View Issue Details

IDProjectCategoryView StatusLast Update
0004000Kali LinuxQueued Tool Additionpublic2023-05-16 11:59
Reporterg0tmi1k Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version2023.2 
Summary0004000: Evilginx - Advanced Phishing with Two-factor Authentication Bypass
Description

Name: evilginx
Version: v1.1.0
Homepage: https://github.com/kgretzky/evilginx
Download: https://github.com/kgretzky/evilginx/archive/1.1.0.tar.gz
License: MIT (https://github.com/kgretzky/evilginx/blob/master/LICENSE)
Author: Kuba Gretzky (@mrgretzky)
Dependencies: ...A lot ~ https://github.com/kgretzky/evilginx/blob/master/install.sh
Age: March 2017 - Current
Similar tools: SET (Social-Engineer Toolkit) / wifiphisher / Ghost Phisher
Description: Evilginx - Advanced Phishing with Two-factor Authentication Bypass

Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server.

Additional Information

Web page: https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/

Relationships

related to 0002983 closed phishing-frenzy 

Activities

sbrun

sbrun

2018-06-19 08:19

manager   ~0009281

it requires openresty: https://openresty.org/en/
But openresty is based on nginx and both programs not co-installable.

nginx is required in Kali for the package set in kali-linux-all and kali-linux-full

rhertzog

rhertzog

2019-04-11 16:42

administrator   ~0010498

This was requested a long time ago but nothing happened. A review is in order. Is this something that we still want in Kali?

If yes, please reassign the ticket to sbrun and move it to the "Queued Tool Addtion" category.

Dober

Dober

2019-04-13 01:30

reporter   ~0010503

BTW, version v.1.X.X is obsolete. New version is Evilginx 2 : https://github.com/kgretzky/evilginx2
Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

g0tmi1k

g0tmi1k

2019-10-28 13:35

administrator   ~0011241

Last edited: 2020-01-06 13:21

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

sbrun

sbrun

2023-05-16 11:59

manager   ~0017941

version 2.4.0+git20210208.511860c+ds1-0kali2 is in kali-rolling

Issue History

Date Modified Username Field Change
2017-05-08 19:29 g0tmi1k New Issue
2017-07-18 13:33 g0tmi1k Summary Evilginx - Advanced Phishing with Two-factor Authentication Bypass => Add Evilginx v1.1.0 - Advanced Phishing with Two-factor Authentication Bypass
2017-07-18 13:33 g0tmi1k Description Updated
2017-07-18 14:01 g0tmi1k Relationship added related to 0002983
2017-11-21 14:34 g0tmi1k Description Updated
2018-01-29 10:22 g0tmi1k Summary Add Evilginx v1.1.0 - Advanced Phishing with Two-factor Authentication Bypass => Evilginx v1.1.0 - Advanced Phishing with Two-factor Authentication Bypass
2018-01-29 17:44 g0tmi1k Assigned To => sbrun
2018-01-29 17:44 g0tmi1k Status new => assigned
2018-06-19 08:19 sbrun Note Added: 0009281
2019-04-11 16:42 rhertzog Assigned To sbrun =>
2019-04-11 16:42 rhertzog Status assigned => new
2019-04-11 16:42 rhertzog Note Added: 0010498
2019-04-13 01:30 Dober Note Added: 0010503
2019-10-28 13:35 g0tmi1k Note Added: 0011241
2019-10-28 13:35 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 16:01 g0tmi1k Severity minor => feature
2019-10-28 16:01 g0tmi1k Status new => assigned
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:21 g0tmi1k Note Edited: 0011241
2020-06-17 14:58 g0tmi1k Severity feature => minor
2022-05-04 13:10 g0tmi1k Summary Evilginx v1.1.0 - Advanced Phishing with Two-factor Authentication Bypass => Evilginx - Advanced Phishing with Two-factor Authentication Bypass
2022-12-21 13:24 sbrun Assigned To => sbrun
2022-12-21 13:24 sbrun Status acknowledged => assigned
2023-05-16 11:59 sbrun Status assigned => resolved
2023-05-16 11:59 sbrun Resolution open => fixed
2023-05-16 11:59 sbrun Fixed in Version => 2023.2
2023-05-16 11:59 sbrun Note Added: 0017941
2023-05-21 04:07 Johnjon Issue cloned: 0008320