How To Install And Run ZPhisher on Kali Linux Phishing Tool - Video 2023 with InfoSec Pat

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey guys welcome back to another video with infosecpat so in this video we're going to be talking about Z Fisher it's just another automated fishing tool you can utilize in Kali Linux or parrot Os or whatever you can get it from GitHub we're going to be installing that today but before we do so please like subscribe and share if it's helpful and you like the video obviously and if you're returning welcome back so as we can see on my screen I'm already at the repository I want to go ahead and do some preliminary stuff and I want to show you what I did prior to starting this video like did some updates and upgrades just to make sure all the repositories are up to date right so as you can see on the about right here you can see you know it's an automated fishing tool with over 30 plus templates it's obviously made for educational purposes this is just a teacher how phishing works and how to create those links obviously do not misuse this and do some craziness but you can you know do it on yourself and practice in your own environment and this is always what I condole like everything I'm doing is in my own environment right so before anything these are two commands I would run I just put them here so they're easy I already did it you can do a sudo app update so you can update all your repositories to make sure everything is up to date and then you can do a full upgrade and I did so what we can do is I can cat my OS release and I can see that I'm up to 20 20 22.4 which I'm good to go all right and if I do a little LS right now I have a few a few tools that I've installed under my tools directory in my Kali Linux so what I want to do is I want to make another directory called Z Fisher so mkdir when we do Z Fisher and then I want to CD into there okay and now obviously if I can do an LS there's nothing in there so what I want to do now let's go back to the repository and we can read through this a little bit obviously disclaimer it's a beginner friendly automated efficient tool with over 30 plus templates so obviously this is just to learn right to understand how phishing how people create these phishing links and when they you know try to harvest credentials and this is you know you can protect yourself by looking at some crazy link and say this doesn't look right and if it's coming from Microsoft or Facebook or anything like that which will see the real one versus a fishing link and you can see some of the differences but we'll get to that in a little while all right so you can you know you can read this disclaimer and then the features some of the features you know the latest updates of log on pages beginners friendly and then you have localhost and you know a whole bunch of different ones so let's go ahead and just get the Clone I want to go ahead and copy this and let's go back here and just paste that in here whoops why did it paste like that I don't know why I did that right that's not a problem we can just type it get clone and then I want to go ahead and go all the way to the end take this out and I want to clone that locally to my machine and once that's locally cloned then we can do an LS and we should see that here once you have that once you have that we can CD to it right and once we CD to it we can do an LS and see what files reside in this directory so we can see Docker file and you can actually say for example you want to read have to read me Dot and D obviously this is pretty much let me go all the way up this is pretty much what was on GitHub you know the features all you know everything that you need to know all right so let's just go ahead and whoops so let's go ahead and do an LS again so now what we're going to do is run this Z Fisher so what we're going to do is use bash because it's a bash because it's obviously we can see that dot sh but before that if you want to see the script because sometimes people want to look at scripts and all that stuff so we can do this cat let's cat the Z Fisher Dot and then this is going to show you everything that this script is doing and let's go all the way up [Music] right so if we come all the way up here I guess we can't even go all the way up but you can open this up in G edit of you know something else uh Sublime Text or whatever but what you can do is check it out but let's go ahead and just run it okay I'm going to go ahead and run it so we can see the package is already installed because I did update my repository you know updated pip make sure everything uh is all up to date in this case it's bash it's not a python so we can see the status the internet status is online so my machine is on the internet so it's checking for updates it is up to date which I just did that prior to recording and now it's installing the rest of the applications that are needed that I didn't have installed I think I mentioned this on one of the other videos I actually accidentally deleted my my virtual machine that I had all my tools set up and configured but it's all good and best practices start all over right they always say reform that once a year so I guess I had to reformat and I had that machine probably for like probably a year or something like that always doing the upgrades or whatever all right cool deal so now we have Z Fisher here this is a tool and it's it was created by HTR Tech thank you so much shout out to you for this cool tool all right so we can select a attack for the victim so what do we want to do we have 33 here we can just pick one for an example we'll pick LinkedIn so LinkedIn is 14 right we can select 14 and hit enter right so we have different options here we have 0 1 for localhost zero two zero three zero four so what we can do here we can for an example we can try uh let's try zero three uh cloudflare okay let's just give that a jingle do you want a custom Port no thanks I don't need a custom Port because I'm just testing this this is not anything crazy so get we'll give this a moment so it's probably going to be running on Port uh do you want to mask yes yes I want to mask it all right so I want to put uh infosec at testing .com okay I'm just going to click that so what we're gonna do we can use this this URL right here I can whoops let me copy this URL and see if this works right so we can copy this we can open up a new browser paste it enter and that's fine okay so now we have this LinkedIn page we masked it and you know so say for example we want to test with uh with Pat is the man at.com okay that's my email and my password is thank you for watching don't save all right so if you send that off to someone and this is how these things are created they're going to say oh it didn't didn't do much of anything let me go ahead and give it a jingle again so it did reroute them it redirected them to the real LinkedIn so now if we come back here we can see let's do Ctrl C let's do an LS and we can go ahead and let's see if we can do to do let's see something here all right so username so let's add username so I didn't actually never use this tool this is the first time I'm using it so here we go so we can see the LinkedIn IP I mean the LinkedIn username which is Pat as demand and then my password is thank you for watching if I spelled that correctly yes I did all right so that's pretty much how you use this tool and it's very simple right and so we can do one more we can let's actually uh see the dot dot and what I want to do I didn't realize but it's fine I'm not worried about anything all right so let's go ahead and just do bash again and we'll make sure see how fast that was now because everything is installed so you can for an example you can try Instagram zero two and we'll do something else for an example traditional login thousand followers say oh man I want to get a thousand followers I don't know so we can do zero three and we can try zero two we can just do a different option now uh no uh no I I don't I don't I don't want to change my region so we'll just give this a second we'll give this a moment and then do you want a mess no it's it's fine okay so now we can just say Okay thousand followers this looks pretty cool we can copy this and then we can go back to our browser paste and then that's fine yeah confirm so now this is going to show us I don't know something about a thousand followers I guess that didn't I guess that didn't work but obviously with these tools sometimes it is hit or miss so we can just go back and just give something else a try okay and so on and so forth so you guys get the idea you guys are going to run it and just play around with it right and just test it in your own environment and you should be good and that's that's pretty much about it for this video hopefully it's been a formula for you guys if you have any questions feel free to hit me up in the comments or any way you can find me and I'll be sure to help out as best as I can but please I get a lot of these these emails and messages I'm having an error please try to research it before sending the error because I solve a lot of these problems like people say oh um it's not working but then you're not running it as root or you forgot sudo in front of it just make sure either you follow step by step what I'm doing or you know if you're getting some kind of error please google it before because that's what I want to tell you to do have you try to research it because I don't know all the answers either but I know how to find them right as long as you know how to research them that's the main key so please do that I'm not trying to be rude I'm not trying to be mean I just think it's it's in it's for your best interest too to learn how to research because if you want to be a pen tester or in this field in any field in it you know like when I was a network engineer a system engineer Cloud blah blah blah if we get an arrow first thing we do is Google now we just do different chat jpt and all this good stuff but you get the point I'm just I'm just messing around with that but Google it and see if you can try to find the answer prior to hitting me up and if you're absolutely stuck and there's like nothing that's you know you're stuck against a brick wall yeah hit me up and I'll be sure to help you out all right until next time have a good one thank you so much for watching and have a beautiful day take care

Info

Channel: InfoSec Pat

Views: 241,979

Rating: undefined out of 5

Keywords: pentester, vm, virtualbox, linux, kali linux, windows 10, exploit, metaploit, youtube, learn and give back, kali, pentesting, hack, how to hack, how to install, ceh, ccnp, it certifications, cyber security, how to setup a infosec lab, how to setup a cyber security lab, how to setup a home lab, how to setup a pentest lab, how to setup a pentesting lab, oscp, pentest, how to phishing attack in facebook, how to get oscp, how to get security plus, zphisher, pyphisher, phishing tools, how to

Id: PapaQAyfZ6U

Channel Id: undefined

Length: 12min 21sec (741 seconds)

Published: Wed Jan 25 2023