Open-source projects categorized as Phishing | Edit details

Top 19 Phishing Open-Source Projects

  • GitHub repo wifiphisher

    The Rogue Access Point Framework

    Project mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10

    You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.

  • GitHub repo gophish

    Open-Source Phishing Toolkit

    Project mention: April Fools Jokes on school staff? | reddit.com/r/sysadmin | 2021-03-30

    I will use https://getgophish.com/ though, if you guys think it is a good idea.

  • GitHub repo Awesome-Red-Teaming

    List of Awesome Red Teaming Resources

    Project mention: Red Team Equipment for Budget Proposal | reddit.com/r/cybersecurity | 2021-04-10

    For software, pretty much everything you might need to start out is available as open source. Besides the actual testing stuff, don't forget to look at tools to facilitate collaboration + reporting (highly recommend looking at https://github.com/GhostManager/Ghostwriter). Also checkout: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

  • GitHub repo Modlishka

    Modlishka. Reverse Proxy.

    Project mention: Bad guys got into a 365 account with MFA enabled. | reddit.com/r/sysadmin | 2021-04-27

    The MFA implemented in Azure is not phishing-proof. This can be phished using a reverse proxy, and the push notification method is often becoming a bad habit for users to always approve ("this was from Microsoft, so it looked legit"). The only phishing proof method is using FIDO2 authenticators, but that is Passwordless, not MFA

  • GitHub repo dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

    Project mention: How do I access the functions of this library directly without using the command line? (Python) | reddit.com/r/learnprogramming | 2021-03-05

    I would love to use this library in my code and use it, then take the output and use it to make a graph. https://github.com/elceef/dnstwist

  • GitHub repo zphisher

    An automated phishing tool with 30+ templates.

    Project mention: zphisher/phishing | reddit.com/r/terrmuxx | 2021-05-11
  • GitHub repo King Phisher

    Phishing Campaign Toolkit

  • GitHub repo nexphisher

    Advanced Phishing tool for Linux & Termux

    Project mention: Does anybody know what he’s using to do this? Like the software or something | reddit.com/r/HowToHack | 2021-04-12

    Looks like nexphisher.

  • GitHub repo intelmq

    IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

    Project mention: certtools/intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol | reddit.com/r/bag_o_news | 2021-04-14
  • GitHub repo maskphish

    Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.

    Project mention: (flair uygunmu bilmiyorum)Android Phising | reddit.com/r/KGBTR | 2021-04-17

    üşenenler için pkg install git git clone https://github.com/jaykali/maskphish git clone git://github.com/htr-tech/zphisher.git

  • GitHub repo SocialPhish

    The most complete Phishing Tool, with 32 templates +1 customizable

    Project mention: I cannot use blacke eye because it does not show the link | reddit.com/r/Kalilinux | 2021-04-05

    It is an issue with Ngrok. You should try using Social-Phish instead https://github.com/xHak9x/SocialPhish It has another hosting option than Ngrok.

  • GitHub repo Phishing.Database

    Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.

    Project mention: Source of Active Phishing Links and Malicious Attachments | reddit.com/r/blueteamsec | 2021-05-02

    For some quick starting points, I‘d: - setup a MISP server and feast on the great free feeds from e.g. abuse.ch - Alienvault OTX (and how to pull into MISP: https://otx-misp.readthedocs.io/en/latest/) - https://github.com/mitchellkrogza/Phishing.Database - Malware samples: nice curated collection from Lenny Zeltser: https://zeltser.com/malware-sample-sources/ - focus on "theZoo" - https://bazaar.abuse.ch/browse/ - see the OSINT section: https://learnpracticeandshare.com/awesome-malware-analysis-massive-collection-of-resources/ - https://cofense.com/product-services/phishing-intelligence/ (90 day trial) - Reach out to Project Honeypot

  • GitHub repo ethereum-lists

    A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

    Project mention: Problem to add a token to MEW | reddit.com/r/MyEtherWallet | 2021-03-17

    Here is my PR: https://github.com/MyEtherWallet/ethereum-lists/pull/1780

  • GitHub repo PhishingKitTracker

    Let's track phishing kits to give to research community raw material to study !

    Project mention: marcoramilli/PhishingKitTracker - Let's track phishing kits to give to research community raw material to study ! | reddit.com/r/GithubSecurityTools | 2021-01-30
  • GitHub repo Fish

    Fish is a phishing tool that inhabits a collection of webpages. It tries to replicate webpages as closely as possible for a hard to distinguish phishing page.

    Project mention: My first phishing GitHub repo and project!!! | reddit.com/r/hacking | 2021-03-14

    Fish 1.1.0

  • GitHub repo pDNSf-Hosts-collection

    My personalized Hosts file collection of various sources, cleaned and optimized specially for pDNSf

    Project mention: What lists would stop these? | reddit.com/r/pihole | 2021-02-19

    Fireeeye.com not found, did you mean fireeye.com? That is found in these lists; https://raw.githubusercontent.com/eladkarako/hosts/master/build/hosts_adblock.txt https://raw.githubusercontent.com/mkb2091/blockconvert/master/output/adblock.txt https://raw.githubusercontent.com/arapurayil/ABL/master/lists/general/blocked_domains.txt https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Tracking https://raw.githubusercontent.com/frankblob/adb/master/erx0 https://raw.githubusercontent.com/mkb2091/blockconvert/master/output/hosts.txt https://https4all.org/hosts.txt https://raw.githubusercontent.com/frankblob/adb/master/erx.conf https://raw.githubusercontent.com/eladkarako/hosts/master/_raw__hosts.txt https://raw.githubusercontent.com/mkb2091/blockconvert/master/output/domains.txt https://hell.sh/hosts/null.txt https://raw.githubusercontent.com/tg12/pihole-phishtank-list/master/list/phish_domains.txt https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/Phishing-Angriffe https://netdex.co/hosts/d.txt http://phishing.mailscanner.info/phishing.bad.sites.conf https://github.com/j-moriarti/pDNSf-Hosts-collection/releases/download/v1.0.0/pDNSf-hosts-part0.txt https://gitlab.com/Natizyskunk/pi-hole-lists/raw/master/blocklists/personal_mega_blocklist/hosts.txt

  • GitHub repo PiHoleblocklists

    Blacklists with data from OTX.ALIENVAULT.COM.

    Project mention: Lists for configuration | reddit.com/r/pihole | 2021-02-16

    I wanted to add Malware and Indicator of Compromise sites to my gravity well. I started to build my own lists based off AlienVault Open Threat Exchange and than came across these beauties on Github courtesy of u/Esox-Lucius (took a stab at the same user existing on reddit and github) I did not throw all of the urls in because it ended up blocking a few too many but the lists are dynamic I'm very happy with the content of the lists: Esox-Lucius PiHoleblocklists from Alienvault OTX

  • GitHub repo EvilPortal

    Python script to perform phishing attacks through captive portals

    Project mention: #EvilPortal: Script de Python para realizar ataques de phishing a través de portales cautivos | reddit.com/r/u_esgeeks | 2021-03-14
  • GitHub repo phishing-writeup

    Bespoke Phishing Against vSphere & Slack (Attacking QUT Students - Class Activity)

    Project mention: Phishing Write-up. From start to finish. | reddit.com/r/phishing | 2020-12-21
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-05-11.


What are some of the best open-source Phishing projects? This list will help you:

Project Stars
1 wifiphisher 9,797
2 gophish 5,760
3 Awesome-Red-Teaming 3,742
4 Modlishka 3,315
5 dnstwist 2,857
6 zphisher 1,567
7 King Phisher 1,405
8 nexphisher 975
9 intelmq 645
10 maskphish 491
11 SocialPhish 441
12 Phishing.Database 334
13 ethereum-lists 315
14 PhishingKitTracker 130
15 Fish 15
16 pDNSf-Hosts-collection 11
17 PiHoleblocklists 11
18 EvilPortal 9
19 phishing-writeup 1