{ "id": "52aded33-5a0b-4ca6-8138-64b526aef010", "created_at": "2026-04-06T00:12:19.865366Z", "updated_at": "2026-04-10T03:35:21.483327Z", "deleted_at": null, "sha1_hash": "fb0bada03eda913cbda2c28755cadf5532bd511b", "title": "GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 932919, "plain_text": "GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack\r\nframework used for phishing login credentials along with session\r\ncookies, allowing for the bypass of 2-factor authentication\r\nBy kgretzky\r\nArchived: 2026-04-02 11:16:44 UTC\r\nEvilginx 3.0\r\nEvilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies,\r\nwhich in turn allows to bypass 2-factor authentication protection.\r\nThis tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to\r\nprovide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version\r\nis fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it\r\nextremely easy to set up and use.\r\nhttps://github.com/kgretzky/evilginx2\r\nPage 1 of 5\n\nDisclaimer\r\nI am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of\r\nwhat adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways\r\nto protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration\r\ntesting assignments with written permission from to-be-phished parties.\r\nEvilginx Pro is now available!\r\nThis is it! After over two years of development, countless delays, and hundreds of manual company verifications,\r\nconcluded with multiple hurdles related to export regulations, Evilginx Pro is finally live!\r\nhttps://github.com/kgretzky/evilginx2\r\nPage 2 of 5\n\nEvilginx Pro is the fruit of a passion I've had for a long time in developing offensive security tools for\r\ncybersecurity enthusiasts. The journey has just begun, and now that the product is officially released, I can focus\r\non making it even better by implementing all the ideas I've planned for it.\r\nKey features:\r\nOut-of-the-box phishing detection evasion (including Chrome's Enchanced Browser Protection)\r\nTested and maintained official phishlets database\r\nBotguard to prevent bot traffic by default (same concept as Cloudflare Turnstile)\r\nEvilpuppet for advanced phishing capability (Google)\r\nExternal DNS providers with multi-domain support\r\nWebsite spoofing for unauthorized requests\r\nJavaScript \u0026 HTML obfuscation\r\nWildcard TLS certificates\r\nAutomated server deployment\r\nSQLite database support\r\nFind out more on the official release blog post.\r\nEvilginx Mastery Training Course\r\nIf you want everything about reverse proxy phishing with Evilginx - check out my Evilginx Mastery course!\r\nhttps://github.com/kgretzky/evilginx2\r\nPage 3 of 5\n\nLearn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor\r\nAuthentication. Learn to think like an attacker, during your red team engagements, and become the master of\r\nphishing with Evilginx.\r\nGrab it here: https://academy.breakdev.org/evilginx-mastery\r\nOfficial Gophish integration\r\nIf you'd like to use Gophish to send out phishing links compatible with Evilginx, please use the official Gophish\r\nintegration with Evilginx 3.3. You can find the custom version here in the forked repository: Gophish with\r\nEvilginx integration\r\nIf you want to learn more about how to set it up, please follow the instructions in this blog post\r\nWrite-ups\r\nIf you want to learn more about reverse proxy phishing, I've published extensive blog posts about Evilginx here:\r\nEvilginx 2.0 - Release\r\nEvilginx 2.1 - First Update\r\nEvilginx 2.2 - Jolly Winter Update\r\nEvilginx 2.3 - Phisherman's Dream\r\nEvilginx 2.4 - Gone Phishing\r\nEvilginx 3.0\r\nhttps://github.com/kgretzky/evilginx2\r\nPage 4 of 5\n\nEvilginx 3.2\r\nEvilginx 3.3\r\nHelp\r\nIn case you want to learn how to install and use Evilginx, please refer to online documentation available at:\r\nhttps://help.evilginx.com\r\nSupport\r\nI DO NOT offer support for providing or creating phishlets. I will also NOT help you with creation of your own\r\nphishlets. Please look for ready-to-use phishlets, provided by other people.\r\nLicense\r\nevilginx2 is made by Kuba Gretzky (@mrgretzky) and it's released under BSD-3 license.\r\nSource: https://github.com/kgretzky/evilginx2\r\nhttps://github.com/kgretzky/evilginx2\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MITRE" ], "references": [ "https://github.com/kgretzky/evilginx2" ], "report_names": [ "evilginx2" ], "threat_actors": [ { "id": "2864e40a-f233-4618-ac61-b03760a41cbb", "created_at": "2023-12-01T02:02:34.272108Z", "updated_at": "2026-04-10T02:00:04.97558Z", "deleted_at": null, "main_name": "WildCard", "aliases": [], "source_name": "ETDA:WildCard", "tools": [ "RustDown", "SysJoker" ], "source_id": "ETDA", "reports": null }, { "id": "256a6a2d-e8a2-4497-b399-628a7fad4b3e", "created_at": "2023-11-30T02:00:07.299845Z", "updated_at": "2026-04-10T02:00:03.484788Z", "deleted_at": null, "main_name": "WildCard", "aliases": [], "source_name": "MISPGALAXY:WildCard", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434339, "ts_updated_at": 1775792121, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fb0bada03eda913cbda2c28755cadf5532bd511b.pdf", "text": "https://archive.orkl.eu/fb0bada03eda913cbda2c28755cadf5532bd511b.txt", "img": "https://archive.orkl.eu/fb0bada03eda913cbda2c28755cadf5532bd511b.jpg" } }