How to Use Social Fish to Spear Phish.

May 2, 2018 07:52 AM
636608177547848150.jpg

Hello hackers and pentester today we will learn how to use a linux tool called SocialFish to phish login credentials of some common websites. For educational purposes only of coarse ;)

First open a new terminal and enter: git clone github.com/UndeadSec/SocialFish.git

Then lets change our directory to SocialFish.

636608181023158852.jpg

Now that we have done that go ahead and enter : python SocialFish.py

636608182161596615.jpg

Social Fish has now started, accept the terms by entering y :

636608183756440658.jpg

Now we get a list of sites we can spear phish for. For this tutorial we will be using the facebook option. Go ahead and enter one and then one agin for the default page:

636608184989408781.jpg

Social phish will now create a phishing link using ngrok, copy the the url and send it to the victim via your preferred method email, social engineer ect .

636608188317691216.jpg

Once the target logs in on our page his credentials will be displayed! The only downside to this is the url SocialFish makes doesnt say facebook.com, but you could hide it in a link. Happy hunting ! :

636608189823315283.jpg

Comments

No Comments Exist

Be the first, drop a comment!