jsut type the number and press enter.
Step 3:
After selecting a specific social media platform, a variety of social engineering options tailored to that website will be presented. Users can then choose from these options based on their intended method of operation.
Here we need to select a port forwarding method and since all the port forwarding methods are malfunctioning, we have to use localhost. Type 1 to select localhost.
Step 5:
Now to create a tunnel from our local host to the internet we will use a single command. First of all open a new session in your termux(to open a new session you just have to swipe from left side of your screen to the right in termux terminal and then click on new session) and just copy and paste the below command but make sure to change your port number if you have a different one.
cloudflared tunnel --url http://127.0.0.1:1275
Step 6:
The above command sets up a cloudflared tunnel, resulting in a link that can be shared with the recipient. Please be mindful to use this tool responsibly and refrain from engaging in any unauthorized activities.
Working:
In the provided screenshot, you'll notice where the credentials are located. Additionally, you'll find details about the device being used, such as the user agent.
READ: [ Fix port forwarding issues in Termux ]
Conclusion:
Sellphish is a great tool and freely available. It has most of the decent pages. But keep in mind that this is not the only tool, people use other tools for the same purpose like ADVPhisher and Zphishier tool. If you didn't understood any part of the post. if you sitll have any issue make sure to comment, Stay inspired and never stop learning, and as always Stay Ethical.👾
.png)
61 Comments
Takes lot f time
ReplyDeletewhich part is taking more time?the installation or the use?
Deleteif you want to install quickly then i can give a single command to install the whole tool.
I'm using a Galaxy tab A SM-t387-v 9.0. I'm a newbie and think the one click method would work best for me. I would like to have access to other tutorials also. I have termux and API downloaded from the play store, do I need API or should I delete it?
DeleteI'm using a Galaxy tab A SM-t387-v 9.0. I'm a newbie and think the one click method would work best for me. I would like to have access to other tutorials also. I have termux and API downloaded from the play store, do I need API or should I delete it?
DeleteYou don't need API in the beginning and You can check my all post to Learn All about Termux, if you are interested to Learn something that is not on my website ,just Comment and i will write a complete post on it.
DeleteI'm interested I want to learn
DeleteInterested
DeleteInterested
DeleteTell me how to install in Android by easiest way
DeleteIts
Deleteapt update && apt upgrade -y && apt install git wget php unzip curl -y && git clone https://github.com/AbirHasan2005/ShellPhish && cd ShellPhish && chmod +x * && bash shellphish.sh
Deletejust paste this single line an it will be installed
thank youuuuuu...
DeleteBut how i have to install
Openssh
It is not working bro, they are blocking all the Port forwarding methods so now we only have Ngrok or Local host, also use other phishing tool, this tool is also malfunctioning
DeletePlease I need a single command
DeleteI'm using a Galaxy tab A SM-t387-v 9.0. I'm a newbie and think the one click method would work best for me. I would like to have access to other tutorials. I have termux and API downloaded from the play store, do I need API or should I delete it?
ReplyDeleteHere is the one single command to install shellphish in termux:
ReplyDeleteapt update -y && apt upgrade && apt install php wget git -y && git clone https://github.com/thelinuxchoice/shellphish && cd shellphish && chmod +x shellphish.sh
Now you have to just run the shellphish.
Ran once, but no info even after link was opened by victim. Wouldn't generate new link for anymore victims. Do you just keep using the same link?
ReplyDeleteTo do port Forwarding shellphish uses NGRok and to reset the NGrok you have to Restart the Termux After one use of the Link.
DeleteHello is it possible to customize ngrok link so that it will be difficult for victims to know they're being targeted, am also waiting for hidden eye tools usage eagerly,
ReplyDeleteI tried Bitly to customize this link but bitly bot crawl Everylink before Customizing it Therefor we Get IP of the Bot, but The link is still valid.You can try bitly by your self ,And let me know what you was the result for you.(Thank you ,I will write Hidden Eye post as soon as possible)
DeleteI am using WiFi so can't open hotspot
ReplyDeleteYes, But Ngrok is currently not working on WIF so we have to wait.(The Hotspot thing is maybe a Bug or they are doing this intentionally because people were miss-using the port forwarding a lot.(For Example Servo.net have stopped there service.))
DeleteBro can you help me
Deleteyes I can!
DeleteSend me your response at my email. dantefabillar984@gmail.com thanks.
Deletecan you also help me about this wifi and hotspot issue of ngrok. any help will be appreciated.
DeleteJust turn on your hotspot while using any phishing tool that uses Ngrok for tunneling.
DeleteYo hice todo el proceso antes me salían las 2 opciones no si quiero hacer el proceso x ngrok o server net..
ReplyDeletePero últimamente ya no me salen esas opciones y no me carga el enlace ngrok y eso que lo tengo instalado ya en termux alguien sabe aque se debe
¿Encendiste tu Hotspot antes de seleccionar la opción Ngrok?
DeleteCan I hack facebook account with shell phish?
DeleteHow to use termux
ReplyDeleteWhat shellphish can be used for PayPal.
ReplyDeleteCan we get a shellphish of PayPal?
ReplyDeletewtf bro? why do you wan't that?
DeleteAuto likes and comments for fb using termux please make a page about it
ReplyDeletePlease i need your help
ReplyDeleteWow it's Awesome! i like this information, it's help me to improve my knowledge Thank you
ReplyDeleteHow to recover or reconnect the server when the phishing website got timeout?
ReplyDeleteIs VPN is necessary for using termux?
ReplyDeleteno
DeleteI am stuck at here. I don't how. Please help me. I'm using Cherry Mobile Android.
ReplyDeleteIt ask me my Username and Password. But when successfully entered, it says repositories not found.
$ git clone https://github.com/thelinuxchoice/shellphish
Cloning into 'shellphish'...
Username for 'https://github.com': Yenux
Password for 'https://Yenux@github.com':
remote: Repository not found.
fatal: repository 'https://github.com/thelinuxchoice/shellphish/' not found
Need user for shellphish
ReplyDeleteLs enabled
ReplyDeleteHow to hack Facebook account
ReplyDeleteBro one problem. I am using Wifi networt to run this, so i cant use hotspot it. What will i do. Please replay Bro..
ReplyDeleteWhy i need to log in?
ReplyDeleteI sent a link of instagram to a person and if.i by mistake removed termux.from recent how can i get his /her credentials now.pls reply
ReplyDeleteYou won't get the credentials.
Deletebro u know ss7 attack
ReplyDeleteI know
DeleteHow and from should we install spellphish
ReplyDeleteEach time I do it it tells me send this link to the target but actually it doesn't give me a link
ReplyDeleteSorry bro If this tool is not working for you, just use below Tool
DeleteAdvPhisher
Username and password problem
ReplyDeleteforget this tool, just use below one
DeleteAdvPhisher
Plz tell how to fix GitHub username and password problem
ReplyDeleteSorry bro If this tool is not working for you, just use below Tool
DeleteAdvPhisher
git clone https://github.com/thelinuxchoice/shellphish asking for GitHub username and password
ReplyDeleteThis tool is maybe removed from the repository or they just made it private
DeleteSorry bro If this tool is not working for you, just use below Tool
AdvPhisher
I choosed option 1 for insta but its not giving the link
ReplyDeleteLast line was
Waiting vuctim open the link...
Use this tool Adv phishing
Delete