evilginx2

0.0.0-...-9e32484 Opens a new window with list of versions in this module.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication For more information about how to use this package see README

Latest version published 24 days ago

GitHub

Package Health Score

86 / 100

security
No known security issues
popularity
Recognized
maintenance
Healthy
community
Active

Popularity

Recognized

Imported By: 0
GitHub Stars: 9.98K
Forks: 1.82K
Contributors: 30

Usage Popularity

Based on project statistics from the GitHub repository for the Golang package evilginx2, we found that it has been 9,977 times.

The popularity score for Golang modules is calculated based on the number of stars that the project has on GitHub as well as the number of imports by other modules.

Security

No known security issues

Security risks

Direct Vulnerabilities: 0
C
0
H
0
M
0
L

Indirect Vulnerabilities: Check with Snyk

Release Date

Apr 24, 2024

License

BSD-3-Clause

Security Policy

We found a way for you to contribute to the project! Looks like evilginx2 is missing a security policy.

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

Keep your project free of vulnerabilities with Snyk

Maintenance

Healthy

Commit Frequency

Open Issues: 123
Open PR: 68
Last Release: 24 days ago
Last Commit: 24 days ago

Further analysis of the maintenance status of github.com/kgretzky/evilginx2 based on released golang versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that github.com/kgretzky/evilginx2 demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Community

Active

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 30
Funding: Yes

With more than 10 contributors for the github.com/kgretzky/evilginx2 repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like github.com/kgretzky/evilginx2 is missing a Code of Conduct.

Embed Package Health Score Badge

Keep your project healthy

Check your go.mod

Ensure all the packages you're using are healthy and well-maintained

Readme

Evilginx2 Title

Evilginx 3.0

Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.

This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

Screenshot

Disclaimer

I am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

Evilginx Mastery Training Course

If you want everything about reverse proxy phishing with Evilginx - check out my Evilginx Mastery course!

Learn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor Authentication. Learn to think like an attacker, during your red team engagements, and become the master of phishing with Evilginx.

Grab it here: https://academy.breakdev.org/evilginx-mastery

Official Gophish integration

If you'd like to use Gophish to send out phishing links compatible with Evilginx, please use the official Gophish integration with Evilginx 3.3. You can find the custom version here in the forked repository: Gophish with Evilginx integration

If you want to learn more about how to set it up, please follow the instructions in this blog post

Write-ups

If you want to learn more about reverse proxy phishing, I've published extensive blog posts about Evilginx here:

Evilginx 2.0 - Release

Evilginx 2.1 - First Update

Evilginx 2.2 - Jolly Winter Update

Evilginx 2.3 - Phisherman's Dream

Evilginx 2.4 - Gone Phishing

Evilginx 3.0

Evilginx 3.2

Evilginx 3.3

Help

In case you want to learn how to install and use Evilginx, please refer to online documentation available at:

https://help.evilginx.com

Support

I DO NOT offer support for providing or creating phishlets. I will also NOT help you with creation of your own phishlets. Please look for ready-to-use phishlets, provided by other people.

License

evilginx2 is made by Kuba Gretzky (@mrgretzky) and it's released under BSD-3 license.

FAQs

What is evilginx2?

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing ... Visit Snyk Advisor to see a full health score report for evilginx2, including popularity, security, maintenance & community analysis.

Is evilginx2 popular?

The golang package evilginx2 receives a total of ? weekly downloads. As such, evilginx2 popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is evilginx2 well maintained?

We found that evilginx2 demonstrated a healthy version release cadence and project activity. It has a community of 30 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is evilginx2 safe to use?

The golang package evilginx2 was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 17 May-2024, at 12:50 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Usage Popularity

Security risks

Commit Frequency

Embed Package Health Score Badge

Keep your project healthy

Check your go.mod

Readme

Evilginx 3.0

Disclaimer

Evilginx Mastery Training Course

Official Gophish integration

Write-ups

Help

Support

License

FAQs

What is evilginx2?

Is evilginx2 popular?

Is evilginx2 well maintained?

Is evilginx2 safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues