What is ShellPhish?
A phishing attack is the most common attack to get access to the victim's credentials of any website.ShellPhish is one of the phishing tools that allows you to create a phishing link using termux.ShellPhish is created by thelinkchoice and it's a project on Github.If you wanna know more about shellfishing then just go to their Github page.
How shellPhish tool works?
Using this tool you can create a link that will look like an exact page of the social media, when the victim will log in using your link, you will get the Credential at your terminal.ShellPhish uses port forwarding using 2 methods one of them is SSH (which currently not working). the second one is Ngrok which I think has a bug but I will tell you how to use it properly.
NOTE: This post is only for Educational Purpse. This site and I do not support any criminal activity. If you are doing any sort of misuse of this information This site is not responsible for that. THIS SITE ONLY SUPPORT ETHICAL HACKING.
[Working 28/7/2022]
How to install ShellPhish in termux step-by-step:
Step 1:
Update and upgrade the termux to the current date.
apt update && apt upgradePress N if ask about the version.
Step 2:
Install dependencies for ShellPhish without installing this tool you will get errors.
apt install php wget git
(While installing if it is asking do you wanna install just press y.)
This will install Php wget and git in termux which will be used while using ShellPhish.
If you already have any of this you can remove the name from command while installing.
Step 3:
Cloning the shellPhish project from the git Hub repository. (I have updated the link)
git clone https://github.com/AbirHasan2005/ShellPhish
Step 4:
Change directory to shellPhish.
cd Shellphish
Step 5:
Granting access permission to the shellPhish.sh file.
chmod +x shellphish.sh
How to Use ShellPhish in termux:
Step 1:
Use the below command to run shellPhish.sh file in termux.
bash shellphish.sh
Step 2:
Now you have 29 available options. every social media name have an assigned number Like Instagram has 02 Netflix have 05 and so on.Here I am selecting Instagram but you can choose any of the 29 options. jsut type the number and press enter.
Step 3:
after selecting any social media you will see list of social engineering options about that website, you can select any one of them depending upon your phishing technique.
Here we need to select a port forwarding method and since all the port forwarding methods are malfunctioning, we have to use localhost. Type 1 to select localhost.
Step 5:
Now to create a tunnel from our local host to the internet we will use a single command. First of all open a new session in your termux(to open a new session you just have to swipe from left side of your screen to the right in termux terminal and then click on new session) and just copy and paste the below command but make sure to change your port number if you have a different one.
cloudflared tunnel --url http://127.0.0.1:1275
Step 6:
The above command will start a cloudflared tunnel, and we will get a link as you can see in below screenshot, just copy that link and send it to the victim (please don't use this for illegal phishing).
Working:
In the below screenshot you can see that where you will find the credentials.
You will also find the IP of victim as well as the device which the victim is using(user agent).
Conclusion:
Sellphish is a great tool and freely available. you get the most of the decent pages to select from. But now are days we are getting better phishing tools for termux like ADVPhisher and Zphishier tool. I have updated the command of this tool so i should work fine, all the old issues are fixed and you can use this tool normally, if you sitll have any issue make sure to comment, Stay inspired and never stop learning, and as always Stay Ethical.👾
61 Comments
Takes lot f time
ReplyDeletewhich part is taking more time?the installation or the use?
Deleteif you want to install quickly then i can give a single command to install the whole tool.
I'm using a Galaxy tab A SM-t387-v 9.0. I'm a newbie and think the one click method would work best for me. I would like to have access to other tutorials also. I have termux and API downloaded from the play store, do I need API or should I delete it?
DeleteI'm using a Galaxy tab A SM-t387-v 9.0. I'm a newbie and think the one click method would work best for me. I would like to have access to other tutorials also. I have termux and API downloaded from the play store, do I need API or should I delete it?
DeleteYou don't need API in the beginning and You can check my all post to Learn All about Termux, if you are interested to Learn something that is not on my website ,just Comment and i will write a complete post on it.
DeleteI'm interested I want to learn
DeleteInterested
DeleteInterested
DeleteTell me how to install in Android by easiest way
DeleteIts
Deleteapt update && apt upgrade -y && apt install git wget php unzip curl -y && git clone https://github.com/AbirHasan2005/ShellPhish && cd ShellPhish && chmod +x * && bash shellphish.sh
Deletejust paste this single line an it will be installed
thank youuuuuu...
DeleteBut how i have to install
Openssh
It is not working bro, they are blocking all the Port forwarding methods so now we only have Ngrok or Local host, also use other phishing tool, this tool is also malfunctioning
DeletePlease I need a single command
DeleteI'm using a Galaxy tab A SM-t387-v 9.0. I'm a newbie and think the one click method would work best for me. I would like to have access to other tutorials. I have termux and API downloaded from the play store, do I need API or should I delete it?
ReplyDeleteHere is the one single command to install shellphish in termux:
ReplyDeleteapt update -y && apt upgrade && apt install php wget git -y && git clone https://github.com/thelinuxchoice/shellphish && cd shellphish && chmod +x shellphish.sh
Now you have to just run the shellphish.
Ran once, but no info even after link was opened by victim. Wouldn't generate new link for anymore victims. Do you just keep using the same link?
ReplyDeleteTo do port Forwarding shellphish uses NGRok and to reset the NGrok you have to Restart the Termux After one use of the Link.
DeleteHello is it possible to customize ngrok link so that it will be difficult for victims to know they're being targeted, am also waiting for hidden eye tools usage eagerly,
ReplyDeleteI tried Bitly to customize this link but bitly bot crawl Everylink before Customizing it Therefor we Get IP of the Bot, but The link is still valid.You can try bitly by your self ,And let me know what you was the result for you.(Thank you ,I will write Hidden Eye post as soon as possible)
DeleteI am using WiFi so can't open hotspot
ReplyDeleteYes, But Ngrok is currently not working on WIF so we have to wait.(The Hotspot thing is maybe a Bug or they are doing this intentionally because people were miss-using the port forwarding a lot.(For Example Servo.net have stopped there service.))
DeleteBro can you help me
Deleteyes I can!
DeleteSend me your response at my email. dantefabillar984@gmail.com thanks.
Deletecan you also help me about this wifi and hotspot issue of ngrok. any help will be appreciated.
DeleteJust turn on your hotspot while using any phishing tool that uses Ngrok for tunneling.
DeleteYo hice todo el proceso antes me salían las 2 opciones no si quiero hacer el proceso x ngrok o server net..
ReplyDeletePero últimamente ya no me salen esas opciones y no me carga el enlace ngrok y eso que lo tengo instalado ya en termux alguien sabe aque se debe
¿Encendiste tu Hotspot antes de seleccionar la opción Ngrok?
DeleteCan I hack facebook account with shell phish?
DeleteHow to use termux
ReplyDeleteWhat shellphish can be used for PayPal.
ReplyDeleteCan we get a shellphish of PayPal?
ReplyDeletewtf bro? why do you wan't that?
DeleteAuto likes and comments for fb using termux please make a page about it
ReplyDeletePlease i need your help
ReplyDeleteWow it's Awesome! i like this information, it's help me to improve my knowledge Thank you
ReplyDeleteHow to recover or reconnect the server when the phishing website got timeout?
ReplyDeleteIs VPN is necessary for using termux?
ReplyDeleteno
DeleteI am stuck at here. I don't how. Please help me. I'm using Cherry Mobile Android.
ReplyDeleteIt ask me my Username and Password. But when successfully entered, it says repositories not found.
$ git clone https://github.com/thelinuxchoice/shellphish
Cloning into 'shellphish'...
Username for 'https://github.com': Yenux
Password for 'https://Yenux@github.com':
remote: Repository not found.
fatal: repository 'https://github.com/thelinuxchoice/shellphish/' not found
Need user for shellphish
ReplyDeleteLs enabled
ReplyDeleteHow to hack Facebook account
ReplyDeleteBro one problem. I am using Wifi networt to run this, so i cant use hotspot it. What will i do. Please replay Bro..
ReplyDeleteWhy i need to log in?
ReplyDeleteI sent a link of instagram to a person and if.i by mistake removed termux.from recent how can i get his /her credentials now.pls reply
ReplyDeleteYou won't get the credentials.
Deletebro u know ss7 attack
ReplyDeleteI know
DeleteHow and from should we install spellphish
ReplyDeleteEach time I do it it tells me send this link to the target but actually it doesn't give me a link
ReplyDeleteSorry bro If this tool is not working for you, just use below Tool
DeleteAdvPhisher
Username and password problem
ReplyDeleteforget this tool, just use below one
DeleteAdvPhisher
Plz tell how to fix GitHub username and password problem
ReplyDeleteSorry bro If this tool is not working for you, just use below Tool
DeleteAdvPhisher
git clone https://github.com/thelinuxchoice/shellphish asking for GitHub username and password
ReplyDeleteThis tool is maybe removed from the repository or they just made it private
DeleteSorry bro If this tool is not working for you, just use below Tool
AdvPhisher
I choosed option 1 for insta but its not giving the link
ReplyDeleteLast line was
Waiting vuctim open the link...
Use this tool Adv phishing
DeleteIf you Wanna Learn about Termux and connect with more people like you then you can join our Discord Server Termux Discord Server