Evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Alternatives To Evilginx2
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Ghunt14,257
3 days ago6November 08, 202335otherPython
🕵️‍♂️ Offensive Google framework.
Evilginx28,747123 days ago13February 08, 2021131bsd-3-clauseGo
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Flaresolverr4,120
2 days ago42mitPython
Proxy server to bypass Cloudflare protection
Cloudproxy481
2 months ago18mitTypeScript
Proxy server to bypass Cloudflare protection.
Humanoid15946 months ago3October 25, 20187mitJavaScript
Node.js package to bypass CloudFlare's anti-bot JavaScript challenges
Fuzzhttpbypass126
3 months ago3Python
This tool use fuuzzing to try to bypass unknown authentication methods, who knows...
Cloudflaresolverre117442 years ago7November 28, 201911mitC#
Cloudflare Javascript & reCaptcha challenge (I'm Under Attack Mode or IUAM) solving / bypass .NET Standard library.
Evilginx236
3 years agootherGo
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Vote Buster16
8 years agogpl-2.0JavaScript
Capcha+Email confirmation bypass script
Awesome Xss14
5 years ago
收集的一些XSS学习资料
Alternatives To Evilginx2
Select To Compare


Alternative Project Comparisons
Readme

Evilginx2 Logo

Evilginx2 Title

Evilginx 3.0

Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.

This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

Screenshot

Disclaimer

I am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

Evilginx Mastery Training Course

If you want everything about reverse proxy phishing with Evilginx - check out my Evilginx Mastery course!

Evilginx Mastery

Learn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor Authentication. Learn to think like an attacker, during your red team engagements, and become the master of phishing with Evilginx.

Grab it here: https://academy.breakdev.org/evilginx-mastery

Write-ups

If you want to learn more about reverse proxy phishing, I've published extensive blog posts about Evilginx here:

Evilginx 2.0 - Release

Evilginx 2.1 - First Update

Evilginx 2.2 - Jolly Winter Update

Evilginx 2.3 - Phisherman's Dream

Evilginx 2.4 - Gone Phishing

Evilginx 3.0

Help

In case you want to learn how to install and use Evilginx, please refer to online documentation available at:

https://help.evilginx.com

Support

I DO NOT offer support for providing or creating phishlets. I will also NOT help you with creation of your own phishlets. Please look for ready-to-use phishlets, provided by other people.

License

evilginx2 is made by Kuba Gretzky (@mrgretzky) and it's released under BSD-3 license.

Popular Bypass Projects
Popular Cookie Projects
Popular Security Categories

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Go
Session
Cookies
Attack
Bypass
Phishing