evilginx2
Evilginx2-Phishlets
evilginx2 | Evilginx2-Phishlets | |
---|---|---|
30 | 2 | |
9,979 | 248 | |
- | - | |
7.4 | 10.0 | |
7 days ago | about 1 year ago | |
Go | CSS | |
BSD 3-clause "New" or "Revised" License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
evilginx2
-
Google announces passwordless by default: Make the switch to passkeys
No, if you break into a site using passkeys, it gives you literally zero information that can be used to authenticate as any of the users. Think about the prevalence of data breaches in the past decade, and the sharp rise in the effectiveness of password stuffing, and think about why this change might be a good idea.
Also even with traditional 2FA, TOTP can be phished. See https://github.com/kgretzky/evilginx2
WebAuthn almost entirely eliminates phishing risk, and Passkeys are a really nice, clean UX for using WebAuthn.
-
I’ve been stuck on this situation for 3 days, does anyone know how to fix this?
So I downloaded this onto my computer https://github.com/kgretzky/evilginx2 and that took while since I’m new to GitHub and I barely know my way around computers. That went fine, i noticed there was another repository that was pretty much an add on to that same software I downloaded earlier “evilginx2” by another creator, this is the link https://github.com/simplerhacking/Evilginx3-Phishlets
-
friends 2fa being bypassed and Im stumped any advice?
Did your friend clicked on a phising link, if yes a aitm coud be one of the possibilities: https://github.com/kgretzky/evilginx2
-
MFA Just Casually being bypassed?? Anyone else seeing this?
We had a user compromised simiarly the other day, with what I believe to be https://github.com/kgretzky/evilginx2 now. It stole his session cookie and was able to auth. Fortunately, we have Office 365 Defender and he was flagged immediately on the risky user sign-ins and we were able to block and investigate.
-
Accounting got phished. Paid out big bucks
Evilginx kan bypass MFA and hijack your session https://github.com/kgretzky/evilginx2 Only thing that migitates this is fido keys
- User compromised despite MFA?
-
Best way to capture web app traffic for later analysis?
You can try this for web app traffic MIMD: https://github.com/kgretzky/evilginx2
- Main channel hacked
- Any Self Hosted alternatives to cloak.ist?
- MFA Bypass
Evilginx2-Phishlets
-
Best practice authentication requirements for customers?
If this all sounds a bit much sticking to classic MFA should be fine but there are pitfalls you should be aware of. Codes sent via SMS can be slow and SIM-swapping attacks almost seem commonplace. One Time Codes generated by an app can easily be intercepted when being typed into a fake login page thanks to tools like EvilNginx and finally MFA prompts from providers like Duo can be overcome with 2fa fatigue attacks.
-
Phish a User with MFA Enabled
Think of Evilginx2 as a proxy which is completely trusted by the browser as it's based on nginx. It sends what it needs to Microsoft then it intercepts what you tell it to intercept based on what you code into the phishlet. If after authentication a session cookie is in the browser then it doesn't matter how it got there it can be reused. This is more of browser MITM than an interception of keys.Phishlet Examples
What are some alternatives?
Modlishka - Modlishka. Reverse Proxy.
evilgophish - evilginx3 + gophish
muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
awesome-lnurl - A curated list of awesome lnurl things.
css-only-chat - A truly monstrous async web chat using no JS whatsoever on the frontend
htmx - </> htmx - high power tools for HTML
CSS_SQL_Networking_Tools - Tools used by the SQL Networking Customer Support Team
Evilginx3-Phishlets - This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3.
passkey-rs - A framework for defining Webauthn Authenticators that support passkeys
KeePass2.x - unofficial mirror of KeePass2.x source code
powershell - Repository for powershell scripts and functions I have built.