Shellphish : A Phishing Tool


Shellphish is a tool used for phishing attacks, this tool offers phishing templates of more than 18 famous websites.

NOTICE: This article is for educational purposes only.

Phishing Attack :

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of an attack, or the revealing of sensitive information.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identity theft.

Installing Shellphish :

We are installing this tool on kali Linux, so just fire up your kali Linux and open the terminal.

Now follow up the commands

cd Desktop

now, we need to clone the shellphish from GitHub.

$ git clone

now, shellphish is downloaded in our system, so let’s open its folder


now, we give permission to this tool, so that we can use it.

$ chmod 744


So, we are ready to launch this tool 

$ ./

Let’s Hack :

Select any template that you want to use for phishing attacks, there are 20 templates, so you can choose any to generate phishing links for that particular template.

So, here i am choosing 1 which is an Instagram phishing template

$ 1

Now, it will generate a link, which is a Ngrok service to host our phishing link, this is what gives us the HTTPS on our phishing pages. Just by choosing this option, the tool starts a PHP and Ngrok server and we have our phishing link presented to us.

In the image you can see, the link is generated.

so you can send it through SMS, email, WhatsApp, messenger any platform it’s your choice.

let me show you the Instagram phishing template.

when you send that link to the victim, the victim opens the links and sees this Instagram page and uses its credentials to login into Instagram.

As, you can see the credentials of the victim are showing, which include its IP Address, Location, Username, Password.

You can use any template and can do the Phishing Attack.

Thank you!



Please enter your comment!
Please enter your name here