What is ShellPhish?

A phishing attack is the most common attack to get access to the victim's credentials of any website.ShellPhish is one of the phishing tools that allows you to create a phishing link using termux.ShellPhish is created by thelinkchoice and it's a project on Github.If you wanna know more about shellfishing then just go to their Github page.




How shellPhish tool works?

Using this tool you can create a link that will look like an exact page of the social media, when the victim will log in using your link, you will get the Credential at your terminal.ShellPhish uses port forwarding using 2 methods one of them is SSH (which currently not working). the second one is Ngrok which I think has a bug but I will tell you how to use it properly.


NOTE: This post is only for Educational Purpse. I and this site do not support any criminal activity. If you are doing any sort of misuse of this information This site is not responsible for that. THIS SITE ONLY SUPPORT ETHICAL HACKING.


❎ If  This tool is not working Please Read This Blog [install and use ADVPhishing Tool in Termux - 2020]


How to install ShellPhish in termux step-by-step: 

Step 1:
Update and upgrade the termux to the current date.
apt update && apt upgrade
Press N if ask about the version.




Step 2:
Install dependencies for ShellPhish without installing this tool you will get errors.
apt install php wget git
(While installing if it is asking do you wanna install just press y.)
This will install Php wget and git in termux which will be used while using ShellPhish.
If you already have any of this you can remove the name from command while installing.




Step 3:
Cloning the shellPhish project from the git Hub repository. (I have updated the link)
git clone https://github.com/AbirHasan2005/ShellPhish


Step 4:
Change directory to shellPhish.
cd Shellphish



Step 5:
Granting access permission to the shellPhish.sh file.
chmod +x shellphish.sh 


How to Use ShellPhish in termux:

Step 1:
Use the below command to run shellPhish.sh file in termux.
bash shellphish.sh

Step 2:
Now you have 18 available options. every social media name have an assigned number Like Instagram has 01 Netflix have 08 and so on.
Here I am selecting Instagram but you can choose any of the 18 options.



Step 3:
This is the most important part of this post:
Please turn on your hotspot.
(yeah, yeah, I know this is ridiculous😂 but please trust me and turn on your Hotspot else it won't work). Now select the second option Ngrok.




Step 4:
Now you will get a link, just send this link to the Victim and wait, when user will log in using this link you will get the credentials in the terminal.




Working:

In the below screenshot you can see that where you will find the credentials.
You will also find the IP of victim as well as the device which the victim is using(user agent).



❎If This tool is not working Please Read This Blog [install and use ADVPhishing Tool in Termux - 2020]


Conclusion:

Sellphish is a great tool and freely available. you get the most of the decent pages to select from. But now are days we are getting better phishing tools for termux like ADVPhisher and Zphishier tool. (updated) I have tested all the Shellphish versions and I found that none of them are working, I and constantly trying to update this blog as soon as I get the working version of this tool, till then please use Above mentioned tools. Stay inspired and never stop learning, and as always Stay Ethical.👾