showcase.mp4
Pufferphish is a phising toolkit written in Go, it uses realtime websocket connection to communicate with the server.
You can easily setup pufferphish with docker (assuming you already have docker installed):
mkdir pufferphish && cd pufferphish
wget https://github.com/ngn13/pufferphish/releases/download/v2.0/pufferphish_v2.0.tar.gz
tar xvf pufferphish_v2.0.tar.gz
docker run -d -v $PWD/config.json:/app/config.json \
-v $PWD/templates:/app/templates \
-v $PWD/static:/app/static \
-v $PWD/logs:/app/logs \
--network host \
ghcr.io/ngn13/pufferphish
Note that you will need restart the container after changing the configuration.
First install a recent version of go
, then download the latest release archive:
wget https://github.com/ngn13/pufferphish/archive/refs/tags/v2.0.tar.gz
tar xvf v2.0.tar.gz && cd pufferphish-2.0
go build && ./pufferphish
You can use nginx reverse proxy for HTTPS. Here is configuration that you can copy and paste:
server {
server_name [domain];
location / {
proxy_pass http://localhost:[port];
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
You will need to add the following optio to your config.json
:
"ip_header": "X-Real-IP"
All the configuration is done with the config.json
file, here are all the options:
The port that the web server will listen on.
The template that will be served, currently there are 3 avaliable templates:
- Discord
- Steam
- Microsoft
Please note that these templates are mostly proof-of-concept, you should write your own instead of using these. To get started see the example template.
The path that the web server will serve the template. Default is "/".
List of blacklisted IPs. Web server will return with 404 to these.
Header to use for obtaning client IP. If none specified web server will use the TCP source IP, which should be the correct IP address unless you are running the application behind a reverse proxy.
If you want to support this project, please consider leaving a star. Also consider contributing, I am open for PRs and issues!