Update 2020.March.03

added FB mobile 2 Factor Authentication template

Gray Fish v2020.03

Gray Fish provides fully undetectable phishing pages. Are you bored of getting link blocked by facebook or other sites? Does your hosting provider suspend your account(e.g 000webhost)? Don't lose hope. Try Gray Fish. Hackers are 10 times more clever than simple programmers. But they don't tell you everything. Before using it, make sure to read all article to avoid any problem.

Features

Fully undetectable (means Link will not get blocked + Hosting provider will not suspend your account).
Almost, all Templates are under 20KBs that helps in loading webpages fast.
Images are encoded in base64 to avoid external + internal linking.
Codes are highly compressed. Extra codes have been removed.
Login form can't be bypass until all inputs have been filled by a victim.
Link with custom preview(image + title + description) when shared on any website.
Admin login panel has been created for absolute dummies.

Usage


git clone https://github.com/graysuit/grayfish.git

Upload all files to any web hosting you like
Enter your sitename and fill username & password(Default user & pass is fish)
Select any phishing link
Shorten link if you want
Send the link to your victim
Note: Username/Password will be displayed in admin panel

Available phishing sites/templates

Click me to view sites

Facebook_desktop_homepage
Facebook_mobile + 2FA
Facebook_mobile_fake_security
Github
Instagram
Linkedin
Netflix
Protonmail
Snapchat
Tumblr
Messenger
Twitter_desktop
Wordpress
Yahoo

Gray Fish Admin Panel Default user & pass:

Username = fish
Password = fish

Tutorials on GrayFish by:

How they detect phishing?

Different websites use different algorithms + user-agents + IPs to detect phishing. If they found similarities to original login pages then they simply block the phishing URL and also report it to host provider. And thus your account suspended.

What if we detect and allow only users with a user-agent?

How it is undetectable?

It displays phishing page to only those who have human user-agents. For example, if a person has this type of user-gent (Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30) then phishing page will load, Else it will be directed to phishing_info folder. It helps prevent detected by facebook & other crawlers.

Screenshots

Tips to Follow

Don't share links frequently. It is considered as spam by bots.
Share the link only to the victim, not to whole planet.
Don't use domains that are already restricted or banned(e.g sitename.000webhostapp.com, sitename.htmlpasta.com, etc).
Use hosting providers that provides valid SSL certificate(https:// not http://).
Shorten URL before sending link.
Not just share. Convince the victim in your native language and catch victim by his interests.

Legal Disclaimer

Phishing pages never harm anyone nor it benefits script kiddies. Instead, they expose the website's mistakes and give developers a golden opportunity to make websites more secure. What if we use this knowledge secretly? Why we public this knowledge?

We publicized this knowledge to make developers acknowledged of their vulnerabilities + to make new programmers more clever.

Don't use this source code for illegal purposes. But if you do, this will on to you, I will not/never take any responsibility for your crime.

Contact me personally (want to learn?)

I Love ALLAH + Holy Prophet + Islam and Pakistan.

About

Gray Fish provides fully undetectable phishing pages means link will not get blocked and hosting provider will not suspend your account.All Templates are under 20KBs.Login form can't be bypass until both inputs filled by a victim.

https://github.com/graysuit/grayfish

GNU General Public License v3.0

Languages

Language:PHP 100.0%Language:CSS 0.0%