# 🕵️♂️ InstaPhish - For Educational Purposes Only
> ⚠️ **Disclaimer**
>
> This project is intended **strictly for educational and ethical hacking awareness purposes only.**
>
> - Do **not** use this project for malicious purposes.
> - The author **does not condone** illegal activity and is **not responsible** for any misuse.
> - Always conduct security testing **only in authorized environments** with **explicit permission**.
> - This repository is meant to help individuals and professionals understand phishing mechanics and learn how to defend against them.
## 🚀 Features
- Fake Instagram login page styled like the real interface
- Logs username and password attempts
- Automatically generates public forwarding using **ngrok**
- Logs output in real-time to console
- Dynamic PHP server running on a random available 4-digit port
## ⚙️ Installation & Setup
```bash
# 1. Clone this repository
git clone https://tangled.sh/@hatixntsoa.bsky.social/instaphish
# 2. Change to the project directory
cd instaphish
# 3. Give execution permission to the script
chmod +x instaphish.sh
# 4. Run the phishing server
./instaphish.sh
````
> ✅ Ensure you have both **PHP** and **ngrok** installed on your system.
## 📁 Project Structure
```
.
├── app/
│ └── instaphish.php
├── assets/
│ ├── images/
│ ├── scripts/
│ └── styles/
├── data/
│ └── credentials.txt // saved credentials
├── logs/
├── screenshots/
├── utils/ // shell functions definition
├── index.html
├── instaphish.sh
├── LICENSE.md
└── README.md
```
## 📌 Requirements
* **PHP** ≥ 7.x
* **ngrok** with authenticated account (set up via `ngrok authtoken`)
* Unix-like environment (Linux/macOS or WSL on Windows)
## 📚 Legal Note
This repository is designed to demonstrate **how phishing works**, so that developers, companies, and users can better understand and **protect themselves** from real threats.
Use it **ethically** and **legally**.
