Skip to content

nico-duitsmann/goldphish

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

data/banner

data/banner

 
 

goldphish

goldphish

 
 

tools/wget

tools/wget

 
 

DISCLAIMER

DISCLAIMER

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

config.ini

config.ini

 
 

goldphish.py

goldphish.py

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

Goldphish phishing server

Goldphish is a http phishing server that clones a website, modifies it and captures the POST request to extract potential credentials from it.

Getting Started

Installing

pip install -r requirements.txt

Basic usage

Usage:
    goldphish <website> [options]

Arguments:
    website             The website to clone to.

Options:
    -h --help           Show this help and exit.
    -v --version        Show version and exit.

    -a <host>           Http server address.
    -p <port>           Http server port number.
    
    --ngrok             Use ngrok for local server tunneling.

    --config-restore    Restore config.ini to defaults.
    --no-banner         Dont print banner art.

By using goldphish u agree to the terms of use.
For more info read DISCLAIMER in the installation dir.

Example

python3 goldphish.py https://example.com

Goldphish with clone 'https://example.com' to the default cloning folder and modify html forms action attribute to prevent redirecting to real server.

Config

You can edit goldphish's behaviour in the config.ini file.

[http_server]
host = localhost
port = 80
custom_redirect = ; Specify a link or file for redirect after post request.

[cli]
bannerart_file = data/banner/default.txt
colored_banner = True
colored_output = True
default_hcolor = red

[cloner]
cloning_dir   = webroot ; Default cloning dir. Do not change if its not necessary
timeout_sec   = 300  ; Cancel cloning website after timeout reached
ignore_robots = True ; By set it to true you agree with terms of use
auto_clean    = True ; Clean cloning dir folder after program exit

[ngrok]
authtoken = ; Request one at https://dashboard.ngrok.com/user/signup
subdomain = ; !Note: Custom subdomain only with paid account

Compatibility

Actually, goldphish is only compatible with python3.

Requirements

Authors

  • Nico Duitsmann

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE.md file for details

Disclaimer

Goldphish is for education/research purposes only. The author takes NO responsibility and/or liability for how you choose to use any of the tools/source code/any files provided. The author and anyone affiliated with will not be liable for any losses and/or damages in connection with use of ANY files provided with goldphish. By using goldphish or any files included, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again goldphish and ALL files included are for EDUCATION and/or RESEARCH purposes ONLY. goldphish is ONLY intended to be used on your own pentesting labs, or with explicit consent from the owner of the property being tested.

About

Goldphish phishing server with ngrok tunneling support.

Topics

phishing python3 phishing-attacks website-clone phishing-kit

Resources

Readme

License

GPL-3.0 license
Activity

Stars

19 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages