Lockphish

Lockphish is a phishing tool written in Bash programming language. As the name suggests, the tool is designed to lock the target user's account by tricking them into entering their credentials on a fake login page.

Features

• The tool creates a fake login page that looks like a legitimate login page of the target website.
• The fake login page is hosted on a server, which can be accessed remotely by the attacker.
• The tool supports a wide range of phishing targets, including Google, Facebook, Instagram, LinkedIn, etc.
• The tool uses ngrok to create a secure tunnel to the fake login page, which ensures that the targeting server is not exposed to the internet.
• The tool provides email notification when the target user enters their credentials on the fake login page.

Usage

To use Lockphish, you need to have the following tools installed on your system:

• Bash
• PHP
• ngrok

Once you have installed these tools, follow these steps to use Lockphish:

1. Clone the Lockphish repository from Github:

   git clone https://github.com/thelinuxchoice/lockphish
   

2. Change the directory to Lockphish:

   cd lockphish
   

3. Run the Lockphish script with bash:

   bash lockphish.sh
   

4. Follow the on-screen instructions to select the phishing target and configure the phishing page.

5. Once you have configured the phishing page, Lockphish will generate a URL that you can share with the target user.

6. When the target user visits the URL and enters their credentials on the fake login page, Lockphish will notify you via email.

Conclusion

Lockphish is a powerful phishing tool that makes it easy for attackers to trick users into giving up their credentials. As a programmer, it is essential to understand the risks of such tools and take steps to protect your users from such attacks. Remember to always educate your users about the risks of phishing attacks and how they can protect themselves from such attacks.