kgretzky/evilginx2

Evilginx is a security research tool used during red team penetration tests. The README describes it as a man-in-the-middle framework: it sits between a victim's browser and a real login page, captures the username, password, and the session cookies that get issued after a successful login, and in doing so can bypass two-factor authentication. The README is direct about this: it is a demonstration of what skilled attackers can do, and the author states the tool should only be used in legitimate penetration testing engagements with written permission from the party being tested. The project is a successor to an earlier version released in 2017 which relied on a customised build of the nginx web server. The current version, called Evilginx 3.0 in the README, is rewritten in Go as a single standalone application that runs its own HTTP and DNS servers. That makes it easier to install and operate compared with the older nginx-based approach. A paid commercial version called Evilginx Pro is also available, sold through a separate site after a manual company verification process that the author says took two years to set up because of export regulations. The README lists features of the paid version: detection avoidance against browser protections like Chrome's Enhanced Browser Protection, a maintained library of "phishlets" (configuration files for specific target sites), a Botguard system to filter automated traffic, an Evilpuppet module described as advanced capability against Google, external DNS providers with multi-domain support, website spoofing, JavaScript and HTML obfuscation, wildcard TLS certificates, automated server deployment, and SQLite storage. The author also sells a training course called Evilginx Mastery that teaches reverse proxy phishing techniques and how to use the tool during red team exercises. There is an official integration with Gophish, a separate open source phishing campaign tool, maintained as a fork by the same author. The README links to a series of blog posts that document each version's release and feature additions. Installation and usage instructions are not in the README itself. They are kept on a separate documentation site. The author explicitly says they do not offer support for creating phishlets and points readers at community-shared ones instead. The open source code is released under the BSD-3 license and is maintained by Kuba Gretzky.