Phishing-Websites

Phishing websites that contain a disclaimer indicating that the site is not genuine, despite appearing to be a legitimate phishing site.

Description

This repository contains phishing websites for educational purposes only. The purpose of these websites is to raise awareness about the dangers of phishing and to educate users on how to identify and avoid phishing attempts. It is important to note that the use of these websites for any illegal or malicious activities is strictly prohibited and the creator of this repository and its contributors will not be held responsible for any misuse.

Disclaimer

By using this repository, you agree to use the websites contained within it only for educational and research purposes and not to use them for any illegal or malicious activities. It is the end user's responsibility to obey all applicable local, state, and federal laws. The creator of this repository and its contributors assume no liability and are not responsible for any misuse or damage caused by the repository.

Guide for using one of the websites in this repository:

1. Clone the repository to your local machine.
2. Review the website's README.md file for additional instructions.

Guide For creating a new Phishing Website:

1. Use separate, unlinked accounts and a VPN when accessing them.
2. Copy the target website using tools such as website scrapers or website copiers, such as https://saveweb2zip.com.
3. Modify the copied website to resemble the original and fix any broken elements, redirecting any links that arent the login to the actual website.
4. It is important to note that some websites use various forms of obfuscation to conceal their code. In order to customize these websites to your needs, you may need to reverse engineer the code and gain an understanding of how it works, Tips on that in the Website code cracking section.
5. Use a form submission tool such as https://www.actionforms.io to have the form submissions sent to you and redirect the user to the real website after submission.
6. Host the website on a hosting platform such as https://app.infinityfree.net with a domain name as similar as possible to the original.
7. Utilize a URL shortener if the domain name does not closely match the original in a url shortening website such as https://bitly.com/.
8. Prior to distributing the website, thoroughly test it to ensure it is not detected as malicious. If it is flagged, consider modifying the domain name to make it less similar to the original website, the url shortener or the original domain name can cause this issue.
9. Distribute the website and monitor any form submissions.

Possible Phishing Website enchantments:

1. Add captcha before submitting, to prevent user from bot submitting to your website.

Website code cracking

1. Websites may use javascript obfuscation to protect their code from being easily understood or modified. To deobfuscate this code, you can use tools such as https://deobfuscate.io .
2. Websites like Instagram may use javascript to check for legitimacy, and display an error page if the website is not considered legitimate. To bypass this, you can try identifying and removing the script responsible for this check.
3. Websites like Facebook may use encryption to protect the data they send in forms. To bypass this, you can try identifying the script responsible for the encryption, and remove it. This could be a script that targets a specific class, in which case you can remove the class or the element it is associated with.
4. Websites with advanced security often use code import links to ensure the authenticity of requests before importing the code into the website. As a result, these websites are difficult to hack. To access the code, one method is to copy the output code from the original website after it has been already authenticated and imported.