A curated collection of Evilginx 2.0 phishlets designed for security research, red-team simulations, and authorized penetration testing labs.
This repository aims to provide well-structured, tested, and easy-to-deploy phishlets that help security professionals understand modern phishing techniques and improve defensive strategies.
- Ready-to-use Evilginx 2.0 phishlets
- Clean and readable configurations
- Lab-tested setups
- Organized for quick deployment
- Continuously updated
.
├── phishlets/
│ ├── service-name.yaml
│ ├── example.yaml
│
├── lures/
│ ├── sample-configs
│
└── README.md
phishlets/ → Contains YAML configurations for supported services. lures/ → Optional lure examples for testing workflows.
Before using these phishlets, ensure you have:
- A properly configured Evilginx 2.x server
- A registered domain
- DNS configured correctly
- Valid SSL certificates (handled automatically by Evilginx)
- A controlled lab or authorized engagement
Official Evilginx repository: 👉 https://github.com/kgretzky/evilginx2
git clone https://github.com/its-ashu-otf/evilginx-2.0-phishlets.git
cd evilginx-phishletscp phishlets/* /path/to/evilginx/phishlets/sudo evilginxphishlets
phishlets enable <phishlet-name>
lures create <phishlet-name>
lures get-url <id>
Use these phishlets for:
- Red team exercises
- Phishing awareness simulations
- Adversary-in-the-middle research
- Detection engineering
- Blue team training
Tip: Always isolate your lab infrastructure to avoid accidental exposure.
Contributions are welcome.
If you want to submit a phishlet:
- Ensure it is tested.
- Follow the existing YAML style.
- Add notes if the target service has special behaviors (JS redirects, CAPTCHA, etc.).
- Open a Pull Request.
The author assumes no liability for misuse of this material. You are responsible for complying with all applicable laws and regulations.
If this repository helped you:
- Star the repo
- Share it with fellow security researchers
- Contribute improvements