How to do Advance Phishing Attacks using Kali Linux

What is an advanced phishing attack?

Phishing is a type of cyber-attack in which a hacker sends a fake email with a phishing link, which led you to a phishing website and asks you to log in, and if you accepted the bait and logged in then your credentials will be sent to the attacker.

Now the question is what is phishing email? , what is phishing link?

So to answer these questions let me introduce you to a tool called Nexphisher.

Nexphisher is an open-source phishing tool created by htr-tech. It is easy to operate the tool, so let’s see how to do a phishing attack.

How to do phishing?

Now we’re going to see how to do the attacks in nexphisher.

For Linux

  1. First, we need to install the tool from Github.
  2. For installing the tool go to the Github repository of the nexphisher.
  3. Fire up your terminal and write the following commands.

git clone https://github.com/htr-tech/nexphisher.

This command will download the nexphisher to your system.

Next

cd nexphisher

to get into the directory of the nexphisher.

Then type

bash setup

to run the setup script this will install the tool in your pc.

Then type

bash nexphisher

this will run your tool.

Your screen will look like this

Nexphisher screen with all the options
img src: https://raw.githubusercontent.com/htr-tech/release-download/master/images/nexphisher1.png

You can select from 30 website and clone any of them and make your own phishing website.

Then you have to select the port forwarding option

Select from 5 port forwarding option and then press enter.(Recommended Ngrok).

Your screen will look something like this.

Nexphisher final page with a link to send to victim
img src: https://raw.githubusercontent.com/htr-tech/release-download/master/images/nexphisher2.png

Now send the link to victim and if they login to them you will be able to see the credentials.

NOTE -> DO NOT DO THIS WITHOUT THE CONSENT OF THE OTHER.

For Smartphone

You can do this attack from your smartphone too you just have to install the termux app and follow the same steps as for Linux. Just a little change for smartphone always turn on your mobile hotspot before performing this attack .

NOW COMES THE ADVANCE PART

Now day’s normal links may make the victim suspicious about the website.

So to deal with this issue we are going to learn few steps to make our link looks more trusting.

So to do this we are going to use a link shortener like bit.ly.

Just paste your link on the bit.ly link shortener and your link will look more trusting.

Now let’s assume the person you want to phish is aware of these phishing processes. Now we have to make our link look more secure. How to hide our phishing link?, Let’s see

Now we are going to mask our link with a fake link that will look legit

To do this we are going to use a tool called maskphish which is created by jaykali and is an open-source tool in Github.

Installation

git clone https://github.com/jaykali/maskphish

Then type

cd maskphish

 to get into maskphish directory.

Then type

bash maskphish.sh

this will run your tool

Now paste your link there and make your custom link with some social engineering elements and then send it to the victim.

Now your screen will look like this.

Maskphish screen, how to make  masked link
img src: https://bit.ly/3696hlM

Now that we have learned how to do phishing and how to mask links let’s see how to prevent phishing.

How to prevent phishing?

  1. Never click any link that you don’t trust.
  2.  Never open any email from an untrusted source.
  3.  Always verify where the link is taking you if you hover your mouse over the link it will show the real link behind the mask one.
  4. Be aware of these phishing techniques.
  5. Always be updated on the latest phishing trend following.
Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
1
Hello 👋
How can we help you?