Evilginx2- Advanced Phishing Attack Framework

This is the successor of Evilginx 1, and it stays in-line with the MITM lineage. This tool is designed for a Phishing attack to capture login credentials and a session cookie. 

Table of Content



  • Perquisites
  • Installation
  • Domain Setup
  • Priming Evilginx


  • Lure Creation
  • Attack Simulation


One of the biggest concerns in today’s cyberspace is Phishing, it’s one of those things that uses what a user is familiar with against them. This is a MITM attack framework that sits between the user and site that they are trying to access to potentially steal their credentials. The framework is written in GO and implements its own HTTP and DNS server, making the setup process a breeze.


Let’s get acquainted with Evilginx2. The first thing we need to do is setup the Evilginx2 application on our attacking machine, let’s get the IP.


Evilginx has a few requirements before it can be installed and start working optimally, let’s take of them first.

We use pscp to upload the go install file to our attacking machine, defining where it can find the file and the credentials and IP of the destination machine. Go is a prerequisite for setting up evilginx. You can get Go 1.10.0 from here.

Once we have to Go in our machine we unpack and install it. Pscp deposited our Go file in the tmp folder. We will now be using the following commands to install Go and check its version:

Go needs to be added to ~/.profieles now, here’s how you do it:

Open the. profiles file in nano or any other text editor and type in the following

Next, install git make by typing the following:


Now we are ready to install Evilginx, let’s see how.

Let’s launch Evilginx by running the script.

There is multiple built-in options that the attacker can utilize to choose a site template called Phishlets.

Domain Setup

Evilginx works as a relay between the victim and the legitimate website that they are trying to access, to achieve this, the attacker needs a domain of their own. There are plenty of resources on the web from where a free domain can be attained temporarily, we used one such resource. We have setup an attacking domain: userid.cf.

The IP of our attacking machine is used in the IP address for the nameserver, if you recall, we noted it earlier on in the process.

Priming Evilginx

This is the part where we prime Evilginx for the attack. At the Evilginx terminal, we use the help command to see the various general configuration options that it has.

We need to configure Evilginx to use the domain name that we have set up for it and the IP for the attacking machine.

Time to setup the domains. We have used the twitter phishlet with our domain and Evilginx gives us options of modified domain names that we can setup in our hosting site

In our hosting site, we set the A record, which will the IP of the attacking machine and then copy and paste the domain names provided by Evilginx. One thing to note here, we don’t need to copy the “userid.cf” part, we just need the preceding string.


We now have everything we need to execute a successful attack using Evilginx.

The settings have been put into place, now we can start using the tool for what it is intended

Lure Creation

We now need a link that the victim clicks on, in Evilginx, the term for the link is “Lures”.

The help command shows us what options we must use for setting up the lures.

The lures have to be attached with our desired phishlet and a redirect has to be set to point towards the legitimate website that we are trying to harvest credentials for. Once the lures have been configured, we can see what the configurations yield.

Attack Simulation

When a victim clicks on our created lure, they will be sent to out phishlet, as can be seen below.

The victim enters their credentials and we see Evilginx capturing them and relaying them to the attack machines terminal.

This is a great tool to explore and understand phishing but at the same time, be sure to use it in a controlled setting.

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here

PowerCat -A PowerShell Netcat

The word PowerCat named from Powershell Netcat which is a new version of netcat in the form of the powershell script. In this article, we will learn about powercat which a PowerShell tool for is exploiting windows machines.

Table of Content

  • Requirement & Installations
  • Testing PowerShell Communication
  • Bind Shell
  • Execute Shell
  • Tunnelling or port forwarding

Introduction & Requirements



Powercat PowerShell Script

Powercat brings the usefulness and intensity of Netcat to every ongoing form of Microsoft Windows. It achieves this objective by utilizing local PowerShell form 2 segments. This permits simple organization, use, and minimal possibility of being gotten by customary antivirus arrangements. Furthermore, the most recent adaptations of Powercat incorporate propelled usefulness that goes well past those found in customary types of Netcat.

By default, we cannot run PowerShell scripts in windows. To run PowerShell scripts, we have to first change the execution policy of PowerShell. First, we run PowerShell as an administrator then we run the following command to change the execution policy: –

Now we download powercat in the system. We can either download the powercat script and import it manually or use Invoke-Expression to download the powercat script and import it automatically. In our case, we are using Invoke-Expression to download the powercat script.

Testing PowerShell Communication

Now we are going to test the working of powercat, first we setup our listener in PC-1.

-l is for listen mode

-p is for the port number

-v is for verbose mode

Now in PC-2, we use powercat to connect to PC-1 on port 9000 and send a message through powercat.

Now we switch to PC-1, and we find that we have received the message from PC-2.

Transfer File

We can also transfer the file using powercat, in PC-1 we setup the listener to accept the file from a remote machine inside the particular path and such as save the files as “file.txt” and therefore run the following command to initiate file transferring via port 9000.

-of is for the output file

Now we can use powercat to transfer the file from PC-2 to PC-1. Here we select a file called “1.txt” in PC-2 that will be transferred to PC-1.

-i is for the input file

Now in PC-1, we find that we have received the file from PC-2 inside C drive.

Bind Shell

In PC-1 we start our listener and execute cmd, creating a bind shell so that we can access the terminal of the remote machine, therefore execute below command.

We can connect to PC-1 from PC-2 using powercat and get a shell of PC-1.

Execute Powershell

We can use powercat to execute PowerShell instead of cmd to create a bind or reverse shell. In this case, we are going to create a PowerShell bind shell using powercat in PC-1.

Now we connect PC-2 to PC-1 using powercat and obtain a Powershell of pc-1.

Tunnelling or Port Forwarding

For this practical, we need 3 machines


We can also use powercat for tunnelling. In our case we have the following systems:

We get a session of PC-2 from PC-1 using PSSession.

After giving the username and password for the target machine, we get access to PC-2 where we found another network interface of Class A IP network.

On the target machine, we download powercat using Invoke-Expression.

Now we check for common running services on the gateway and find that port 22 is open.

Now we use powercat for port forwarding so that we can use PC-1 to connect with PC-3.

We now connect to PC-3 using putty.

As seen from the image below we are able to connect to the Ubuntu Machine (PC-3) from the Attacker’s machine(PC-1)

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here

Web Server Lab Setup for Penetration Testing

In this post, we will discuss how to set-up our own web server for penetration testing on Ubuntu 18. Ubuntu 18 has updated with the new features.

Table of Content


Web Server configuration

  • Apache
  • PHP
  • MySQL
  • phpMyAdmin
  • FTP
  • SSH
  • Nmap

Requirement-ubuntu 18.0

Web Server Configuration

The Web server is a program that uses HTTP to serve users with files forming web pages in response to requests transmitted by their HTTP clients. 

The Web servers can also be called dedicated computers and apparatuses.

Install Apache

First, we will install the Apache. Apache is the most commonly used Web server on Linux Systems. Web servers are used to serve web pages requested by the client computers. So, let’s first install Apache in the ubuntu by the following command-

 We have successfully installed apache2, by default apache runs on port 80.

Install PHP

Now we will install PHP 7modukle for Apache 2 and for all of its dependencies. Earlier we used to install PHP 5 module for Ubuntu 14. But now as it is not compatible in ubuntu 18.so we will install the latest version of php which is php7.2 For this run the following command in ubuntu terminal-

As you can see, we have done with php installation.

Install MySQL Server

Now comes the next step which is the installation of MySQL server. MySQL is the famous open-source database which was very easier to install earlier. But now it requires some changes for Ubuntu 18.

So, let’s go ahead step by step.

First, we will install MySQL server by the following command-

So, we are done with the installation. In Ubuntu 14, MySQL did not need a password as it required only the root user to logged in. But now it needs a password and it won’t allow the root user to log in so we will provide a username and password of ubuntu in MySQL with the following command and as it will ask for the password; you have to use your ubuntu password here. After it gets logged in you will grant all the privileges to the user of Ubuntu as in our case we have given all the privileges to user raj which will be identified with the password of ubuntu which is 123 in our case and after which we will reset all the previous privileges so that it can start the service with the new changes. For this, the commands are the following.

Great we are done with MySQL server installation, by default it runs on port 3306, now restart MySQL service.

Install phpMyAdmin

 Now the next step is the installation of a phpMyAdmin software tool which is written in PHP and which is proposed to handle the administration of MYSQL over the WEB and it also supports a wide range of operations on MYSQL. First, we need to install phpMyAdmin by the following command-

After the installation, it will ask you to choose the web server. Here you need to choose apache2 which will automatically be configured to run phpmyadmin.

Next, you will get a prompt which will be opened to configure a database for phpmyadmin with dbconfig-common. Here you need to click on yes and the enter.

 Again, you will get a prompt which will ask you to submit the password for phpMyAdmin, to register with the database server. Here we have given 123 as the password as it is essential to give it a password now.

The next step is the configuration of phpmyadmin under apache, for this we need to edit apache2 conf file by adding two lines at the end of this file:

At the last, as shown in the image below and then save it and after the editing saves the file and restart apache2 service.

Now open phpmyadmin in the browser as localhost/phpmyadmin as shown in the image below-

Install ftp

 Now we will install FTP server in ubuntu which is used for the transfer of computer files between a client and server on a computer network. For this run the following command in the terminal-

As we can see in the above screenshot that ftp service has been installed in our system which runs on port 21

Install ssh

Now the next is SSh protocol which is method for secure remote login from one computer to another.so lets install this service by the following command. It is installed successfully; by default, it runs on port 22.

Install Nmap

Now in order to check that the above services have been installed properly in our system; we will use nmap which is a scanner for ports and which tells us about the open ports and running services status.

So, let’s install that by the following command-

Once the installation is done, we will scan our own system by the following command and it will scan our system and will come up with the desired results as you can see in the image given below-

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here

Beginner’s Guide to Nessus

In this article, we will learn about Nessus which is a network vulnerability scanner. There are various network vulnerability scanners but Nessus is one of the best because of its most successful GUI. Therefore, it is widely used in multiple organizations. The tools were developed by Renuad Deraison in the year 1998.

Table of Content

  • Introduction to Nessus
  • Linux Installation
  • Running Vulnerability Scans
  • Windows Installation

Introduction to Nessus

Nessus is a network vulnerability scanner that utilizes the Common Vulnerabilities and Exposures engineering for simple cross-connecting between agreeable security instruments. Nessus utilizes the Nessus Attack Scripting Language (NASL), a basic language that portrays singular dangers and potential assaults. Nessus has a measured design comprising of incorporated servers that direct examining, and remote customers that take into account chairman communication. Executives can incorporate NASL portrayals of every presumed powerlessness to create altered outputs. Noteworthy abilities of Nessus include:

  • Compatible with all OS
  • Scans for vulnerabilities in the local and remote host
  • Informs about missing security in detail
  • Applies various attacks in order to pinpoint a vulnerability
  • It can schedule security audits
  • Runs security tests

Linux Installation

Let’s start the installation on Linux. Here we are installing Nessus on an Ubuntu 18 Machine. Firstly, we will invoke a root shell using sudo bash command. We are going to install Nessus using a deb file that can be downloaded from the Nessus Official Website. We traverse to the directory where we have downloaded the deb file. We will change permission to execute the file and then we will install the Nessus.deb file using the dpkg command.

Afterwards, as shown in the image using the following command to run Nessus :

This command will open our default browser, which in our case is Mozilla Firefox. And we will be greeted with a Warning about Certificate Installation. To use Nessus, we will have to get through this warning. The first click on Advanced followed by Accept the Risk and Continue.

Then it will ask you to create an account, as shown in the image, give the details for it.

Further, it will ask you for an activation code, provide that just as its shown in the image below :

Once all the formalities are done, Nessus will open and will allow you to perform any scan you desire as shown in the image below :

Running Vulnerability Scans

When you click on create new scans, there will be multiple scans that you can see in the following image :

And then in the policies tab, you can generate different policies on which the scans are based.

There are various policies templates too, as shown in the image below :

In order to start a new scan, go to scan templates and select a new scan and then give it a name and target IP as shown in the following image :

Once the scan is done, it will show you the result; this result will clearly indicate the risk that a vulnerability poses which goes from low to critical.

When you click on the vulnerability, for instance here we clicked on the first one which is a critical threat, it will give you details about vulnerability such as its severity, whether its RPC or not, its version, etc. as shown in the image below :

Now, we clicked on the different one which is a high-level threat, it will give you details about vulnerability such as its severity, whether its RPC or not, its version, etc. as shown in the image below :

Windows Installation

Download Nessus for windows from Nessus Official Website. And open it similarly in the browser to set it up.

Just like in Linux, we will be greeted with a Warning about Certificate Installation. To use Nessus, we will have to get through this warning. First click on Advanced followed by Accept the Risk and Continue.

Then it will ask you to create an account, as shown in the image, give the details for it.

Further, it will ask you for an activation code, provide that just as its shown in the image below :

And then you can start your scans in a similar way just as shown above in Linux.

Author: Shubham Sharma is a Cybersecurity enthusiast and Researcher in the field of WebApp Penetration testing. Contact here