Phishing Using Shellphish
Ready to Start Your Career?

Phishing Using Shellphish

gagan1999 s profile image
By: gagan1999
July 29, 2019

What is a Phishing Attack?

A Phishing ​Attack is a fraud attempt to obtain sensitive information like usernames, passwords, credit card information, Bank Account Numbers, etc. Phishing is an example of Social Engineering technique being used to deceive users. The way phishing works is that an attacker clones a trusted website or spoofs an email of a known target which leads the person to believe that he is visiting a trusted website like social media sites, e.g., Facebook, SnapChat, Instagram, Google, Netflix, and so on. The target will then put his/her username and password on the malicious website (cloned website) and then the username and password will be sent to the attacker instead of the real website, and the target will be redirected to the real website. Let's do a demo of phishing using shellphish. 

Things Needed:

1. Kali Linux or any other Linux Operating system.2. Internet Connection.3. Shell Phish that we will be using for this practical.4. Firefox or and other browsers.

Develop Your Ethical Hacking Skills for Free >>


1. Open Firefox in your Kali Linux.fig12. Type ( in the URL.fig23. In the search box type (shell phish).fig34. Select the first repository.5. Click on the (Clone or Download) button and copy the URL.fig46. Open your Terminal 7. Type (git clone URL) and paste the URL you have copied and press enter. 8. It will start downloading the shellphish file. fig5 9. When the download is complete. 10. Change your directory to shellphish by typing (cd shellphish). fig6 11. In the Shellphish directory type command(ls -l) it will show all files and their permissions. fig7 12. Now what we will need to change is the permissions of ( 13. As you can see its permissions are (-rw-r–r– ) by (-r) it means (read) permission by (w) it means (write) permission 14. There is no execute permission, i.e., x. To add an execute permission, we need to give command (chmod +x it will provide it with new permission that is (x). fig8 15. Now we can execute it by typing (./ 16. Shellphish has started. Choose any option from above just by typing their number, e.g. if I want to make an Instagram phishing page, I will type (1) as insta is written on number one. fig9 17. Then choose a port forwarding service that will give you the phishing URL I will go with ngrok so I typed 2. fig10 18. If using for the first time, it will start downloading ngrok wait for it. 19. When the download is complete, it will give you a URL, which is the URL we will use to phish our target. fig11 20. Now you can send this link via email, WhatsApp, Messenger or any other media. 21. When the target clicks on this link, you will get its location and IP address 22. After that, the page will open, and when the target types his/her username and password, it will be sent to the attacker. And the target will be redirected to their Instagram. fg12Because I was using TOR, the location is unknown, but it will show the exact location of the target otherwise. Notice: This article is for ethical hacking and educational purpose only.p>Start A Career in Ethical Hacking >>

Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry