How To Install And Use Shellphish In Termux -2023

What is ShellPhish?

The most typical method of gaining access to a victim’s login information for any website is through a phishing attempt. One of the phishing programmes that lets you use termux to construct phishing links is ShellPhish. ThelinkChoice is the author of the Github project ShellPhish. Visit their Github website for more information if you want to learn more about shellfishing.

How is the shellPhish tool used?

When the victim logs in using your link, you will receive the credential at your terminal. Using this tool, you can create a link that exactly resembles a social media page.

ShellPhish employs SSH as one of two ways for port forwarding (which currently not working). Ngrok, which I believe has a bug, is the second.

NOTE: The purpose of this post is solely educational. This website and I do not endorse any illegal conduct. This website is not liable if you misuse any of the information it provides. ONLY ETHICAL HACKING IS SUPPORTED ON THIS SITE.

How to install ShellPhish in termux step-by-step:
Step 1:
Update and upgrade the termux to the current date.

apt update && apt upgrade

Press N if ask about the version.

Step 2:
Install the ShellPhish requirements; if you skip this step, issues will occur.

apt install php wget git openssh

(If asked if you want to instal during installation, simply press y.)

This will set up Termux with PHP wget and git for usage with ShellPhish.

You can remove the name from the command while installing if you already have any of these.

Step 3:
Cloning the shellPhish project from the git Hub repository. (I have updated the link)

git clone https://github.com/AbirHasan2005/ShellPhish

Step 4:
Change directory to shellPhish.

cd Shellphish

Step 5:
Granting access permission to the shellPhish.sh file.

chmod +x shellphish.sh

How to Use ShellPhish in termux:
Step 1:
Use the below command to run shellPhish.sh file in termux.

bash shellphish.sh

Step 2:

You now have a total of 18 selections. Each social media handle has a unique number. Like how Netflix has 08 and Instagram has 01, etc.

Here, I’ve chosen Instagram, but you can pick from any of the other 18 choices.

Step 3:

The following is the crucial portion of this article:

Activate your hotspot, please.

(Yes, I am aware that this is absurd, but please follow my lead and activate your Hotspot; otherwise, it won’t function.) Select Ngrok from the second menu now.

Step 4:
Once the user logs in using this link, you will receive their credentials in the terminal. Simply email this link to the victim and wait.

Working:

You can see where the credentials are located in the screenshot below.Additionally, the victim’s IP address and the device they are using will be revealed (user agent).

Conclusion:

Sellphish is an excellent tool that is free to use. You have a wide range of good pages to choose from. However, more advanced phishing tools, such as ADVPhisher and Zphishier, are now available for termux. (updated) As soon as I get a working version of this tool, I will update this blog. In the meantime, please use the tools mentioned above. I tested every version of Shellphish and discovered that none of them were functional. Stay ethical at all times, never stop learning, and stay inspired.

Enjoy.🥰