github.com/kgretzky/evilginx2 ↗
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Open this visualization on its own page →
Contributors
28
Lines of Code
3,356
From
2018-07-10
To
2021-02-08
About kgretzky/evilginx2
Evilginx is a man-in-the-middle attack framework written in Go that intercepts phishing attempts to steal login credentials and session cookies, enabling attackers to bypass two-factor authentication. The tool functions as a reverse proxy that sits between a victim's browser and the target website, allowing attackers to capture both credentials and authenticated session data. Unlike its 2017 predecessor which relied on a modified nginx server, this version is a standalone application that implements its own HTTP and DNS servers, making deployment straightforward.
The framework is designed primarily for red team operations and penetration testing scenarios where authorized security professionals need to demonstrate organizational vulnerability to sophisticated phishing attacks. The tool includes support for creating phishlets, which are configuration files that define how specific target websites should be proxied and spoofed. A commercial variant called Evilginx Pro offers enhanced features such as bot detection evasion, JavaScript obfuscation, wildcard TLS certificates, and access to a maintained phishlets database.
The project explicitly includes a disclaimer that it should only be used in legitimate authorized penetration testing engagements. The creator also offers a training course on reverse proxy phishing techniques and maintains integration with Gophish, a popular phishing email distribution tool, to provide a complete end-to-end phishing campaign platform. The codebase is released under the BSD-3 license and the creator explicitly declines to provide support for creating custom phishlets or assist in malicious phishing activities.