starred/evilginx2-kgretzky
1
0
Fork 0
mirror of https://github.com/kgretzky/evilginx2.git synced 2026-04-25 00:36:10 +03:00
Code Issues 87 Projects Releases 8 Packages Wiki Activity
8 releases 8 tags
  • v3.3.0 55579600ca

    v3.3.0 Stable

    kerem released this 2024-04-02 16:20:57 +03:00 | 5 commits to master since this release

    📅 Originally published on GitHub: Tue, 02 Apr 2024 13:34:24 GMT
    🏷️ Git tag created: Tue, 02 Apr 2024 13:20:57 GMT

    Go & Phish - Official Gophish integration released!

    You can learn more about this update in the official blog post: https://breakdev.org/evilginx-3-3-go-phish/

    CHANGELOG

    • Feature: Official GoPhish integration, using the fork: https://github.com/kgretzky/gophish
    • Feature: Added support to load custom TLS certificates from a public certificate file and a private key file stored in ~/.evilginx/crt/sites/<hostname>/. Will load fullchain.pem and privkey.pem pair or a combination of a .pem/.crt (public certificate) and a .key (private key) file. Make sure to run without -developer flag and disable autocert retrieval with config autocert off.
    • Feature: Added ability to inject force_post POST parameters into JSON content body (by @yudasm_).
    • Feature: Added ability to disable automated TLS certificate retrieval from LetsEncrypt with config autocert <on/off>.
    • Feature: Evilginx will now properly recognize origin IP for requests coming from behind a reverse proxy (nginx/apache2/cloudflare/azure).
    • Fixed: Infinite redirection loop if the lure URL path was the same as the login path defined in the phishlet.
    • Fixed: Added support for exported cookies with names prefixed with __Host- and __Secure-.
    • Fixed: Global unauth_url can now be set to an empty string to have the server return 403 on unauthorized requests.
    • Fixed: Unauthorized redirects and blacklisting would be ignored for proxy_hosts with session: false (default) making it easy to detect evilginx by external scanners.
    • Fixed: IP address 127.0.0.1 is now ignored from being added to the IP blacklist.
    • Fixed: Added support for more TLDs to use with phishing domains (e.g. xyz, art, tech, wiki, lol & more)
    • Fixed: Credentials will now be captured also from intercepted requests.
    Downloads
  • v3.2.0 a8d2cd3fd0

    v3.2.0 Stable

    kerem released this 2023-08-24 12:56:32 +03:00 | 24 commits to master since this release

    📅 Originally published on GitHub: Thu, 24 Aug 2023 10:01:14 GMT
    🏷️ Git tag created: Thu, 24 Aug 2023 09:56:32 GMT

    • Feature: URL redirects on successful token capture now work dynamically on every phishing page. Pages do not need to reload or redirect first for the redirects to happen.
    • Feature: Lures can now be paused for a fixed time duration with lures pause <id>. Useful when you want to briefly redirect your lure URL when you know sandboxes will try to scan them.
    • Feature: Added phishlet ability to intercept HTTP requests and return custom responses via a new intercept section.
    • Feature: Added a new optional redirect_url value for phishlet config, which can hold a default redirect URL, to redirect to, once tokens are successfully captured. redirect_url set for the specific lure will override this value.
    • Feature: You can now override globally set unauthorized redirect URL per phishlet with phishlet unauth_url <phishlet> <url>.
    • Fixed: Disabled caching for HTML and Javascript content to make on-the-fly proxied content replacements and injections more reliable.
    • Fixed: Improved JS injection by adding <script src"..."> references into HTML pages, instead of dumping the whole script there.
    • Fixed: Blocked requests will now redirect using javascript, instead of HTTP location header.
    • Fixed: Changed redirect_url to unauth_url in global config to avoid confusion.
    • Fixed: Fixed HTTP status code response for Javascript redirects.
    • Fixed: Javascript redirects now happen on text/html pages with valid HTML content.
    • Fixed: Removed ua_filter column from the lures list view. It is still viewable in lure detailed view.
    Downloads
  • v3.1.0 a49523a9c4

    v3.1.0 Stable

    kerem released this 2023-07-11 11:03:54 +03:00 | 37 commits to master since this release

    📅 Originally published on GitHub: Tue, 11 Jul 2023 08:05:41 GMT
    🏷️ Git tag created: Tue, 11 Jul 2023 08:03:54 GMT

    • Feature: Listening IP and external IP can now be separated with config ipv4 bind <bind_ipv4_addr> and config ipv4 external <external_ipv4_addr> to help with properly setting up networking.
    • Fixed: Session cookies (cookies with no expiry date set) are now correctly captured every time. There is no need to specify :always key modifier for auth_tokens to capture them.
    • Fixed: Captured custom tokens are now displayed properly and values are not truncated.
    Downloads
  • v3.0.0 1ac3d10271

    v3.0.0 Stable

    kerem released this 2023-05-10 12:04:32 +03:00 | 38 commits to master since this release

    📅 Originally published on GitHub: Wed, 10 May 2023 09:13:22 GMT
    🏷️ Git tag created: Wed, 10 May 2023 09:04:32 GMT

    • Feature: TLS certificates from LetsEncrypt will now get automatically renewed.
    • Feature: Automated retrieval and renewal of LetsEncrypt TLS certificates is now managed by certmagic library.
    • Feature: Authentication tokens can now be captured not only from cookies, but also from response body and HTTP headers.
    • Feature: Phishing pages can now be embedded inside of iframes.
    • Feature: Changed redirection after successful session capture from Location header redirection to injected Javascript redirection.
    • Feature: Changed config file from config.yaml to config.json, permanently changing the configuration format to JSON.
    • Feature: Changed open-source license from GPL to BSD-3.
    • Feature: Added always modifier for capturing authentication cookies, forcing to capture a cookie even if it has no expiration time.
    • Feature: Added phishlet <phishlet> command to show details of a specific phishlet.
    • Feature: Added phishlet templates, allowing to create child phishlets with custom parameters like pre-configured subdomain or domain. Parameters can be defined anywhere in the phishlet file as {param_name} and every occurence will be replaced with pre-configured parameter values of the created child phishlet.
    • Feature: Added phishlet create command to create child phishlets from template phishlets.
    • Feature: Renamed lure templates to lure redirectors due to name conflict with phishlet templates.
    • Feature: Added {orig_hostname} and {orig_domain} support for sub_filters phishlet setting.
    • Feature: Added {basedomain} and {basedomain_regexp} support for sub_filters phishlet setting.
    • Fixed: One target can now have multiple phishing sessions active for several different phishlets.
    • Fixed: Cookie capture from HTTP packet response will not stop mid-term, ignoring missing opt cookies, when all authentication cookies are already captured.
    • Fixed: trigger_paths regexp will now match a full string instead of triggering true when just part of it is detected in URL path.
    • Fixed: Phishlet table rows are now sorted alphabetically.
    • Fixed: Improved phishing session management to always create a new session when lure URL is hit if session cookie is not present, even when IP whitelist is set.
    • Fixed: WebSocket connections are now properly proxied.
    Downloads
  • 2.4.0 e507ce1590

    2.4.0 Stable

    kerem released this 2020-09-14 14:11:25 +03:00 | 116 commits to master since this release

    📅 Originally published on GitHub: Mon, 14 Sep 2020 11:16:09 GMT
    🏷️ Git tag created: Mon, 14 Sep 2020 11:11:25 GMT

    • Feature: Create and set up pre-phish HTML templates for your campaigns. Create your HTML file and place {lure_url_html} or {lure_url_js} in code to manage redirection to the phishing page with any form of user interaction. Command: lures edit <id> template <template>
    • Feature: Create customized hostnames for every phishing lure. Command: lures edit <id> hostname <hostname>.
    • Feature: Support for routing connection via SOCKS5 and HTTP(S) proxies. Command: proxy.
    • Feature: IP blacklist with automated IP address blacklisting and blocking on all or unauthorized requests. Command: blacklist
    • Feature: Custom parameters can now be embedded encrypted in the phishing url. Command: lures get-url <id> param1=value1 param2="value2 with spaces".
    • Feature: Requests to phishing urls can now be rejected if User-Agent of the visitor doesn't match the whitelist regular expression filter for given lure. Command: lures edit <id> ua_filter <regexp>
    • List of custom parameters can now be imported directly from file (text, csv, json). Command: lures get-url <id> import <params_file>.
    • Generated phishing urls can now be exported to file (text, csv, json). Command: lures get-url <id> import <params_file> export <export_file> <text|csv|json>.
    • Fixed: Requesting LetsEncrypt certificates multiple times without restarting. Subsequent requests would result in "No embedded JWK in JWS header" error.
    • Removed setting custom parameters in lures options. Parameters will now only be sent encoded with the phishing url.
    • Added with_params option to sub_filter allowing to enable the sub_filter only when specific parameter was set with the phishing url.
    • Made command help screen easier to read.
    • Improved autofill for lures edit commands and switched positions of <id> and the variable name.
    • Increased the duration of whitelisting authorized connections for whole IP address from 15 seconds to 10 minutes.
    Downloads
  • 2.3.0 c521dd92ef

    2.3.0 Stable

    kerem released this 2019-01-22 13:32:20 +03:00 | 191 commits to master since this release

    📅 Originally published on GitHub: Tue, 22 Jan 2019 10:37:13 GMT
    🏷️ Git tag created: Tue, 22 Jan 2019 10:32:20 GMT

    • Proxy can now create most of required sub_filters on its own, making it much easier to create new phishlets.
    • Added lures, with which you can prepare custom phishing URLs with each having its own set of unique options (help lures for more info).
    • Added OpenGraph settings for lures, allowing to create enticing content for link previews.
    • Added ability to inject custom Javascript into proxied pages.
    • Injected Javascript can be customized with values of custom parameters, specified in lure options.
    • Deprecated landing_path and replaced it with login section, which contains the domain and path for website's login page.

    Blog: https://breakdev.org/evilginx-2-3-phishermans-dream/

    Downloads
  • 2.2.0 9c55f0890f

    2.2.0 Stable

    kerem released this 2018-11-21 16:27:22 +03:00 | 199 commits to master since this release

    📅 Originally published on GitHub: Thu, 22 Nov 2018 11:30:37 GMT
    🏷️ Git tag created: Wed, 21 Nov 2018 13:27:22 GMT

    • Added option to capture custom POST arguments additionally to credentials. Check custom field under credentials.
    • Added feature to inject custom POST arguments to requests. Useful for silently enabling "Remember Me" options, during authentication.
    • Restructured phishlet YAML config file to be easier to understand (phishlets from previous versions need to be updated to new format).
    • Removed name field from phishlets. Phishlet name is now determined solely based on the filename.
    • Now when any of auth_urls is triggered, the redirection will take place AFTER response cookies for that request are captured.
    • Regular expression groups working with sub_filters.
    • Phishlets are now listed in a table.
    • Phishlet fields are now selectively lowercased and validated upon loading to prevent surprises.
    • All search fields in the phishlet are now regular expressions by default. Remember about proper escaping!
    Downloads
  • 2.0.0 6b40db172b

    2.0.0 Stable

    kerem released this 2018-07-26 12:20:37 +03:00 | 246 commits to master since this release

    📅 Originally published on GitHub: Thu, 26 Jul 2018 09:53:18 GMT
    🏷️ Git tag created: Thu, 26 Jul 2018 09:20:37 GMT

    This is a first release! Enjoy!

    Downloads