fisherman is a phishing tool created using Nodejs and Express framework.
This tool is meant for educational purposes only and should not be used to harm anyone.
Read the LICENSE for more information.
If you want to deploy this project without any modifications, you just need to set the following environmental variables, related to your mongodb instance:
DB_URIDB_NAMECOLLECTION_NAME
To generate a new phishing link, send a POST request at route /generate. The POST body must have the site field set to the website for which the phishing link is to be generated (Currently, only =instagram= is supported). As a response, a JSON object with the url and a key is returned.
Note: url is inappropriately called url, it should be combined with the hostname to produce the full link.
TODO: find a better name for url.
Once a victim signs in through the link, any subsequent POST requests at /extract with the POST body containing the url and key will return the most recently registered username and password through that link. i.e. repeatedly signing in through the same link will overwrite the previous value for username and password fields.