Pen testing
C2
Evilgophish is an open-source phishing toolkit that combines two powerful tools: Evilginx2 and GoPhish. GoPhish handles sending out phishing emails, tracking email opens and campaign stats, while Evilginx2 takes over for landing pages and 2FA/MFA. Phishing links from GoPhish point to Evilginx2’s lure paths so even when 2FA is in place, attackers can still capture tokens and cookies. Real-time alerts notify the operator when data is submitted and they can quickly switch to the Evilginx2 terminal to get the full JSON of captured credentials.
EvilGophish uses the strengths of both Evilginx2 and GoPhish. GoPhish manages the email part by sending messages, tracking email engagement, and providing campaign stats in a dashboard. Evilginx2 creates convincing landing pages that bypass 2FA, both systems working together to make a strong phishing operation.
Real-Time Notifications
One of the best features of Evilgophish is real-time data capture. As soon as a victim submits their credentials, the system alerts the operator. This way, the operator can act fast to get the full set of captured tokens and cookies before any countermeasures can interrupt the session.
Streamlined Workflow
The workflow with Evilgophish is designed to be efficient. Operators set up their phishing campaigns with GoPhish, craft their emails, and monitor stats from a dashboard. Evilginx2 handles the complex task of bypassing multi-factor authentication. Operators need to switch to the Evilginx2 terminal to get the detailed data, but the overall process is designed to maximize the attack’s success.
No specific variants for Evilgophish as it’s a combination of two open-source tools. Since it’s open, many threat actors customize the setup to fit their needs.
Update your email filtering and phishing detection systems.
Educate users to recognize and report phishing attempts.
Implement multi-factor authentication that uses hardware tokens or biometric data.
Monitor for unusual authentication and data submission.
Evilgophish is used in phishing campaigns against multiple industries. It’s very effective against organizations that have strong login processes like financial institutions, tech companies and social media platforms.
Since it’s open-source Evilgophish is used by many cybercriminals. There is no specific group behind its use; it’s used by financially motivated attackers and phishing operators who need a tool to bypass 2FA and get credentials.
