Zphisher is an automated phishing tool that runs inside Termux on Android devices. It allows you to create fake login pages of popular websites and generate public links for authorized security testing and educational purposes. You can use it to understand how phishing attacks work, test your own awareness, and learn how to detect fake login pages. Here’s what you can do with Zphisher on Termux:
- Create fake login pages of popular websites.
- Generate public links using tunneling services.
- Capture login credentials for authorized testing.
- Understand how phishing techniques work.
- Test your own ability to detect fake pages.
- Learn ethical hacking concepts on mobile.
Disclaimer: Using Zphisher on real websites or accounts without permission is illegal. You are responsible for your own actions. Always test on your own accounts.
Install Zphisher on Termux
Below are the simple steps to install and run Zphisher on Android using Termux. Open Termux and run the commands one by one to complete the installation and prepare the phishing simulation tool.
Update Termux packages first:
pkg update && pkg upgrade -yInstall Git package in Termux:
pkg install git -yClone Zphisher repository from GitHub:
git clone --depth=1 https://github.com/htr-tech/zphisher.gitNavigate into Zphisher directory:
cd zphisherLaunch the Zphisher tool:
bash zphisher.shNote: On first run, Zphisher automatically installs required dependencies like PHP, curl, and unzip. This may take a minute depending on your internet speed.
Using Zphisher for Educational Testing
After the tool launches successfully, follow the interactive menu prompts:
Select a website template from the list. Type the number next to Facebook, Instagram, Google, or any other available option and press Enter.
[::] Select An Attack For Your Victim [::]
[01] Facebook [11] Twitch [21] DeviantArt
[02] Instagram [12] Pinterest [22] Badoo
[03] Google [13] Snapchat [23] Origin
[04] Microsoft [14] Linkedin [24] DropBox
[05] Netflix [15] Ebay [25] Yahoo
[06] Paypal [16] Quora [26] WordPress
[07] Steam [17] Protonmail [27] Yandex
[08] Twitter [18] Spotify [28] StackoverFlow
[09] Playstation [19] Reddit [29] Vk
[10] Tiktok [20] Adobe [30] XBOX
[31] Mediafire [32] Gitlab [33] Github
[34] Discord
[99] About [00] Exit
[-] Select an option :Choose a tunneling service. Select Cloudflared or localxpose to generate a public link. Type the number and press Enter.
[01] Traditional Login Page
[02] Advanced Voting Poll Login Page
[03] Fake Security Login Page
[04] Facebook Messenger Login Page
[-] Select an option :Wait for the server to start. Once ready, Zphisher displays a public URL like https://your-name.cloudflare.com.
Send this URL to your own test device or use it for authorized testing on your own accounts and when a test user enters a login and password on the fake page, the captured credentials appear directly inside your Termux terminal window.
