Analysis updated 2026-06-24
Run an authorized security awareness drill that shows staff how convincing a fake login page can be.
Study the templates to build a phishing detector for an email gateway.
Demo the role of tunneling services like Cloudflared in red team scenarios during a CTF.
| htr-tech/zphisher | jeromeetienne/ar.js | gustavoguanabara/html-css | |
|---|---|---|---|
| Stars | 15,944 | 15,807 | 16,262 |
| Language | HTML | HTML | HTML |
| Setup difficulty | easy | moderate | easy |
| Complexity | 2/5 | 3/5 | 1/5 |
| Audience | ops devops | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Auto installs dependencies on first run, but only safe to use on isolated networks with written authorization.
Zphisher is an automated phishing toolkit, a tool that creates fake login pages designed to look like real websites in order to capture someone's credentials when they try to log in. It comes with more than 30 ready-made templates imitating login pages for popular services. The tool is described as intended for educational purposes, specifically to demonstrate how phishing attacks work, and the author states they are not responsible for misuse. Phishing is a type of cyber attack where someone is tricked into entering their username and password on a fake version of a website they trust. Tools like this are sometimes used in security training and penetration testing, authorized testing of a system's defenses, but carry significant legal risk if used without permission. Zphisher is written in Bash (a scripting language for command-line use) and runs on various Linux environments. It supports several methods for making the fake page accessible from outside a local network, including tunneling services (Cloudflared and LocalXpose), and includes URL masking to make the malicious link look more legitimate. It also supports Docker for easier deployment. Dependencies are installed automatically on first run.
A Bash phishing toolkit with 30 plus prebuilt fake login page templates, intended for authorized security training and red team awareness demos.
Mainly HTML. The stack also includes Bash, HTML, Docker.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.