Skip to content
Related Articles

Related Articles

Improve Article
Shellphish Tool in Kali Linux
  • Difficulty Level : Basic
  • Last Updated : 15 Mar, 2021

Shellphish is a powerful open-source tool Phishing Tool. It became very popular nowadays that is used to do phishing attacks on Target. Shellphish is easier than Social Engineering Toolkit.  It contains some templates generated by another tool called SocialFish and offers phishing templates webpages for 18 popular sites such as Facebook, Instagram, Google, Snapchat, Github, Yahoo, Protonmail, Spotify, Netflix, LinkedIn, WordPress, Origin, Steam, Microsoft, etc. It also provides an option to use a custom template if someone wants. This tool makes it easy to perform a phishing attack. Using this tool you can perform phishing in (wide area network). This tool can be used to get credentials such as id, password.

Uses of Shellphish:

Shellphish tool can create phishing pages of most popular social networking sites like

  • Facebook
  • Instagram
  • Yahoo
  • Twitter
  • Netflix

Installation of shellphish in Kali Linux:

Shellphish tool in Kali Linux

Step-by-step implementation:

Step 1: Open your Terminal on Kali Linux and move to Desktop



cd Desktop 

Shellphish tool in Kali Linux

Step 2: Create a new Directory i.e shellphish

mkdir shellphish

Shellphish tool in Kali Linux

Step 3: On Terminal itself download and install shellphish in the above directory by the following command

git clone https://github.com/suljot/shellphish.git

Shellphish tool in Kali Linux

Step 4: Finally to execute shellphish tool-type following command

./shellphish.sh

Shellphish tool in Kali Linux

Congratulations you have installed shellphish tool in your Kali Linux machine. You can see you are getting multiple options here, for Instagram you are getting [01], for Facebook you are getting [02], and for multiple other sites you are getting other options.

For example, let’s type 1 and press enter .now you can see shellphish has created the URL https://8b992b4bc918.ngrok.io. Send this link to the target person through any medium (email, WhatsApp, text message). Once your target open this link and fill the respective phishing form and I’d and password will be shown below {waiting IPs and Credentials}

Once the victim opens the link, they will be able to see a page that will look exactly like the Instagram login page, and this will earn their trust. Once they have entered the credentials, HACKED! You will be able to see their username and password on your Kali Linux terminal. The victim will be now redirected to the original Instagram page.

Shellphish tool in Kali Linux

My Personal Notes arrow_drop_up
Recommended Articles
Page :