Phish & Chips is a graphical user interface (GUI) based tool that allows users to perform phishing in a more efficient way through partial automation. This tool is intended for attackers who want to carry out phishing attacks using email and websites.
Please ensure that you have a python version of at least 3.10 and above. The "Python 3.10 setup for server guide" can be found here
The following are the required libraries in Windows or Linux environment:
pip install requests beautifulsoup4 tld Pillow flask
pip3 install requests beautifulsoup4 tld Pillow flask
- Download the zip folder of the tool.
- Ensure that the above required libraries are installed.
- Download the zip folder of the tool
- Transfer website.py, webscraper.py and the templates folder into the server. The directory structure inside the server should look like this:
current_directory_or_any_name
├── templates/
│ ├── carousell.html
│ ├── carousellfail.html
│ ├── facebook.html
│ ├── facebookfail.html
│ ├── lazada.html
│ ├── lazadafail.html
│ ├── shopee.html
│ └── shopeefail.html
├── server.py
├── webscraper.py
└── website.py
- Open a command prompt window
- Navigate to the folder
- Run the following:
python gui.py
- On the local side, run the gui with
python gui.py - On the server side, run the server with
python3 server.py(ENSURE YOU HAVE PYTHON 3.10 OR ABOVE INSTALLED)
Enable two-step verification
- Go to this URL: https://myaccount.google.com/security
- Click on 2-step verification as shown below
- Enter your email password and phone number when prompted. Once everything is complete, you will see something like this.
NOTE: Ensure that your two-step verification has been enabled before executing the steps below.
- Click on two-step verification
- Enter your Gmail password
- Scroll down until you see App Passwords and click on it
- Under the “Select App” portion, select the option “Other (Custom name)”
- Give the application a name and click on the Generate button
- A 16 character password will be generated. This would be the password for you to enter in the Phish & Chips application
- If there is anymore website you want to add in, you can add the website html file inside the templates folder. Make sure you have the login page named as {APP_NAME}.html and the login failed page named as {APP_NAME}fail.html inside the templates folder.