How to do phishing attack in Termux using SocialFish

Phishing is a very common attack which is used to steal sensitive information such as username, passwords, credit/debit card details, etc.
If you want to do phishing attacks, there are some plenty tools which helps you to do such attacks but there are certain limitations in these tools. Most of the time the phishing pages used in these tools are inaccurate which can be easily identified.
So to overcome this issue, there is a tool which helps you to do phishing attacks with accurate phishing pages and more features. In this post we are going to use a tool called 'SocialFish' - a python based tool for phishing attacks. We are using this tool in termux. So follow below steps to install this tool in termux.



Features of SocialFish -

• Real-time web page cloning

• Simple and interactive UI

• Easy to use

• You can get victim's device details and lot of information

• Track multiple attacks at a time.

Installation


1) First update all packages

 

$ apt update && apt upgrade

2) We need to install required packages

 

$ apt install python git 

3) Now, clone 'SocialFish' repository from github

$ git clone https://github.com/Deadpool2000/SocialFish

4) Goto SocialFish folder

$ cd SocialFish

5) Now we need to install pip packages required for this tool

$ pip install -r requirements.txt

Usage -

1) To use SocialFish, run this command -

$ python SocialFish.py <username> <pass>

for e.g. python SocialFish.py  root  toor

Here 'root' and 'toor' are username & password. You can use any username & password.

2) After this, open your browser and goto this address and login -

0.0.0.0:5000/neptune

3) After this, you will see two input boxes -

    1] The upper one is to clone the page which you want to use in phishing.

 
    2] The lower one is to redirect to another link when a vicitim enter his credentials.

4) So in the first box, we will enter a URL which we want to clone. Here I am using Github's login page for phishing. So here I am gonna use this link - 

'https://github.com/login'

 

 

5) Now in the second box, I am using a redirection link. When victim enters his login credentials on cloned github page, it will redirect to the redirected link. For this, I am using same link so victim thinks that it was an error. So again I am using 'https://github.com/login' for redirection.

 

6) Now click on the button as shown in the picture to make a phishing page -

 

7) Now go back to Termux and send this link to the victim as specified in the picture (IP address is hidden)-

8) As soon as victim click on the link and enter credentials,the phishing page redirected to original link.


9) Now refresh your browser, scroll down and click on 'View'. You will get some plenty information.

10) Here you can see username and password which filled by victim.

 

11) To stop this tool, use 'Ctrl + C'.


That's it.

If you have any problem regarding this post, leave a comment !


Also read -

Create metasploit payload easily in linux and termux

Fix 'repository is under maintenance or down' error in termux

How to install routersploit on Termux [2021]

 

How to fix 'repository is under maintenance or down' Termux issue [2024]

 

 If you try to update packages in latest termux, you will get some plenty errors. 

 

E: The repository 'https://dl.bintray.com/grimler/game-packages-24 games Release' does not have a Release file.
N: Metadata integrity can 't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).
E: The repository 'https://dl.bintray.com/grimler/science-packages-24 science Release ' does not have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?)

 

This common error occurs with recent updates to termux. The reason behind this error is that the official termux repository is under maintenance or may not work. Termux developers may working in the official repository.
Therefore, if you need to update the package without error, you need to change the repository to termux. Use a different package repository. Therefore, to resolve this issue, please follow the steps below -

Steps -


1) Run following command on Termux

$ termux-change-repo

2) You will see a dialog box. You need to select all option by pressing 'SPACE' key just like this and hit ENTER -

 

 

 

3) After this, we need to select another repository instead of official repository. So scroll down and select 'Mirrors by Grimler' by pressing 'SPACE' key.

 

4) After pressing ENTER key, Termux packages will update and you wouldn't see any errors. That's it !

 

 

** Important Update - Many people reported that Grimler's Repository is not working, So use A1batross's Repository instead of Grimler's Repository. **

 

If you have any kind of issue regarding this, please leave a comment !


Also read - 

 

How to install routersploit in Termux [2021]

 

How to create metasploit payload easily using linux and termux

How to install Phonesploit on Termux [2021]

 

 

 Phonesploit is a python based tool used for remote ADB (Android Debugging Bridge) exploitation. Using this tool, you can easily exploit any android device from remote ADB and can perform a bunch of tasks on target android device. Formerly, this tool only works on Linux but now you can use this tool on Termux with some easy steps. In this post we are going to use official PhoneSploit repository from github. So follow the steps to install this tool on termux.

Features of PhoneSploit

Access Shell

Screen record victim device

Screenshot a picture on victim device

Pull folders from victim device

Turn victim device off

Uninstall an app

Show real time log of victim device

Dump system info

List all apps on victim

Run an app

Port Forwarding 

NetStat

Grab wpa_supplicant

Turn WiFi On/Off

Show Mac/Inet

Remove Password

Extract apk from app

Use Keycode

Get Battery Status

Get Current Activity

Installation

 

First update all packages

  

apt update && apt upgrade

 

Install required packages

apt install android-tools python git

 

Now clone PhoneSploit repository from github

 

git clone https://github.com/aerosol-can/PhoneSploit

 

Goto PhoneSploit

 

cd PhoneSploit

 

Install pip packages

 

pip install colorama

 

Usage


Make sure that both devices are connected on same network.


Now on target device, make sure that 'USB Debugging' is on. If not, goto "Settings > developer options" and select USB debugging.


Now return back to your attack device and run following commands on Termux -

 

adb tcpip 5555

 

here you can use any port number instead of '5555'


Now identify IP address of target device. To identify it, Goto Settings > About Phone and you will see IP address of target device.


After this, run following command on attacking device

 

adb connect <ip_address_target_device>:<port_number>

 

e.g. adb connect 192.168.1.56:5555  (This is in my case)


Now run PhoneSploit tool using,

 

python phonesploit.py

Now you can run any command from PhoneSploit on target device remotely.

If you have any problem regarding this, leave a comment!

Share this post to your friends.

Also read - Install routersploit on Termux