Hello hackers and pentester today we will learn how to use a linux tool called SocialFish to phish login credentials of some common websites. For educational purposes only of coarse ;)
First open a new terminal and enter: git clone github.com/UndeadSec/SocialFish.git
Then lets change our directory to SocialFish.
Now that we have done that go ahead and enter : python SocialFish.py
Social Fish has now started, accept the terms by entering y :
Now we get a list of sites we can spear phish for. For this tutorial we will be using the facebook option. Go ahead and enter one and then one agin for the default page:
Social phish will now create a phishing link using ngrok, copy the the url and send it to the victim via your preferred method email, social engineer ect .
Once the target logs in on our page his credentials will be displayed! The only downside to this is the url SocialFish makes doesnt say facebook.com, but you could hide it in a link. Happy hunting ! :