PyPhisher in Termux: How Phishing Attacks Work and How to Stay Protected

Phishing is a common attack and many accounts get hacked this way.

Yesterday I wrote a post explaining that people no longer need to fear brute-force attacks as much, because there are protections like account lockout, CAPTCHAs and advanced bot detection. These measures make brute-force attacks unlikely to succeed.

Phishing is different. A hacker does not need a wordlist or automated tools to break in. Those protections do not stop phishing. The attacker only needs to trick a person into giving their own login details.

That is why I want to show how phishing attacks work. To defend yourself, you need to understand the methods attackers use.

Understand phishing using PyPhisher in Termux

Today I will demonstrate a phishing attack using only an Android phone and a public tool called PyPhisher that runs in Termux.

What is PyPhisher

PyPhisher is a tool written in Python. It includes many phishing page templates for sites like Facebook, Twitter, LinkedIn and Reddit. PyPhisher can run on many Linux systems, but here we will use Termux on an Android phone. Many people have Android devices rather than PCs, and Termux is easy to install and use for demonstrations.

Warning: This post is written to raise awareness about how phishing attacks work, not to help anyone harm others. Use this information legally and ethically.

How to install PyPhisher in Termux

Before you copy and paste the installation commands, make sure you have the right version of Termux. A wrong or outdated Termux can cause many errors. If you need a newer version, check my Termux guide.

If your Termux environment is ready, follow these steps to install PyPhisher on your Android phone.

1. Set up storage permissions

Before doing anything else, run this command to allow Termux to access your device storage:

termux-setup-storage

Press Allow when asked for permission.

This step is important because some tools like PyPhisher need to save and access files locally.

2. Update and upgrade Termux packages

Run this command to update packages to avoid common errors:

pkg update && pkg upgrade -y

3. Install required dependencies

Install the tools PyPhisher needs:

pkg install git python3 python-pip php openssh -y

4. Clone the PyPhisher repository

Download PyPhisher from GitLab:

git clone https://gitlab.com/KasRoudra/PyPhisher

After cloning, a folder named PyPhisher will appear in your Termux home directory.

5. Move into the PyPhisher directory

Change to the new folder where the install scripts and main files are:

cd PyPhisher

6. Install Python requirements

Use pip to install the Python modules PyPhisher needs:

pip3 install -r files/requirements.txt

This step may take some time depending on your internet connection.

If you get permission errors, try this alternative:

pip3 install --break-system-packages -r files/requirements.txt

This lets Termux install packages despite some system restrictions.

7. Run PyPhisher

Start the tool with:

python3 pyphisher.py

PyPhisher may take a moment to download final files. It will ask whether you have a loclx authtoken. If you do not, type n and press Enter.

If everything was done correctly, PyPhisher will start and show phishing templates for several platforms.

This is the standard method for installing PyPhisher in Termux. If you want alternative installation methods, see the rest of this blog post here.

How to Use PyPhisher in Termux

Now that PyPhisher is installed, here’s how to use it for an ethical phishing demonstration.

1. Select a phishing template

Choose the platform you want to simulate phishing for. For example, select option 1 for Facebook.

Next, it will ask if you want an OTP (Two-Factor Authentication) page. This adds an extra step, but you can type y for yes or n for no, then press Enter to continue.

2. Enter shadow URL

When asked to enter a shadow URL, just press Enter to skip this step.

3. Enter redirection URL

Enter a URL where the user will be redirected after logging in on the phishing page.

4. Enable hotspot

Make sure your hotspot is enabled so the links can be generated smoothly.

5. Generate and open the link

PyPhisher will create multiple links. Copy any link you prefer and open it in your browser. This will show a Facebook phishing page.

6. Test with fake credentials

Enter fake credentials and press Login. If you enabled the OTP page, it will ask for a Two-Factor Authentication code. Enter any code and press Continue.

After this, all login information and the Two-Factor Authentication code will appear in your Termux terminal. PyPhisher also shows extra details such as the victim’s IP, operating system, location, and other information.

This demonstration shows exactly how phishing attacks work. Remember, this is for raising awareness so you can learn to defend yourself against phishing.

How to Defend Against Phishing Attacks

Now that you have seen how dangerous phishing attacks can be, here are some ways to protect your login credentials.

• Don’t click suspicious links: Be careful with links, especially from people you don’t know or trust. Always check that the URL of a website is correct before logging in. Following this step alone can make phishing attacks almost impossible.
• Enable Two-Factor Authentication (2FA): Take this seriously. Many people ignore it, but 2FA is a strong protection against phishing. Even if a hacker tricks you and gets your login details, they will still need a confirmation code sent to your device. This is often where hackers give up.

With just these two strategies, most phishing attacks cannot succeed.

Remember, phishing is only one type of cyberattack. There are many others, so regularly visit my blog to stay updated and learn how to defend against new threats.