fisherman
is a phishing tool created using Nodejs
and Express
framework.
This tool is meant for educational purposes only and should not be used to harm anyone.
Read the LICENSE for more information.
If you want to deploy this project without any modifications, you just need to set the following environmental variables, related to your mongodb
instance:
DB_URI
DB_NAME
COLLECTION_NAME
To generate a new phishing link, send a POST
request at route /generate
. The POST body must have the site
field set to the website for which the phishing link is to be generated (Currently, only =instagram= is supported). As a response, a JSON object with the url
and a key
is returned.
Note: url
is inappropriately called url, it should be combined with the hostname to produce the full link.
TODO: find a better name for url
.
Once a victim signs in through the link, any subsequent POST
requests at /extract
with the POST body containing the url
and key
will return the most recently registered username and password through that link. i.e. repeatedly signing in through the same link will overwrite the previous value for username and password fields.