Vphisher is an open-source phishing tool designed to demonstrate the vulnerabilities of social engineering attacks, specifically targeting Instagram reel, post links. It provides a simulated environment to understand how phishing campaigns can be orchestrated and how to protect against them.
Disclaimer: This tool is intended for educational and ethical hacking purposes only. Misuse of this software for illegal activities is strictly prohibited and the developers are not responsible for any such actions.
- Flexible Link Phishing: Simulates phishing attacks using convincing link lures, not limited to Instagram reels or posts. With some upgrades, this tool can generate various types of links for social engineering scenarios.
- Admin Dashboard: A comprehensive dashboard to:
- Create and manage phishing campaigns.
- Monitor victim interactions and data.
- View detailed statistics.
- Supabase Integration: Utilizes Supabase for secure and scalable backend services, including database and authentication.
- Frontend: React, TypeScript, Vite
- Backend/Database: Supabase
- Styling: Tailwind CSS
- Frameworks: Next.js (for
Instagram-reel-linksub-project)
To get a local copy up and running, follow these steps.
- Node.js (LTS version recommended)
- npm or yarn
- Git
- A Supabase account
-
Clone the repository:
git clone https://github.com/vinaytz/Vphisher.git cd Vphisher -
Set up environment variables: Create a
.envfile in the root directory of the project and in theInstagram-reel-linkdirectory.For the root
.env(main admin dashboard):VITE_SUPABASE_URL=YOUR_SUPABASE_URL VITE_SUPABASE_ANON_KEY=YOUR_SUPABASE_ANON_KEYFor
Instagram-reel-link/.env:NEXT_PUBLIC_SUPABASE_URL=YOUR_SUPABASE_URL NEXT_PUBLIC_SUPABASE_ANON_KEY=YOUR_SUPABASE_ANON_KEYReplace
YOUR_SUPABASE_URLandYOUR_SUPABASE_ANON_KEYwith your actual Supabase project credentials. -
Install dependencies:
For the main project (admin dashboard):
npm install # or yarn installFor the Instagram reel link sub-project:
cd Instagram-reel-link npm install # or yarn install cd ..
-
Start the main admin dashboard:
npm run dev # or yarn devThe admin dashboard will typically run on
http://localhost:5173(or another port if 5173 is in use).Example Deployed Dashboard: https://vphisher.vercel.app
-
Start the Instagram reel link phishing application:
cd Instagram-reel-link npm run dev # or yarn dev cd ..
The phishing application will typically run on
http://localhost:3000.
- Access the Admin Dashboard: Once the main application is running, navigate to
http://localhost:5173(or your configured port) orhttps://vphisher.vercel.appin your web browser. - Create a Campaign: Use the dashboard to create a new phishing campaign. You'll be able to specify details for your simulated attack.
- Generate a Fake Link: The dashboard will generate a unique Instagram reel, post link(that you will enter while creating the link). This is the link you would share in a simulated social engineering scenario.
- Monitor Activity: The dashboard automatically updates when a victim submits their credentials. you’ll be able to view login data as soon as it's captured.
- Get Victim Credentials: Review the collected data (username & password) to understand user behavior and identify vulnerabilities or...!!! .
- Admin Dashboard: Access the dashboard to create new phishing campaigns, generate unique reel, post links, and monitor collected data (username & password).
- Phishing Application: Share the generated Instagram links. When a victim clicks the link, they will be redirected to a simulated Instagram login page.
Contributions are welcome! If you have suggestions for improvements, bug fixes, or new features, please open an issue or submit a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
Vinaytz - developervinaytz@gmail.com Project Link: https://github.com/vinaytz/Vphisher
Ultimately, your social skills are what really count :)
Vphisher 💚